Create a VPC endpoint for AWS Application Migration Service Use the created VPC Endpoint for AWS Application Migration Service Create a S3 endpoint for AWS Application Migration Service Use the created S3 Endpoint for AWS Application Migration Service

Installing the Agent on a secured network

The Application Migration Service AWS Replication Agent installer needs network access to AWS MGN and S3 endpoints. If your on premises network is not open to MGN and S3 endpoints, then you can install the Agent with the aid of PrivateLink.

You can connect your on premises network to the subnet in your staging area VPC using AWS VPN or DirectConnect. To use the AWS VPN or DirectConnect, you must use private IP in the replication settings.

Note

This feature is not supported in the Asia Pacific (Osaka), Middle East (UAE), Europe (Spain), Europe (Zurich), Asia Pacific (Hyderabad), Asia Pacific (Melbourne) and Israel (Tel Aviv) Regions.

Create a VPC endpoint for AWS Application Migration Service

To allow the AWS Replication Agent installer to communicate with AWS MGN, create an interface VPC endpoint for AWS MGN in your staging area subnet. For more information, see Creating an interface endpoint in the Amazon VPC User Guide.

If the AWS replication agents are installed with a principal using AWSApplicationMigrationAgentInstallationPolicy and a VPCE policy is used (to scope down access), add the following statement to your policy:


{
       "Effect": "Allow",
       "Principal": "*",
       "Action": "execute-api:Invoke",
       "Resource": "arn:aws:execute-api:<region>:*:*/POST/CreateSessionForMgn"
}

Use the created VPC Endpoint for AWS Application Migration Service

Once you have created the VPC Endpoint, the AWS Replication Agent can connect to AWS Application Migration Service (AWS MGN) via VPN/DirectConnect by using the --endpoint installation parameter. Learn more about Private DNS for interface endpoints in the Amazon VPC User Guide.

Run the AWS Replication Agent installer with the --endpoint parameter. Enter your endpoint-specific DNS hostname within the parameter. The installer will then be able to connect to AWS MGN via the endpoint over your VPN/DirectConnect connection.

Create a S3 endpoint for AWS Application Migration Service

To allow the AWS Replication Agent installer to communicate with S3, create an interface S3 endpoint for AWS MGN in your staging area subnet. For more information, see Endpoints for Amazon S3 in the Amazon VPC User Guide.

Use the created S3 Endpoint for AWS Application Migration Service

Once you have created the VPC Endpoint, the AWS Replication Agent can connect to S3 via VPN/DirectConnect by using the --s3-endpoint installation parameter. Learn more about Private DNS for interface endpoints in the Amazon VPC User Guide.

Run the AWS Replication Agent installer with the --s3-endpoint parameter. Enter your endpoint-specific DNS hostname. The installer will then be able to connect to AWS MGN via the endpoint over your VPN/DirectConnect connection.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Windows

Uninstalling the Agent