Installing the Agent on a secured network - Application Migration Service

Installing the Agent on a secured network

The Application Migration Service AWS Replication Agent installer needs network access to MGN and S3 endpoints. If your on premise network is not open to MGN and S3 endpoints, then you can install the Agent with the aid of PrivateLink.

You can connect your on premise network to the subnet in your staging area VPC using AWS VPN or DirectConnect. To use the AWS VPN or DirectConnect, you must enable private IP in the Replication Settings.

Create a VPC Endpoint for Application Migration Service

To allow the AWS Replication Agent installer to communicate with MGN, create an interface VPC endpoint for MGN in your staging area subnet. For more information, see Creating an Interface Endpoint in the Amazon VPC User Guide.

Use the created VPC Endpoint for Application Migration Service

Once you have created the VPC Endpoint, the AWS Replication Agent can connect to MGN via VPN/DirectConnect by using the --endpoint installation parameter. Learn more about Private DNS for interface endpoints in the Amazon VPC User Guide.

Run the AWS Replication Agent installer with the --endpoint parameter. Enter your endpoint-specific DNS hostname within the parameter. The installer will then be able to connect to MGN via the endpoint over your VPN/DirectConnect connection.

Create a S3 Endpoint for Application Migration Service

To allow the AWS Replication Agent installer to communicate with S3, create an interface S3 endpoint for MGN in your staging area subnet. For more information, see Endpoints for Amazon S3 in the Amazon VPC User Guide.

Use the created S3 Endpoint for Application Migration Service

Once you have created the VPC Endpoint, the AWS Replication Agent can connect to S3 via VPN/DirectConnect by using the --s3-endpoint installation parameter. Learn more about Private DNS for interface endpoints in the Amazon VPC User Guide.

Run the AWS Replication Agent installer with the --s3-endpoint parameter. Enter your endpoint-specific DNS hostname. he installer will then be able to connect to MGN via the endpoint over your VPN/DirectConnect connection.