Choose a service endpoint for your Amazon DataSync agent - Amazon DataSync
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Choose a service endpoint for your Amazon DataSync agent

Your Amazon DataSync agent uses a service endpoint to communicate with Amazon. An agent can connect to the following types of endpoints:

  • Virtual private cloud (VPC) endpoint – Data is sent through your VPC instead of over the public internet, increasing the security of the transferred data.

  • Public endpoint – Data is sent over the public internet.

  • Federal Information Processing Standard (FIPS) endpoint – Data is sent over the public internet by using processes that comply with FIPS.

Remember the following when choosing a service endpoint:

  • An agent can only use one type of endpoint. If you need to transfer data with different endpoint types, create an agent for each type.

  • For DataSync Discovery, currently you can only use a public endpoint.

For more information, see Amazon service endpoints in the Amazon Web Services General Reference.

Use a VPC endpoint

Your DataSync agent can communicate with Amazon using a VPC endpoint provided by Amazon PrivateLink. This approach provides a private connection between your storage system, VPC, and Amazon Web Services.

For more information, see Using Amazon DataSync agents with VPC endpoints.

To specify a VPC endpoint by using the DataSync console
  1. Create a VPC endpoint and take note of the endpoint ID.

    You also can use an existing VPC endpoint in your current Amazon Web Services Region.

  2. Open the Amazon DataSync console at https://console.amazonaws.cn/datasync/.

  3. Go to the Agents page and choose Create agent.

  4. In the Service endpoint section, choose VPC endpoints using Amazon PrivateLink.

    This is the VPC endpoint that the agent has access to.

  5. For VPC Endpoint, choose the VPC endpoint that you want your agent to connect to.

    You noted the endpoint ID when you created the VPC endpoint.

    Important

    You must choose a VPC endpoint that includes the DataSync service name (for example, com.amazonaws.us-east-2.datasync).

  6. For Subnet, choose the subnet where you want to run your DataSync task.

    This is the subnet where DataSync creates and manages network interfaces for your transfer.

  7. For Security Group, choose a security group for your DataSync task.

    This is the security group that protects your transfer's network interfaces.

For more information about using DataSync in a VPC, see Using Amazon DataSync agents with VPC endpoints.

Next step: Activate your Amazon DataSync agent

Use a public endpoint

If you use a public endpoint, all communication between your DataSync agent and Amazon occurs over the public internet.

To specify a public endpoint by using the DataSync console
  1. Open the Amazon DataSync console at https://console.amazonaws.cn/datasync/.

  2. Go to the Agents page and choose Create agent.

  3. In the Service endpoint section, choose Public service endpoints in Amazon Web Services Region name. For a list of supported Amazon Regions, see Amazon DataSync in the Amazon Web Services General Reference.

Next step: Activate your Amazon DataSync agent

Use a FIPS endpoint

See a list of FIPS endpoints used by DataSync.

To specify a FIPS endpoint by using the DataSync console
  1. Open the Amazon DataSync console at https://console.amazonaws.cn/datasync/.

  2. Go to the Agents page and choose Create agent.

  3. In the Service endpoint section, choose the FIPS endpoint that you want.

Next step: Activate your Amazon DataSync agent