Choose a service endpoint for your Amazon DataSync agent - Amazon DataSync
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Choose a service endpoint for your Amazon DataSync agent

Your Amazon DataSync agent uses a service endpoint to communicate with Amazon. An agent can connect to the following types of endpoints:

  • Virtual private cloud (VPC) endpoint – Data is transferred through your VPC instead of over the public internet, increasing the security of the copied data.

  • Public endpoint – Data is transferred over the public internet.

  • Federal Information Processing Standard (FIPS) endpoint – Data is transferred over the public internet by using processes that comply with FIPS.

Note

A DataSync agent can only use one type of endpoint. If you need to transfer data with different endpoint types, create an agent for each type.

For more information, see Amazon service endpoints in the Amazon General Reference.

Choose a VPC endpoint

Your DataSync agent can communicate with Amazon using a VPC endpoint provided by Amazon PrivateLink. This approach provides a private connection between your storage system, VPC, and Amazon Web Services.

For more information, see Using Amazon DataSync agents with VPC endpoints.

To specify a VPC endpoint by using the console
  1. Create a VPC endpoint and take note of the endpoint ID.

    You also can use an existing VPC endpoint in your current Amazon Web Services Region.

  2. Open the Amazon DataSync console at https://console.amazonaws.cn/datasync/.

  3. Go to the Agents page and choose Create agent.

  4. For Hypervisor, choose Amazon EC2.

  5. In the Service endpoint section, choose VPC endpoints using Amazon PrivateLink.

    This is the VPC endpoint that the agent has access to.

  6. For VPC Endpoint, choose the VPC endpoint that you want your agent to connect to.

    You noted the endpoint ID when you created the VPC endpoint.

    Important

    You must choose a VPC endpoint that includes the DataSync service name (for example, com.amazonaws.us-east-2.datasync).

  7. For Subnet, choose the subnet where you want to run your DataSync task.

    This is the subnet where DataSync creates and manages network interfaces for your transfer.

  8. For Security Group, choose a security group for your DataSync task.

    This is the security group that protects your transfer's network interfaces.

For more information about using DataSync in a VPC, see Using Amazon DataSync agents with VPC endpoints.

Next step: Activate your Amazon DataSync agent

Choose a public endpoint

If you use a public endpoint, all communication between your DataSync agent and Amazon occurs over the public internet.

To specify a public endpoint by using the console
  1. Open the Amazon DataSync console at https://console.amazonaws.cn/datasync/.

  2. Go to the Agents page and choose Create agent.

  3. In the Service endpoint section, choose Public service endpoints in Amazon Web Services Region name. For a list of supported Amazon Regions, see Amazon DataSync in the Amazon General Reference.

Next step: Activate your Amazon DataSync agent

Choose a FIPS endpoint

See a list of FIPS endpoints used by DataSync.

To specify a FIPS endpoint by using the console
  1. Open the Amazon DataSync console at https://console.amazonaws.cn/datasync/.

  2. For Hypervisor, choose the type of agent you deployed.

  3. In the Service endpoint section, choose the FIPS endpoint that you want.

Next step: Activate your Amazon DataSync agent