Adding your on-premises storage system to DataSync Discovery - Amazon DataSync
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Adding your on-premises storage system to DataSync Discovery

Specify an on-premises storage system that you want Amazon DataSync Discovery to collect information about and provide Amazon storage migration recommendations for.


DataSync Discovery currently supports NetApp Fabric-Attached Storage (FAS) and All Flash FAS (AFF) systems that are running ONTAP 9.7 or later.

Accessing your on-premises storage system

To collect information about your on-premises storage system, DataSync Discovery needs credentials that provide read access to your storage system's management interface. For security, DataSync Discovery stores these credentials in Amazon Secrets Manager.


If you update these credentials on your storage system, make sure to also update them in DataSync Discovery. You can do this by using the UpdateStorageSystem operation.

How DataSync Discovery uses Amazon Secrets Manager

Amazon Secrets Manager is a secret storage service that protects database credentials, API keys, and other secret information. DataSync Discovery uses Secrets Manager to protect the credentials that you provide for accessing your on-premises storage system.

Secrets Manager encrypts secrets using Amazon Key Management Service keys. For more information, see Secret encryption and decryption.

You can configure Secrets Manager to automatically rotate secrets for you according to a schedule that you specify. This enables you to replace long-term secrets with short-term ones, which helps to significantly reduce the risk of compromise. For more information, see Rotate Amazon Secrets Manager secrets.

You pay for credentials stored in Secrets Manager. For more information, see Amazon Secrets Manager Pricing.

Adding your on-premises storage system

You must provide some information about your storage system before DataSync Discovery can collect information about it.

Using the Amazon Command Line Interface (Amazon CLI), configure DataSync Discovery to work with your on-premises storage system.

Before you begin: We recommend that you enable logging with CloudWatch.

To add an on-premises storage system by using the Amazon CLI
  1. Copy the following add-storage-system command:

    aws datasync add-storage-system \ --server-configuration ServerHostname="domain-or-ip",ServerPort=network-port \ --system-type storage-system-type \ --credentials Username="your-management-interface-username",Password="your-management-interface-password" --agent-arns "agent-arn"
  2. Specify the following required parameters in the command:

    • --server-configuration ServerHostname – Specify the domain name or IP address of your storage system's management interface.

    • --server-configuration ServerPort – Specify the network port that's needed to connect with the system's management interface.

    • --system-type – Specify the type of storage system that you're adding.

    • --credentials – Include the following options:

      • Username – Specify the user name needed to access your storage system's management interface.

      • Password – Specify the password needed to access your storage system's management interface.

        For more information, see Accessing your on-premises storage system.

    • --agent-arns – Specify the DataSync agent that you want to connect to your storage system's management interface.

      If you don't haven't an agent, see Deploying your Amazon DataSync agent.

  3. (Optional) Add any of the following parameters to the command:

    • --cloud-watch-log-group-arn – Specify the Amazon Resource Name (ARN) of the CloudWatch log group that you want to use to log DataSync Discovery activity.

    • --tags – Specify a Key and Value to tag the DataSync resource that's representing your storage system.

      A tag is a key-value pair that helps you manage, filter, and search for your DataSync resources.

    • --name – Specify a name for your storage system.

  4. Run the add-storage-system command.

    You get a response that shows you the storage system ARN that you just added.

    { "StorageSystemArn": "arn:aws-cn:datasync:us-east-1:123456789012:system/storage-system-abcdef01234567890" }

After you add the storage system, you can run a discovery job to collect information about the storage system.

Removing your on-premises storage system

When you remove an on-premises storage system from DataSync Discovery, you permanently delete any associated discovery jobs, collected data, and recommendations.

  1. Copy the following remove-storage-system command:

    aws datasync remove-storage-system --storage-system-arn "your-storage-system-arn"
  2. For --storage-system-arn, specify the ARN of your storage system.

  3. Run the remove-storage-system command.

    If successful, you get an HTTP 200 response with an empty HTTP body.

Logging DataSync Discovery activity to Amazon CloudWatch

When you enable logging with Amazon CloudWatch, you can more easily troubleshoot issues with DataSync Discovery. For example, if your discovery job is interrupted, you can check the logs to locate the issue. If you resolve the problem within 12 hours of when it occurred, your discovery job picks up where it left off.

If you configure your system by using the Amazon CLI, you must create a log group with a resource policy that allows DataSync to log events to the log group. You can use a log group resource policy similar to one for DataSync tasks, with some differences:

  • For the service principal, use

  • If you're using the ArnLike condition, specify a storage system ARN like this:

    "ArnLike": { "aws:SourceArn": [ "arn:aws-cn:datasync:region:account-id:system/*" ] },