A service endpoint is how your AWS DataSync agent communicates with the DataSync service. DataSync supports the following types of service endpoints:
Public service endpoint â Data is sent over the public internet.
Federal Information Processing Standard (FIPS) service endpoint â Data is sent over the public internet by using processes that comply with FIPS.
Virtual private cloud (VPC) service endpoint â Data is sent through your VPC instead of over the public internet, increasing the security of your transferred data.
You need a service endpoint to activate your agent. When choosing a service endpoint, remember the following:
An agent can only use one type of endpoint. If you need to transfer data using different endpoint types, create an agent for each type.
How you connect your storage network to AWS determines what service endpoints you can use.
If you use a public service endpoint, all communication between your DataSync agent and the DataSync service occurs over the public internet.
Next step: Activating your AWS DataSync agent
Choosing a FIPS service endpointDataSync provides some service endpoints that comply with FIPS. For more information, see FIPS endpoints in the AWS General Reference.
Next step: Activating your AWS DataSync agent
Choosing a VPC service endpointIf you use a VPC service endpoint, your data isn't transferred across the public internet. DataSync instead transfers data through a VPC that's based on the Amazon VPC service.
How DataSync agents work with VPC service endpointsVPC service endpoints are provided by AWS PrivateLink. These types of endpoints let you privately connect supported AWS services to your VPC. When you use a VPC service endpoint with DataSync, all communication between your DataSync agent and the DataSync service remains in your VPC.
The VPC service endpoint (along with the network interfaces DataSync creates for data transfer traffic) are private IP addresses that are only accessible from inside your VPC. For more information, see Connecting your network for AWS DataSync transfers.
DataSync limitations with VPCsVPCs that you use with DataSync must have default tenancy. VPCs with dedicated tenancy aren't supported.
DataSync doesn't support shared VPCs.
You create a VPC service endpoint for DataSync in a VPC that you manage. Your service endpoint, VPC, and DataSync agent must belong to the same AWS account.
The following diagram shows an example of DataSync using a VPC service endpoint for transferring from an on-premises storage system to an Amazon S3 bucket. The numbered callouts correspond to the steps to create a VPC service endpoint.
To create a VPC service endpoint for DataSyncCreate or determine a VPC and subnet where you want to create your VPC service endpoint.
If you're transferring to or from storage that's outside AWS, the VPC should extend to that storage environment (for example, your storage environment might be a data center where your on-premises NFS file server is located). You can do this by using routing rules over AWS Direct Connect or VPN.
Create a DataSync VPC service endpoint by doing the following:
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the left navigation pane, choose Endpoints, then choose Create endpoint.
For Service category, choose AWS services.
For Services, search for datasync and choose the endpoint for the Region you're in (for example, com.amazonaws.us-east-1.datasync).
For VPC, choose the VPC where you want to create the VPC service endpoint.
Expand Additional settings and clear the Enable Private DNS Name check box to disable this setting.
We recommend disabling this setting in case you have agents in the same VPC that need to use a public service endpoint. An agent can't reach a public service endpoint over the network when this setting is enabled.
For Subnet, choose the subnet where you want to create the VPC service endpoint. Take note of the subnet ARN (you need this when activating your agent).
Choose Create endpoint. Take note of the endpoint ID (you need this when activating your agent).
In your VPC, configure a security group that allows the traffic required for using DataSync VPC service endpoints. Take note of the security group ARN (you need this when activating your agent).
The security group must allow your agent to connect with the private IP addresses of the VPC service endpoint and your network interfaces (which get created when you create your task).
Next step: Activating your AWS DataSync agent
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4