Q: What is AWS DataSync?
A: AWS DataSync is an online data transfer service that simplifies, automates, and accelerates copying large amounts of data to and from AWS storage services over the internet or AWS Direct Connect. DataSync can copy data between Network File System (NFS) or Server Message Block (SMB) file servers, Amazon Simple Storage Service (Amazon S3) buckets, Amazon Elastic File System (Amazon EFS) file systems, and Amazon FSx for Windows File Server file systems.
Q: Why should I use AWS DataSync?
A: AWS DataSync allows you to move, copy, and synchronize large datasets with millions of files, without having to build custom solutions with open source tools, or license and manage expensive commercial network acceleration software. You can use DataSync to migrate active data to AWS, transfer data to the cloud for analysis and processing, archive data to free up on-premises storage capacity, or replicate data to AWS for business continuity.
Q: What problem does AWS DataSync solve for me?
A: AWS DataSync reduces the complexity and cost of online data transfer, making it simple to transfer datasets between on-premises storage systems, and Amazon S3, Amazon Elastic File System (EFS), and Amazon FSx for Windows File Server. DataSync connects to existing storage systems and data sources with standard storage protocols (NFS or SMB), and uses a purpose-built network protocol and scale-out architecture to accelerate transfer to and from AWS. DataSync automatically scales and handles moving files and objects, scheduling data transfers, monitoring the progress of transfers, encryption, verification of data transfers, and notifying customers of any issues. With DataSync you pay only for the amount of data copied, with no minimum commitments or upfront fees.
Q: Where can I transfer data to and from?
A: AWS DataSync can transfer data between Network File System (NFS) or Server Message Block (SMB) file servers, Amazon Simple Storage Service (Amazon S3) buckets, Amazon Elastic File System (Amazon EFS) file systems, and Amazon FSx for Windows File Server file systems.
Q: Can I use AWS DataSync to migrate data to AWS?
A: You can use AWS DataSync to migrate from on-premises data to Amazon S3, Amazon EFS, and Amazon FSx for Windows File Server. Configure DataSync to make an initial copy of your entire dataset, and schedule subsequent incremental transfers of changing data until the final cut-over from on-premises to AWS. DataSync includes encryption and integrity validation to help make sure your data arrives securely, intact, and ready to use. To minimize impact on workloads that rely on your network connection, you can schedule your migration to run during off-hours, or limit the amount of network bandwidth that DataSync uses by configuring the built-in bandwidth throttle. Read the storage blog, "Migrating storage with AWS DataSync," to learn more about migration best practices and tips.
Q: How can I use AWS DataSync to archive cold data?
A: You can use AWS DataSync to move cold data from expensive on-premises storage systems directly to durable and secure long-term storage, such as Amazon S3 Glacier or Amazon S3 Glacier Deep Archive. Use DataSync’s filtering functionality to exclude copying temporary files and folders, copy only a subset of files from your source location, or split a single file system between multiple destinations. You can select the most cost-effective storage service for your needs: transfer data to any S3 storage class, or use DataSync with EFS Lifecycle Management to store data in Amazon EFS Infrequent Access storage class (EFS IA). Use the built-in task scheduling functionality to regularly archive data that should be retained for compliance or auditing purposes, such as logs, raw footage, or electronic medical records.
Q: How can I use AWS DataSync for recurring transfers between on-premises and AWS for ongoing workflows?
A: You can use AWS DataSync to accelerate and schedule the transfers from on-premises systems into or out of AWS for processing. It can help speed up critical hybrid cloud storage workflows in industries that need to move active files into AWS quickly, including video production in media and entertainment, seismic research in oil and gas, machine learning in life science, and big data analytics in finance. DataSync provides timely delivery to ensure dependent processes are not delayed. You can specify exclude filters, include filters, or both, to determine which files, folders or objects gets transferred each time your task runs.
Q: How can I use AWS DataSync to replicate data to AWS for business continuity?
A: With AWS DataSync, you can periodically replicate files into all Amazon S3 storage classes, or send the data to Amazon EFS or Amazon FSx for Windows File Server for a standby file system. Use the built-in task scheduling functionality to ensure that changes to your dataset are regularly copied to your destination storage.
Q: How can I use AWS DataSync to migrate to Amazon WorkDocs?
A: AWS DataSync is part of the Amazon WorkDocs Migration Service. DataSync makes it easier and faster to migrate home directories and department shares to WorkDocs.
Q: How do I get started with AWS DataSync?
1. Deploy an agent - Deploy a DataSync agent and associate it to your AWS account via the Management Console or API. The agent will be used to access your NFS server or SMB file share to read data from it or write data to it.
2. Create a data transfer task - Create a task by specifying the location of your data source and destination, and any options you want to use to configure the transfer, such as the desired task schedule.
3. Start the transfer - Start the task and monitor data movement in the console or with Amazon CloudWatch.
Q: How do I deploy an AWS DataSync agent?
A: You deploy an AWS DataSync agent to your VMware ESXi hypervisor or in Amazon EC2. To copy data to or from an on-premises file server, you download the agent virtual machine image (an OVA file) from the AWS Console and deploy to your on-premises VMware ESXi hypervisor. To copy data to or from an in-cloud file server, you create an Amazon EC2 instance from the agent AMI provided in the AWS Console. In both cases the agent must be deployed so that it can access your file server using either the NFS or SMB protocol.
Q: What are the resource requirements for the AWS DataSync agent?
A: You can find the minimum required resources to run the agent here.
Q: How do I start an AWS DataSync data transfer task?
A: AWS DataSync copies data when you initiate a task via the AWS Management Console or AWS Command Line Interface (CLI). Each time a task runs, it scans the source for changes, and performs a copy of any differences between the source to the destination. You can configure which characteristics of the source are used to determine what changed, define filters to include and exclude specific files or folders, and control if files or objects in the destination should be overwritten when changed in the source or deleted when not found in the source.
Q: How does AWS DataSync ensure my data is copied correctly?
A: As AWS DataSync transfers and stores data, it performs integrity checks to ensure the data written to the destination matches the data read from the source. Additionally, an optional verification check can be performed to compare source and destination at the end of the transfer. DataSync will calculate and compare full-file checksums of the data stored in the source and in the destination. You can check either the entire dataset or just the files or objects that DataSync transferred.
Q: How can I monitor the status of data being transferred by AWS DataSync?
A: You can use the AWS Management Console or CLI to monitor the status of data being transferred. Using Amazon CloudWatch Metrics, you can see the number of files and amount of data which has been copied. Amazon CloudWatch Logs are available for detailed error information. In addition, CloudWatch Events are triggered as your tasks transition state, enabling automation of dependent workflows. You can find additional information, such as transfer progress, in the AWS Management Console or CLI.
Q: Can I filter the files and folders that AWS DataSync transfers?
A: Yes. You can specify an exclude filter, an include filter, or both, to limit which files, folders, or objects gets transferred each time a task runs. When creating a task, you configure the file paths or object keys that should always be excluded from being copied. Then, when you start a task, you configure the file paths or object keys that should be included for that execution of the task. If no filters are configured, each time a task runs it will transfer all changes from the source to the destination. Read this AWS storage blog to learn more about using common filters with DataSync.
Q: Can I configure AWS DataSync to transfer on a schedule?
A: Yes. You can schedule your tasks using the AWS DataSync Console or AWS Command Line Interface (CLI), without needing to write and run scripts to manage repeated transfers. Task scheduling automatically runs tasks on the schedule you configure, with hourly, daily, or weekly options provided directly in the Console. This enables you to ensure that changes to your dataset are automatically detected and copied to your destination storage.
Q: Does AWS DataSync preserve the directory structure when copying files?
A: Yes. When transferring files, AWS DataSync creates a director structure on the destination that is similar to the source location's structure.
Q: What happens if an AWS DataSync task is interrupted?
A: If a task is interrupted, for instance, if the network connection goes down or the AWS DataSync agent is restarted, the next run of the task will transfer missing files, and the data will be complete and consistent at the end of this run. Each time a task is started it performs an incremental copy, transferring only the changes from the source to the destination.
Q: Can I use AWS DataSync with AWS Direct Connect?
A: Yes. You can use AWS DataSync with your Direct Connect link to access public service endpoints or private VPC endpoints. When using VPC endpoints, data transferred between the DataSync agent and AWS services does not traverse the public internet or need public IP addresses, increasing the security of data as it is copied over the network.
Q: Does AWS DataSync support VPC endpoints or AWS PrivateLink?
A: Yes. You can use VPC endpoints to ensure data transferred between your AWS DataSync agent, either deployed on-premises or in-cloud, doesn't traverse the public internet or need public IP addresses. Using VPC endpoints increases the security of your data by keeping network traffic within your Amazon Virtual Private Cloud (Amazon VPC). VPC endpoints for DataSync are powered by AWS PrivateLink, a highly available, scalable technology that enables you to privately connect your VPC to supported AWS services.
Q: How do I configure AWS DataSync to use VPC endpoints?
A: To use VPC endpoints with AWS DataSync, you create an AWS PrivateLink interface VPC endpoint for the DataSync service in your chosen VPC, and then choose this endpoint elastic network interface (ENI) when creating your DataSync agent. Your agent will connect to this ENI to activate, and subsequently all data transferred by the agent will remain within your configured VPC. You can use either the AWS DataSync Console, AWS Command Line Interface (CLI), or AWS SDK, to configure VPC endpoints. To learn more, see Using AWS DataSync in a Virtual Private Cloud, and read our AWS storage blog about best practices for migrations using VPC endpoints.
Transferring to and from Amazon S3
Q: Can I copy my data into Amazon S3 Glacier, Amazon S3 Glacier Deep Archive, or other S3 storage classes?
A: Yes. When configuring an S3 bucket for use with AWS DataSync, you can select the S3 storage class that DataSync uses to store objects. DataSync supports storing data directly into S3 Standard, S3 Intelligent-Tiering, S3 Standard-Infrequent Access (S3 Standard-IA), S3 One Zone-Infrequent Access (S3 One Zone-IA), Amazon S3 Glacier (S3 Glacier), and Amazon S3 Glacier Deep Archive (S3 Glacier Deep Archive). More information on Amazon S3 storage classes can be found in the Amazon Simple Storage Service Developer Guide.
Objects smaller than the minimum charge capacity per object will be stored in S3 Standard. For example, folder objects, which are zero-bytes in size and hold only metadata, will be stored in S3 Standard. Read about considerations when working with Amazon S3 storage classes in our documentation, and for more information on minimum charge capacities see Amazon S3 Pricing.
Q: Can I copy data out of S3 Standard-IA and S3 One Zone-IA storage classes?
A: Yes. When using S3 as the source location for an AWS DataSync task, the service will retrieve all objects from the bucket which need to be copied to the destination. Retrieving objects from S3 Standard-IA and S3 One Zone-IA storage will incur a retrieval fee based on the size of the objects. Read about considerations when working with Amazon S3 storage classes in our documentation.
Q: Can I copy data out of S3 Glacier and Amazon S3 Glacier Deep Archive?
A: When using S3 as the source location for an AWS DataSync task, the service will attempt to retrieve all objects from the bucket which need to be copied to the destination. Retrieving objects which are archived in the S3 Glacier or S3 Glacier Deep Archive storage class results in an error. Any errors retrieving archived objects will be logged by DataSync and will result in a failed task completion status. Read about considerations when working with Amazon S3 storage classes in our documentation.
Q: How does AWS DataSync access my Amazon S3 bucket?
A: AWS DataSync assumes an IAM role that you provide. The policy you attach to the role determines which actions the role can perform. DataSync can auto generate this role on your behalf or you can manually configure a role.
Q: How does AWS DataSync convert files and folders to or from objects in Amazon S3?
A: When files or folders are copied to Amazon S3, there is a one-to-one relationship between a file or folder and an object. File and folder metadata timestamps and POSIX permissions, including user ID, group ID, and permissions, are stored in S3 user metadata. File metadata stored in S3 user metadata is interoperable with File Gateway, providing on-premises file-based access to data stored in Amazon S3 by AWS DataSync.
When DataSync copies from an NFS server, the POSIX permissions from the files and folders on the source are stored in the S3 user metadata. When DataSync copies objects that contain this user metadata back to an NFS server, the file metadata is restored. Symbolic links and hard links are also restored when copying back from NFS to S3.
When copying from an SMB file share, default POSIX permissions are stored in S3 user metadata. When copying back to an SMB file share, ownership is set based on the user that was configured in DataSync to access that file share, and default permissions are assigned.
Learn more about how DataSync stores files and metadata in our documentation.
Q: Which Amazon S3 request and storage costs apply when using S3 storage classes with AWS DataSync?
A: Some S3 storage classes have behaviors that can affect your cost, such as data retrieval, minimum storage capacities, and minimum storage durations. DataSync automates management of data to address these factors, and provides settings to minimize data retrieval.
To avoid minimum capacity charge per object, AWS DataSync automatically stores small objects in S3 Standard. To minimize data retrieval fees, you can configure DataSync to verify only files that were transferred by a given task. To avoid minimum storage duration charges, DataSync has controls for overwriting and deleting objects. Read about considerations when working with Amazon S3 storage classes in our documentation.
Transferring to and from Amazon EFS
Q: How does AWS DataSync access my Amazon EFS file system?
A: AWS DataSync accesses your Amazon EFS file system using the NFS protocol. The DataSync service mounts your file system from within your VPC from Elastic Network Interfaces (ENIs) managed by the DataSync service. DataSync fully manages the creation, use, and deletion of these ENIs on your behalf.
Q: Can I use AWS DataSync with all EFS storage classes?
A: Yes. You can use AWS DataSync to copy files into EFS and configure EFS Lifecycle Management to migrate files that have not been accessed for a set period of time to the Infrequent Access (IA) storage class.
Transferring to and from Amazon FSx for Windows File Server
Q: How does DataSync access my Amazon FSx file system?
A: AWS DataSync accesses your Amazon FSx file system using the SMB protocol, authenticating with the username and password you configure in the AWS Console or CLI. The DataSync service mounts your file system from within your VPC from Elastic Network Interfaces (ENIs) managed by the DataSync service. DataSync fully manages the creation, use, and deletion of these ENIs on your behalf.
Q: What Windows metadata is transferred when copying from SMB shares to Amazon FSx?
A: DataSync copies Windows metadata, including file timestamps, file owner, standard file attributes, and NTFS discretionary access lists (DACLs). Copying NTFS system access control lists (SACLs) will be added later in 2020. You can learn more and see the complete list of copied metadata in our documentation.
Q: How fast can AWS DataSync copy my file system to AWS?
A: The rate at which AWS DataSync can copy a given dataset is a function of amount of data, I/O bandwidth achievable from the source and destination storage, network bandwidth available, and network conditions. A single DataSync agent is capable of saturating a 10 Gbps network link.
Q: Can I control the amount of network bandwidth that an AWS DataSync task uses?
A: Yes. You can control the amount of network bandwidth that AWS DataSync will use by configuring the built-in bandwidth throttle. This can help to minimize impact on other users or applications who rely on the same network connection.
Q: How can I monitor the performance of AWS DataSync?
A: AWS DataSync generates Amazon CloudWatch Metrics to provide granular visibility into the transfer process. Using these metrics, you can see the number of files and amount of data which has been copied, as well as file discovery and verification progress. You can see CloudWatch Graphs with these metrics directly in the DataSync Console.
Q: Will AWS DataSync affect the performance of my source file system?
A: Depending on the capacity of your on-premises file store, and the quantity and size of files to be transferred, AWS DataSync may affect the response time of other clients when accessing the same source data store, because the agent reads or writes data from that storage system. Configuring a bandwidth limit for a task will reduce this impact by limiting the I/O against your storage system.
Security and compliance
Q: Is my data encrypted while being transferred and stored?
A: Yes. All data transferred between the source and destination is encrypted via Transport Layer Security (TLS), which replaced Secure Sockets Layer (SSL). Data is never persisted in AWS DataSync itself. The service supports using default encryption for S3 buckets, Amazon EFS file system encryption of data at rest, and Amazon FSx For Windows File Server encryption at rest and in transit.
Q: How does AWS DataSync access my NFS server or SMB file share?
A: AWS DataSync uses an agent that you deploy into your IT environment or into Amazon EC2 to access your files through the NFS or SMB protocol. This agent connects to DataSync service endpoints within AWS, and is securely managed from the AWS Management Console or CLI.
Q: Does AWS DataSync require setting up a VPN to connect to my destination storage?
A: No. When copying data to or from your premises, there is no need to setup a VPN/tunnel or allow inbound connections. Your AWS DataSync agent can be configured to route through a firewall using standard network ports. You can also deploy DataSync within your Amazon Virtual Private Cloud (Amazon VPC) using VPC endpoints. When using VPC endpoints, data transferred between the DataSync agent and AWS services does not need to traverse the public internet or need public IP addresses.
Q: How do my AWS DataSync agents securely connect to AWS?
A: Your AWS DataSync agent connects to DataSync service endpoints within your chosen AWS Region. You can choose to have the agent connect to public internet facing endpoints, Federal Information Processing Standards (FIPS) validated endpoints, or endpoints within one of your VPCs. Activating your agent securely associates it with your AWS account. To learn more, see Choose a Service Endpoint and Activate Your Agent.
Q: How is my AWS DataSync agent patched and updated?
A: Updates to the agent VM, including both the underlying operating system and the AWS DataSync software packages, are managed by the service once the agent is activated. Updates are applied non-disruptively when the agent is idle and not executing a data transfer task.
Q: Which compliance programs does AWS DataSync support?
A: AWS has the longest-running compliance program in the cloud. AWS is committed to helping customers navigate their requirements. AWS DataSync has been assessed to meet global and industry security standards. DataSync complies with PCI DSS, ISO 9001, 27001, 27017, and 27018; SOC 1, 2, and 3; in addition to being HIPAA eligible. DataSync is also authorized in the AWS US East/West Regions under FedRAMP Moderate and in the AWS GovCloud (US) Regions under FedRamp High. That makes it easier for you to verify our security and meet your own obligations. For more information and resources, visit our compliance pages. You can also go to the Services in Scope by Compliance Program page to see a full list of services and certifications.
Q: Is AWS DataSync PCI compliant?
A: Yes. AWS DataSync is PCI-DSS compliant, which means you can use it to transfer payment information. You can download the PCI Compliance Package in AWS Artifact to learn more about how to achieve PCI Compliance on AWS.
Q: Is AWS DataSync HIPAA eligible?
A: Yes. AWS DataSync is HIPAA eligible, which means if you have a HIPAA BAA in place with AWS, you can use DataSync to transfer protected health information (PHI).
Q: Does AWS DataSync have FedRAMP JAB Moderate Provisional Authorization in the AWS US East/West?
A: AWS DataSync has received a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) at the Federal Risk and Authorization Management Program (FedRAMP) Moderate baseline in the US East/West Regions. If you are a federal or commercial customer, you can use AWS DataSync in the AWS East/West Region's authorization boundary with data up to the moderate impact level.
Q: Does AWS DataSync have FedRAMP JAB High Provisional Authorization in the AWS GovCloud (US) Regions?
A: AWS DataSync has received a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) at the Federal Risk and Authorization Management Program (FedRAMP) High baseline in the US GovCloud Region. If you are a federal or commercial customer, you can use AWS DataSync in the AWS GovCloud (US) Region’s authorization boundary with data up to the high impact level.
When to choose AWS DataSync
Q: How is AWS DataSync different from using command line tools such as rsync or the Amazon S3 command line interface?
A: AWS DataSync fully automates and accelerates moving large active datasets to AWS, up to 10 times faster than command line tools. It is natively integrated with Amazon S3, Amazon EFS, Amazon FSx for Windows File Server, Amazon CloudWatch, and AWS CloudTrail, which provides seamless and secure access to your storage services, as well as detailed monitoring of the transfer.
DataSync uses a purpose-built network protocol and scale-out architecture to transfer data. A single DataSync agent is capable of saturating a 10 Gbps network link.
DataSync fully automates the data transfer. It comes with retry and network resiliency mechanisms, network optimizations, built-in task scheduling, monitoring via the DataSync API and Console, and CloudWatch metrics, events and logs that provide granular visibility into the transfer process. DataSync performs data integrity verification both during the transfer and at the end of the transfer.
DataSync provides end to end security, and integrates directly with AWS storage services. All data transferred between the source and destination is encrypted via TLS, and access to your AWS storage is enabled via built-in AWS security mechanisms such as IAM roles. DataSync with VPC endpoints are enabled to ensure that data transferred between an organization and AWS does not traverse the public internet, further increasing the security of data as it is copied over the network.
Q: When do I use AWS DataSync and when do I use AWS Snowball Edge?
A: AWS DataSync is ideal for online data transfers. You can use DataSync to migrate active data to AWS, transfer data to the cloud for analysis and processing, archive data to free up on-premises storage capacity, or replicate data to AWS for business continuity.
AWS Snowball Edge is suitable for offline data transfers, for customers who are bandwidth constrained, or transferring data from remote, disconnected, or austere environments.
Q: When do I use AWS DataSync and when do I use AWS Storage Gateway?
A: Use AWS DataSync to migrate existing data to Amazon S3, and then use the File Gateway configuration of AWS Storage Gateway to retain access to the migrated data and for ongoing updates from your on-premises file-based applications.
You can use a combination of DataSync and File Gateway to minimize your on-premises infrastructure while seamlessly connecting on-premises applications to your cloud storage. AWS DataSync enables you to automate and accelerate online data transfers to AWS storage services. File Gateway then provides your on-premises applications with low latency access to the migrated data.
Q: When do I use AWS DataSync, and when do I use Amazon S3 Transfer Acceleration?
A: If your applications are already integrated with the Amazon S3 API, and you want higher throughput for transferring large files to S3, you can use S3 Transfer Acceleration. If you want to transfer data from existing storage systems (e.g. Network Attached Storage), or from instruments that cannot be changed (e.g. DNA sequencers, video cameras), or if you want multiple destinations, you use AWS DataSync. DataSync also automates and simplifies the data transfer by providing additional functionality, such as built-in retry and network resiliency mechanisms, data integrity verification, and flexible configuration to suit your specific needs, including bandwidth throttling, etc.
Q: When do I use AWS DataSync and when do I use AWS Transfer for SFTP?
A: If you currently use SFTP to exchange data with third parties, AWS Transfer for SFTP provides a fully managed SFTP transfer directly into and out of Amazon S3, while reducing your operational burden.
If you want an accelerated and automated data transfer between NFS servers, SMB file shares, Amazon S3, Amazon EFS, and Amazon FSx for Winodws File Server, you can use AWS DataSync. DataSync is ideal for customers who need online migrations for active data sets, timely transfers for continuously generated data, or replication for business continuity.
AWS DataSync has simple, predictable, usage-based pricing; you pay only for the amount of data that you copy.
Instantly get access to the AWS Free Tier.
Get started building with AWS DataSync in the AWS Console.