Easily move data into and out of AWS China Regions
Overview
This solution provides secure, scalable, and trackable data transfer for Amazon Simple Storage Service (Amazon S3) objects and Amazon Elastic Container Registry (Amazon ECR) images. This data transfer helps customers expand their businesses globally by easily moving data in and out of AWS China Regions.
Benefits
The user interface allows customers to create and manage data transfer tasks for Amazon S3 objects and Amazon ECR images.
The solution supports data transfer to Amazon S3 from Alibaba Cloud OSS, Tencent COS, Qiniu Kodo, and Amazon S3 compatible cloud storage. Transfer to Amazon ECR from Docker Hub, Google gcr.io, and Red Hat Quay.io is also supported.
Transfer tasks are on-demand and pay-as-you-go. For more information, refer to the Cost section of the implementation guide.
Technical details
The diagram below presents the architecture you can automatically deploy using the solution's implementation guide and accompanying AWS CloudFormation template.
Step 1
The solution’s static web assets (front end user interface) are stored in Amazon Simple Storage Service (Amazon S3) and made available through Amazon CloudFront.
Step 2
The backend APIs are provided via AWS AppSync GraphQL.
Step 3
Users are authenticated by either Amazon Cognito User Pool (in AWS Standard Regions) or by an OpenID connect provider (in AWS China Regions) such as Authing, Auth0, etc.
Step 4
AWS AppSync runs AWS Lambda to call backend APIs.
Step 5
Lambda starts an AWS Step Functions workflow that uses AWS CloudFormation to start or stop/delete the Amazon Elastic Container Registry (Amazon ECR) or Amazon S3 plugin template.
Step 6
The plugin templates are hosted in a centralized Amazon S3 bucket managed by AWS.
Step 7
The solution also provisions an Amazon Elastic Container Service (Amazon ECS) cluster that runs the container images used by the plugin template, and the container images are hosted in Amazon ECR.
Step 8
The data transfer task information is stored in Amazon DynamoDB.
Step 1
The solution’s static web assets (front end user interface) are stored in Amazon Simple Storage Service (Amazon S3) and made available through Amazon CloudFront.
Step 2
The backend APIs are provided via AWS AppSync GraphQL.
Step 3
Users are authenticated by either Amazon Cognito User Pool (in AWS Standard Regions) or by an OpenID connect provider (in AWS China Regions) such as Authing, Auth0, etc.
Step 4
AWS AppSync runs AWS Lambda to call backend APIs.
Step 5
Lambda starts an AWS Step Functions workflow that uses AWS CloudFormation to start or stop/delete the Amazon Elastic Container Registry (Amazon ECR) or Amazon S3 plugin template.
Step 6
The plugin templates are hosted in a centralized Amazon S3 bucket managed by AWS.
Step 7
The solution also provisions an Amazon Elastic Container Service (Amazon ECS) cluster that runs the container images used by the plugin template, and the container images are hosted in Amazon ECR.
Step 8
The data transfer task information is stored in Amazon DynamoDB.
Important
If you deploy this solution in the AWS (Beijing) Region operated by Beijing Sinnet Technology Co., Ltd. (Sinnet), or the AWS (Ningxia) Region operated by Ningxia Western Cloud Data Technology Co., Ltd., you are required to provide a domain with ICP Recordal before you can access the web console.
The web console is a centralized place to create and manage all data transfer jobs. Each data type (for example, Amazon S3 or Amazon ECR) is a plugin for Data Transfer Hub, and is packaged as an AWS CloudFormation template hosted in an Amazon S3 bucket that AWS owns. When you create a transfer task, an AWS Lambda function initiates the AWS CloudFormation template, and state of each task is stored and displayed in the DynamoDB tables.
As of today, the solution supports two data transfer plugins: an Amazon S3 plugin and an Amazon ECR plugin.