By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Data Migration using with data Sync

0

Hello All, I just want to know that we are migrating data from one S3 to another account s3 using data sync. We need to know to migrate data without over the internet. We want to migrate within the VPC in AWS. Is there is any possible way is there to migrate data within the VPC from one S3 to another account S3 suggest me

Topics
Migration & ModernizationNetworking & Content Delivery
Tags
Migration & ModernizationAWS DataSyncAmazon VPCAWS PrivateLink
Language
English
Saran Raj J
asked 10 months ago378 views
3 Answers
0
Accepted Answer

To achieve this migration from S3 to S3, you can consider this design :

  • At the source : You will require a VPC to deploy AWS DataSync agent on an EC2 agent in this VPC and then you need to enable a VPC endpoint for the source S3 bucket in this VPC. In this case, DataSync agent can access source data over private network.
  • A the destination : you need to have a VPC with destination S3 bucket VPC endpoints enabled in that VPC and AWS Datasync VPC enabled for the same VPC.
  • VPC peering : you need to peer the source and destination VPC.

You can refer to a similar design for EFS to get the idea here.

AWS
Behrang_KS
answered 10 months ago
0

It will be AWS service to AWS service communication, so it will not go out of the AWS network.
Perhaps the following explanation also applies to S3-to-S3 migration using DataSync.
https://aws.amazon.com/vpc/faqs/?nc1=h_ls

Q. Does traffic go over the internet when two instances communicate using public IP addresses, or when instances communicate with a public AWS service endpoint?

No. When using public IP addresses, all communication between instances and services hosted in AWS use AWS's private network. Packets that originate from the AWS network with a destination on the AWS network stay on the AWS global network, except traffic to or from AWS China Regions.

In addition, all data flowing across the AWS global network that interconnects our data centers and Regions is automatically encrypted at the physical layer before it leaves our secured facilities. Additional encryption layers exist as well; for example, all VPC cross-region peering traffic, and customer or service-to-service Transport Layer Security (TLS) connections.

In other words, we believe that you can perform secure S3-to-S3 migration by setting up DataSync in the manner described in the following document.
https://docs.aws.amazon.com/datasync/latest/userguide/tutorial_s3-s3-cross-account-transfer.html

profile picture
EXPERT
Riku_Kobayashi
answered 10 months ago
  • Saran Raj J
    10 months ago

    As per understanding you are saying while migration the data will not move over the internet it will securely transfer through the AWS service communication. Please let me know the charges which is involved while this migration for s3 and data sync.

  • Riku_Kobayashi EXPERT
    10 months ago

    For more information on DataSync fees, please review the following documents. The calculation method is simple and depends on the amount of data to be migrated and the region. https://aws.amazon.com/datasync/pricing/?nc1=h_ls

  • Saran Raj J
    10 months ago

    I would like to know how much time will took for migrating 200 TB data and 50 million objects from one s3 to another account s3 using data sync and also want to know the cost for it.

  • Riku_Kobayashi EXPERT
    10 months ago

    Depending on the region, the following would be calculated for Northern Virginia. https://aws.amazon.com/jp/datasync/pricing/?nc1=h_ls 200000GB * 0.0125USD = 2,500 USD

0

Hi, you should go the Amazon DataSync FAQ: https://www.amazonaws.cn/en/datasync/faqs/

It gives fully detailled answer to your question

Q: Does Amazon DataSync support VPC endpoints or Amazon  PrivateLink?
A: Yes, VPC endpoints are supported for data movement use cases. You can 
use VPC endpoints to ensure data transferred between your Amazon 
DataSync agent, either deployed on-premises or in-cloud, doesn't traverse 
the public internet or need public IP addresses. Using VPC endpoints increases 
the security of your data by keeping network traffic within your Amazon Virtual
 Private Cloud (Amazon VPC). VPC endpoints for DataSync are powered by 
Amazon PrivateLink , a highly available, scalable technology that enables you to 
privately connect your VPC to supported Amazon Web Services.

Q: How do I configure Amazon DataSync to use VPC endpoints?
A: To use VPC endpoints with Amazon DataSync, you create an Amazon PrivateLink 
interface VPC endpoint for the DataSync service in your chosen VPC, and then 
choose this endpoint elastic network interface (ENI) when creating your DataSync 
agent. Your agent will connect to this ENI to activate, and subsequently all data transferred
 by the agent will remain within your configured VPC. You can use either the Amazon 
DataSync Console, Amazon Command Line Interface (CLI), or Amazon SDK, to configure 
VPC endpoints. To learn more, see Using Amazon DataSync in a Virtual Private Cloud.

Link to Amazon PrivateLink: https://www.amazonaws.cn/en/privatelink/

profile pictureAWS
EXPERT
Didier_Durand
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content