To protect AWS resources, Commvault access nodes must have connectivity to regional and global AWS service endpoints.
Important
Commvault does not support the use of Federal Information Processing Standard (FIPS) service endpoints to secure data transfer or data at-rest when protecting FIPS-enabled AWS services. For information see Federal Information Processing Standard (FIPS) 140-2 on the AWS website.
Regional Endpoints
AWS service |
Endpoint URL |
AWS documentation for endpoint |
How Commvault uses connectivity |
---|---|---|---|
Amazon Aurora |
rds.region.amazonaws.com |
https://docs.aws.amazon.com/en_us/general/latest/gr/aurora.html |
|
Amazon DocumentDB |
rds.region.amazonaws.com |
https://docs.aws.amazon.com/en_us/general/latest/gr/amazondocdb.html |
To perform data management and protection for Amazon DocumentDB data |
Amazon DynamoDB |
rds.region.amazonaws.com |
https://docs.aws.amazon.com/en_us/general/latest/gr/ddb.html |
To perform data management and protection for Amazon DynamoDB data |
Amazon EBS direct APIs |
ebs.region.amazonaws.com |
https://docs.aws.amazon.com/general/latest/gr/ebs-service.html |
To perform data management and protection for Amazon EBS volumes |
Amazon EC2 |
ec2.region.amazonaws.com |
https://docs.aws.amazon.com/general/latest/gr/ec2-service.html |
|
Amazon EFS |
efs.region.amazonaws.com |
https://docs.aws.amazon.com/en_us/general/latest/gr/elasticfilesystem.html |
|
Amazon EKS |
eks.region.amazonaws.com |
||
Amazon FSx |
fsx.region.amazonaws.com |
https://docs.aws.amazon.com/en_us/general/latest/gr/fsxn.html |
|
Amazon RDS |
rds.amazonaws.com |
https://docs.aws.amazon.com/general/latest/gr/rds-service.html |
To perform data management and protection for Amazon RDS data |
Amazon Redshift |
redshift.region.amazonaws.com |
https://docs.aws.amazon.com/en_us/general/latest/gr/redshift-service.html |
To perform data management and protection for Amazon Redshift data. |
Amazon S3 |
s3.amazonaws.com |
|
|
Amazon S3 Glacier |
glacier.amazonaws.com |
https://docs.aws.amazon.com/en_us/general/latest/gr/glacier-service.html |
|
Amazon S3 on Outposts |
https://docs.aws.amazon.com/general/latest/gr/outposts_region.html#outposts_region_s3 |
||
Amazon VPC |
ec2.region.amazonaws.com |
https://docs.aws.amazon.com/en_us/general/latest/gr/vpc-service.html |
|
AWS KMS |
kms.region.amazonaws.com |
https://docs.aws.amazon.com/en_us/general/latest/gr/kms.html |
To perform secure data management and protection for AWS services that contain data encrypted with AWS Key Management Service (KMS) encryption keys |
STS AssumeRole |
sts.region.amazonaws.com |
To obtain temporary credentials from the AWS Secure Token Service (STS), which are used in the data management and protection of AWS services |
|
Systems Manager |
ssm.region.amazonaws.com |
Note Both global and regional endpoint access is required. |
Global Endpoints
AWS service |
AWS link for endpoints |
How Commvault uses connectivity |
---|---|---|
Amazon RDS |
https://docs.aws.amazon.com/general/latest/gr/rds-service.html |
|
Amazon S3 |
||
Amazon S3 Glacier |
https://docs.aws.amazon.com/en_us/general/latest/gr/glacier-service.html |
|
AWS IAM |
https://docs.aws.amazon.com/en_us/general/latest/gr/iam-service.html |
To secure and provide access to AWS services |
AWS security tokens |
||
Instance import/export |
Impact Level Six (IL6) Endpoints
AWS Security Token Service (STS) is not supported for IL6 endpoints.
Related Topics
For AWS documentation about service endpoints, see AWS service endpoints.