Requirements for Connectivity to AWS Service Endpoints

To protect AWS resources, Commvault access nodes must have connectivity to regional and global AWS service endpoints.

Important

Commvault does not support the use of Federal Information Processing Standard (FIPS) service endpoints to secure data transfer or data at-rest when protecting FIPS-enabled AWS services. For information see Federal Information Processing Standard (FIPS) 140-2 on the AWS website.

Regional Endpoints

AWS service

Endpoint URL

AWS documentation for endpoint

How Commvault uses connectivity

Amazon Aurora

rds.region.amazonaws.com

https://docs.aws.amazon.com/en_us/general/latest/gr/aurora.html

Amazon DocumentDB

rds.region.amazonaws.com

https://docs.aws.amazon.com/en_us/general/latest/gr/amazondocdb.html

To perform data management and protection for Amazon DocumentDB data

Amazon DynamoDB

rds.region.amazonaws.com

https://docs.aws.amazon.com/en_us/general/latest/gr/ddb.html

To perform data management and protection for Amazon DynamoDB data

Amazon EBS direct APIs

ebs.region.amazonaws.com

https://docs.aws.amazon.com/general/latest/gr/ebs-service.html

To perform data management and protection for Amazon EBS volumes

Amazon EC2

ec2.region.amazonaws.com

https://docs.aws.amazon.com/general/latest/gr/ec2-service.html

  • To perform data management and protection for Amazon EC2 instances

  • To discover Amazon Virtual Private Clouds (VPCs)

Amazon EFS

efs.region.amazonaws.com

https://docs.aws.amazon.com/en_us/general/latest/gr/elasticfilesystem.html

Amazon EKS

eks.region.amazonaws.com

https://docs.aws.amazon.com/general/latest/gr/eks.html

Amazon FSx

fsx.region.amazonaws.com

https://docs.aws.amazon.com/en_us/general/latest/gr/fsxn.html

Amazon RDS

rds.amazonaws.com

https://docs.aws.amazon.com/general/latest/gr/rds-service.html

To perform data management and protection for Amazon RDS data

Amazon Redshift

redshift.region.amazonaws.com

https://docs.aws.amazon.com/en_us/general/latest/gr/redshift-service.html

To perform data management and protection for Amazon Redshift data.

Amazon S3

s3.amazonaws.com

https://docs.aws.amazon.com/general/latest/gr/s3.html

  • To perform data management and protection for Amazon S3 data

  • To store and replicate backup data to Amazon S3, Amazon S3 Glacier, and Amazon S3 Glacier DeepArchive cloud libraries

Amazon S3 Glacier

glacier.amazonaws.com

https://docs.aws.amazon.com/en_us/general/latest/gr/glacier-service.html

Amazon S3 on Outposts

https://docs.aws.amazon.com/general/latest/gr/outposts_region.html#outposts_region_s3

Amazon VPC

ec2.region.amazonaws.com

https://docs.aws.amazon.com/en_us/general/latest/gr/vpc-service.html

AWS KMS

kms.region.amazonaws.com

https://docs.aws.amazon.com/en_us/general/latest/gr/kms.html

To perform secure data management and protection for AWS services that contain data encrypted with AWS Key Management Service (KMS) encryption keys

STS AssumeRole

sts.region.amazonaws.com

https://docs.aws.amazon.com/general/latest/gr/sts.html

To obtain temporary credentials from the AWS Secure Token Service (STS), which are used in the data management and protection of AWS services

Systems Manager

ssm.region.amazonaws.com

https://docs.aws.amazon.com/general/latest/gr/ssm.html

Note

Both global and regional endpoint access is required.

Global Endpoints

AWS service

AWS link for endpoints

How Commvault uses connectivity

Amazon RDS

https://docs.aws.amazon.com/general/latest/gr/rds-service.html

Amazon S3

https://docs.aws.amazon.com/general/latest/gr/s3.html

Amazon S3 Glacier

https://docs.aws.amazon.com/en_us/general/latest/gr/glacier-service.html

AWS IAM

https://docs.aws.amazon.com/en_us/general/latest/gr/iam-service.html

To secure and provide access to AWS services

AWS security tokens

https://docs.aws.amazon.com/general/latest/gr/sts.html

Instance import/export

https://docs.aws.amazon.com/general/latest/gr/Welcome.html

Impact Level Six (IL6) Endpoints

AWS Security Token Service (STS) is not supported for IL6 endpoints.

For AWS documentation about service endpoints, see AWS service endpoints.

Loading...