To perform data protection operations, Amazon EC2 access nodes must have connectivity to regional and global AWS service endpoints.
Important: Commvault does not support use of Federal Information Processing Standard (FIPS) service endpoints to secure data transfer or data at-rest when protecting FIPS-enabled AWS services. For information see Federal Information Processing Standard (FIPS) 140-2 on the AWS website.
Regional Endpoints
AWS service | Endpoint URL | AWS documentation for endpoint | How Commvault uses connectivity |
---|---|---|---|
Amazon Aurora | rds.region.amazonaws.com | https://docs.aws.amazon.com/en_us/general/latest/gr/aurora.html | |
Amazon DocumentDB | rds.region.amazonaws.com | https://docs.aws.amazon.com/en_us/general/latest/gr/amazondocdb.html | To perform data management and protection for Amazon DocumentDB data |
Amazon DynamoDB | rds.region.amazonaws.com | https://docs.aws.amazon.com/en_us/general/latest/gr/ddb.html | To perform data management and protection for Amazon DynamoDB data |
Amazon EBS direct APIs | ebs.region.amazonaws.com | https://docs.aws.amazon.com/general/latest/gr/ebs-service.html | To perform data management and protection for Amazon EBS volumes |
Amazon EC2 | ec2.region.amazonaws.com | https://docs.aws.amazon.com/general/latest/gr/ec2-service.html |
|
Amazon EFS | efs.region.amazonaws.com | https://docs.aws.amazon.com/en_us/general/latest/gr/elasticfilesystem.html | |
Amazon EKS | eks.region.amazonaws.com | ||
Amazon FSx | fsx.region.amazonaws.com | https://docs.aws.amazon.com/en_us/general/latest/gr/fsxn.html | |
Amazon RDS | rds.amazonaws.com | https://docs.aws.amazon.com/general/latest/gr/rds-service.html | To perform data management and protection for Amazon RDS data |
Amazon Redshift | redshift.region.amazonaws.com | https://docs.aws.amazon.com/en_us/general/latest/gr/redshift-service.html | To perform data management and protection for Amazon Redshift data. |
Amazon S3 | s3.amazonaws.com |
| |
Amazon S3 Glacier | glacier.amazonaws.com | https://docs.aws.amazon.com/en_us/general/latest/gr/glacier-service.html | |
Amazon S3 on Outposts | https://docs.aws.amazon.com/general/latest/gr/outposts_region.html#outposts_region_s3 | ||
Amazon VPC | ec2.region.amazonaws.com | https://docs.aws.amazon.com/en_us/general/latest/gr/vpc-service.html | |
AWS KMS | kms.region.amazonaws.com | https://docs.aws.amazon.com/en_us/general/latest/gr/kms.html | To perform secure data management and protection for AWS services that contain data encrypted with AWS Key Management Service (KMS) encryption keys |
STS AssumeRole | sts.region.amazonaws.com | To obtain temporary credentials from the AWS Secure Token Service (STS), which are used in the data management and protection of AWS services | |
Systems Manager | ssm.region.amazonaws.com |
Note: Both global and regional endpoint access is required. |
Global Endpoints
AWS service | AWS link for endpoints | How Commvault uses connectivity |
---|---|---|
Amazon RDS | https://docs.aws.amazon.com/general/latest/gr/rds-service.html | |
Amazon S3 | ||
Amazon S3 Glacier | https://docs.aws.amazon.com/en_us/general/latest/gr/glacier-service.html | |
AWS IAM | https://docs.aws.amazon.com/en_us/general/latest/gr/iam-service.html | To secure and provide access to AWS services |
AWS security tokens | ||
Instance import/export |
Impact Level Six (IL6) Endpoints
AWS Security Token Service (STS) is not supported for IL6 endpoints.
Related Topics
For AWS documentation about service endpoints, see AWS service endpoints.