Requirements for Connectivity to AWS Service Endpoints

To perform data protection operations, Amazon EC2 access nodes must have connectivity to regional and global AWS service endpoints.

Important: Commvault does not support use of Federal Information Processing Standard (FIPS) service endpoints to secure data transfer or data at-rest when protecting FIPS-enabled AWS services. For information see Federal Information Processing Standard (FIPS) 140-2 on the AWS website.

Regional Endpoints

AWS service	AWS link for endpoints	How Commvault uses connectivity
Amazon Aurora	https://docs.aws.amazon.com/en_us/general/latest/gr/aurora.html
Amazon DocumentDB	https://docs.aws.amazon.com/en_us/general/latest/gr/amazondocdb.html	To perform data management and protection for Amazon DocumentDB data
Amazon DynamoDB	https://docs.aws.amazon.com/en_us/general/latest/gr/ddb.html	To perform data management and protection for Amazon DynamoDB data
Amazon EBS direct APIs	https://docs.aws.amazon.com/general/latest/gr/ebs-service.html	To perform data management and protection for Amazon EBS volumes
Amazon EC2	https://docs.aws.amazon.com/general/latest/gr/ec2-service.html	To perform data management and protection for Amazon EC2 instances To discover Amazon Virtual Private Clouds (VPCs)
Amazon EFS	https://docs.aws.amazon.com/en_us/general/latest/gr/elasticfilesystem.html
Amazon EKS	https://docs.aws.amazon.com/general/latest/gr/eks.html
Amazon FSx	https://docs.aws.amazon.com/en_us/general/latest/gr/fsxn.html
Amazon RDS	https://docs.aws.amazon.com/general/latest/gr/rds-service.html	To perform data management and protection for Amazon RDS data
Amazon Redshift	https://docs.aws.amazon.com/en_us/general/latest/gr/redshift-service.html	To perform data management and protection for Amazon Redshift data.
Amazon S3	https://docs.aws.amazon.com/general/latest/gr/s3.html	To perform data management and protection for Amazon S3 data To store and replicate backup data to Amazon S3, Amazon S3 Glacier, and Amazon S3 Glacier DeepArchive cloud libraries
Amazon S3 Glacier	https://docs.aws.amazon.com/en_us/general/latest/gr/glacier-service.html
Amazon S3 on Outposts	https://docs.aws.amazon.com/general/latest/gr/outposts_region.html#outposts_region_s3
Amazon VPC	https://docs.aws.amazon.com/en_us/general/latest/gr/vpc-service.html
AWS KMS	https://docs.aws.amazon.com/en_us/general/latest/gr/kms.html	To perform secure data management and protection for AWS services that contain data encrypted with AWS Key Management Service (KMS) encryption keys
STS AssumeRole	https://docs.aws.amazon.com/general/latest/gr/sts.html	To obtain temporary credentials from the AWS Secure Token Service (STS), which are used in the data management and protection of AWS services
Systems Manager	https://docs.aws.amazon.com/general/latest/gr/ssm.html	To register Commvault access nodes created with Automatic Scaling for Amazon Access Nodes To provide agentless file recovery to Amazon EC2 instances Note: Both global and regional endpoint access is required.
Systems Manager	https://docs.aws.amazon.com/general/latest/gr/ssm.html

Global Endpoints

AWS service	AWS link for endpoints	How Commvault uses connectivity
Amazon RDS	https://docs.aws.amazon.com/general/latest/gr/rds-service.html
Amazon S3	https://docs.aws.amazon.com/general/latest/gr/s3.html
Amazon S3 Glacier	https://docs.aws.amazon.com/en_us/general/latest/gr/glacier-service.html
AWS IAM	https://docs.aws.amazon.com/en_us/general/latest/gr/iam-service.html	To secure and provide access to AWS services
AWS security tokens	https://docs.aws.amazon.com/general/latest/gr/sts.html
Instance import/export	https://docs.aws.amazon.com/general/latest/gr/Welcome.html

Impact Level Six (IL6) Endpoints

AWS Security Token Service (STS) is not supported for IL6 endpoints.

For AWS documentation about service endpoints, see AWS service endpoints.

Requirements for Connectivity to AWS Service Endpoints

On this page

Regional Endpoints

Global Endpoints

Impact Level Six (IL6) Endpoints

Related Topics

Creating your PDF