Requirements for Connectivity to AWS Service Endpoints

Updated

To perform data protection operations, Amazon EC2 access nodes must have connectivity to regional and global AWS service endpoints.

Important: Commvault does not support use of Federal Information Processing Standard (FIPS) service endpoints to secure data transfer or data at-rest when protecting FIPS-enabled AWS services. For information see Federal Information Processing Standard (FIPS) 140-2 on the AWS website.

Regional Endpoints

AWS service

AWS link for endpoints

How Commvault uses connectivity

Amazon Aurora

https://docs.aws.amazon.com/en_us/general/latest/gr/aurora.html

Amazon DocumentDB

https://docs.aws.amazon.com/en_us/general/latest/gr/amazondocdb.html

To perform data management and protection for Amazon DocumentDB data

Amazon DynamoDB

https://docs.aws.amazon.com/en_us/general/latest/gr/ddb.html

To perform data management and protection for Amazon DynamoDB data

Amazon EBS direct APIs

https://docs.aws.amazon.com/general/latest/gr/ebs-service.html

To perform data management and protection for Amazon EBS volumes

Amazon EC2

https://docs.aws.amazon.com/general/latest/gr/ec2-service.html

  • To perform data management and protection for Amazon EC2 instances

  • To discover Amazon Virtual Private Clouds (VPCs)

Amazon EFS

https://docs.aws.amazon.com/en_us/general/latest/gr/elasticfilesystem.html

Amazon EKS

https://docs.aws.amazon.com/general/latest/gr/eks.html

Amazon FSx

https://docs.aws.amazon.com/en_us/general/latest/gr/fsxn.html

Amazon RDS

https://docs.aws.amazon.com/general/latest/gr/rds-service.html

To perform data management and protection for Amazon RDS data

Amazon Redshift

https://docs.aws.amazon.com/en_us/general/latest/gr/redshift-service.html

To perform data management and protection for Amazon Redshift data.

Amazon S3

https://docs.aws.amazon.com/general/latest/gr/s3.html

  • To perform data management and protection for Amazon S3 data

  • To store and replicate backup data to Amazon S3, Amazon S3 Glacier, and Amazon S3 Glacier DeepArchive cloud libraries

Amazon S3 Glacier

https://docs.aws.amazon.com/en_us/general/latest/gr/glacier-service.html

Amazon S3 on Outposts

https://docs.aws.amazon.com/general/latest/gr/outposts_region.html#outposts_region_s3

Amazon VPC

https://docs.aws.amazon.com/en_us/general/latest/gr/vpc-service.html

AWS KMS

https://docs.aws.amazon.com/en_us/general/latest/gr/kms.html

To perform secure data management and protection for AWS services that contain data encrypted with AWS Key Management Service (KMS) encryption keys

STS AssumeRole

https://docs.aws.amazon.com/general/latest/gr/sts.html

To obtain temporary credentials from the AWS Secure Token Service (STS), which are used in the data management and protection of AWS services

Systems Manager

https://docs.aws.amazon.com/general/latest/gr/ssm.html

Note: Both global and regional endpoint access is required.

Systems Manager

https://docs.aws.amazon.com/general/latest/gr/ssm.html

Global Endpoints

Impact Level Six (IL6) Endpoints

AWS Security Token Service (STS) is not supported for IL6 endpoints.

For AWS documentation about service endpoints, see AWS service endpoints.