Transferring data via private connection by using AWS PrivateLink for Amazon S3
This section explains how to establish a private connection by using AWS PrivateLink for Amazon S3.
This example assumes that you register an endpoint URL in the default information for the Receive Storage Management Information on Cloud Storage DB, and shows how to configure the settings for the operation patterns with and without using individual settings.
-
Settings for using PrivateLink by specifying only the default information for the Receive Storage Management Information
-
Settings to allow certain transfers to use the standard S3 endpoint for AWS with individual settings for the Receive Storage Management Information
This function is supported by the following optional products:
-
HULFT8 Cloud Storage Option(Amazon S3) for Windows
-
HULFT8 Cloud Storage Option(Amazon S3) for Linux
Settings for using PrivateLink by specifying only the default information for the Receive Storage Management Information
Before registering the Receive Storage Management Information, you must get an endpoint to connect to PrivateLink on Amazon AWS.
Refer to the official website for AWS and create an "interface VPC endpoint (AWS PrivateLink)" on Amazon VPC in the same region as the destination bucket.
After creating the "interface VPC endpoint (AWS PrivateLink)," get the DNS name for the "interface VPC endpoint (AWS PrivateLink)."
This DNS name is used as a part of the endpoint URL to register in the Receive Storage Management Information.
This example assumes that the DNS name is "*.vpce-1a2b3c4d-5e6f.s3.us-east-1.vpce.amazonaws.com".
When you use a private connection, the Amazon VPC where you created the endpoint must be connected to the network of the server on which HULFT is installed.
If individual settings for the Receive Storage Management Information are not configured, the default information for the Receive Storage Management Information is used.
This example shows how to use the default information for the Receive Storage Management Information to use PrivateLink.
|
✓ |
: |
Register the setting value |
|
- |
: |
Do not register the setting value |
|
*1 |
: |
This field can be set only when you use Amazon S3. |
For Region, specify the same region as the "interface VPC" that you specified when you created the "interface VPC endpoint (AWS PrivateLink)."
Specify Endpoint URL as follows:
-
Specify "https://" or "http://" at the beginning as the connection protocol.
-
Specify the fixed string "bucket" defined on the service side for "*" in the DNS name.
In this example, register "https://" as the connection protocol.
Register the Region and Endpoint URL setting values using the registration command of the default information for the Receive Storage Management Information.
utls3infoadd -t rcv --default --default-region us-east-1 --endpoint-url https://bucket.vpce-1a2b3c4d-5e6f.s3.us-east-1.vpce.amazonaws.com
For details on the registration command of the default information for the Storage Management Information on Amazon S3, refer to Registration command of the Default Information for Storage Management Information (Amazon S3).
All the information specified by the registration command is overwritten in the default information.
For a field that is not specified with the option, the value "Use the default value." is set.
In this case, the value in the downward-compatible settings is used.
However, only in cases when you do not specify a Storage Authentication Information ID with the option, the value registered in the default information for the Storage Authentication Information is used instead of the downward-compatible settings.
The following list is output:
$ utls3infoadd -t rcv --default --default-region us-east-1 --endpoint-url https://bucket.vpce-1a2b3c4d-5e6f.s3.us-east-1.vpce.amazonaws.com The default information for Receive Storage Management Information will be changed. Timeout: Use the default value. Parallels: Use the default value. Part Size: Use the default value. Default Region: us-east-1 Endpoint: https://bucket.vpce-1a2b3c4d-5e6f.s3.us-east-1.vpce.amazonaws.com ACL: Use the default value. Auth ID: Use the default value.
Check whether the values specified for Region and Endpoint URL are registered.
If you do not specify "-f" or "--force" with the registration command of the default information for the Storage Management Information, the following confirmation message is output:
Are you sure to register? [y/n]:
After the confirmation message is output, input "y" or "Y" to execute the registration command of the default information for the Storage Management Information.
The registration of the default information for the Storage Management Information to use AWS PrivateLink for Amazon S3 is now completed.
In an environment where either of the following environment variables is registered, if you do not want to use a proxy server for the private connection (endpoint connection), you must register the DNS name of the "interface VPC endpoint (AWS PrivateLink)" in the environment variable NO_PROXY (no_proxy):
-
HTTPS_PROXY
-
https_proxy
-
HTTP_PROXY
-
http_proxy
Settings to allow certain transfers to use the standard S3 endpoint for AWS with individual settings for the Receive Storage Management Information
The below procedure shows how to configure the settings with individual settings for the Receive Storage Management Information to allow certain transfers to use the standard S3 endpoint for AWS instead of PrivateLink in an environment where PrivateLink is used by setting only the default information for the Receive Storage Management Information.
|
✓ |
: |
Register the setting value |
|
- |
: |
Do not register the setting value |
|
*1 |
: |
This field can be set only when you use Amazon S3. |
If you specify "none" for Endpoint URL, the standard S3 endpoint for AWS is used.
Therefore, if you want to use the standard S3 endpoint for AWS instead of PrivateLink to transfer data, specify "none" for Endpoint URL.
Register the Region and Endpoint URL setting values using the registration command of the Receive Storage Management Information.
utls3infoadd -t rcv --id bucket01 --default-region us-east-1 --endpoint-url none
For details on the registration command of the default information for the Storage Management Information on Amazon S3, refer to Registration command of the Storage Management Information (Amazon S3).
For a field that is not specified with the option, the value "Use the default value." is set.
In this case, the value in the downward-compatible settings is used.
To check the values set in the default information for the Receive Storage Management Information on Amazon S3, refer to Output command of the Cloud Storage DB Information List (Amazon S3).
The following list is output:
$ utls3infoadd -t rcv --id bucket01 --default-region us-east-1 --endpoint-url none The Receive Storage Management Information "bucket01" will be registered. Bucket: Use the default value. Timeout: Use the default value. Parallels: Use the default value. Part Size: Use the default value. Default Region: us-east-1 Endpoint: none ACL: Use the default value. Auth ID: Use the default value.
Check whether the value specified for Region is registered, and that "none" is registered for Endpoint URL.
If you do not specify "-f" or "--force" with the registration command of the Storage Management Information, the following confirmation message is output:
Are you sure to register? [y/n]:
After the confirmation message is output, input "y" or "Y" to execute the registration command of the Storage Management Information.
The registration to allow certain transfers to use the standard S3 endpoint for AWS instead of PrivateLink by using individual settings for the Receive Storage Management Information is now completed.