2025/05/29 - AWS DataSync - 7 updated api methods
Changes AgentArns field is made optional for Object Storage and Azure Blob location create requests. Location credentials are now managed via Secrets Manager, and may be encrypted with service managed or customer managed keys. Authentication is now optional for Azure Blob locations.
{'AuthenticationType': {'NONE'},
'CmkSecretConfig': {'KmsKeyArn': 'string', 'SecretArn': 'string'},
'CustomSecretConfig': {'SecretAccessRoleArn': 'string', 'SecretArn': 'string'}}
Creates a transfer location for a Microsoft Azure Blob Storage container. DataSync can use this location as a transfer source or destination. You can make transfers with or without a DataSync agent that connects to your container.
Before you begin, make sure you know how DataSync accesses Azure Blob Storage and works with access tiers and blob types.
See also: AWS API Documentation
Request Syntax
client.create_location_azure_blob(
ContainerUrl='string',
AuthenticationType='SAS'|'NONE',
SasConfiguration={
'Token': 'string'
},
BlobType='BLOCK',
AccessTier='HOT'|'COOL'|'ARCHIVE',
Subdirectory='string',
AgentArns=[
'string',
],
Tags=[
{
'Key': 'string',
'Value': 'string'
},
],
CmkSecretConfig={
'SecretArn': 'string',
'KmsKeyArn': 'string'
},
CustomSecretConfig={
'SecretArn': 'string',
'SecretAccessRoleArn': 'string'
}
)
string
[REQUIRED]
Specifies the URL of the Azure Blob Storage container involved in your transfer.
string
[REQUIRED]
Specifies the authentication method DataSync uses to access your Azure Blob Storage. DataSync can access blob storage using a shared access signature (SAS).
dict
Specifies the SAS configuration that allows DataSync to access your Azure Blob Storage.
Token (string) -- [REQUIRED]
Specifies a SAS token that provides permissions to access your Azure Blob Storage.
The token is part of the SAS URI string that comes after the storage resource URI and a question mark. A token looks something like this:
sp=r&st=2023-12-20T14:54:52Z&se=2023-12-20T22:54:52Z&spr=https&sv=2021-06-08&sr=c&sig=aBBKDWQvyuVcTPH9EBp%2FXTI9E%2F%2Fmq171%2BZU178wcwqU%3D
string
Specifies the type of blob that you want your objects or files to be when transferring them into Azure Blob Storage. Currently, DataSync only supports moving data into Azure Blob Storage as block blobs. For more information on blob types, see the Azure Blob Storage documentation.
string
Specifies the access tier that you want your objects or files transferred into. This only applies when using the location as a transfer destination. For more information, see Access tiers.
string
Specifies path segments if you want to limit your transfer to a virtual directory in your container (for example, /my/images).
list
(Optional) Specifies the Amazon Resource Name (ARN) of the DataSync agent that can connect with your Azure Blob Storage container. If you are setting up an agentless cross-cloud transfer, you do not need to specify a value for this parameter.
You can specify more than one agent. For more information, see Using multiple agents for your transfer.
(string) --
list
Specifies labels that help you categorize, filter, and search for your Amazon Web Services resources. We recommend creating at least a name tag for your transfer location.
(dict) --
A key-value pair representing a single tag that's been applied to an Amazon Web Services resource.
Key (string) -- [REQUIRED]
The key for an Amazon Web Services resource tag.
Value (string) --
The value for an Amazon Web Services resource tag.
dict
Specifies configuration information for a DataSync-managed secret, which includes the authentication token that DataSync uses to access a specific AzureBlob storage location, with a customer-managed KMS key.
When you include this paramater as part of a CreateLocationAzureBlob request, you provide only the KMS key ARN. DataSync uses this KMS key together with the authentication token you specify for SasConfiguration to create a DataSync-managed secret to store the location access credentials.
Make sure the DataSync has permission to access the KMS key that you specify.
SecretArn (string) --
Specifies the ARN for the DataSync-managed Secrets Manager secret that that is used to access a specific storage location. This property is generated by DataSync and is read-only. DataSync encrypts this secret with the KMS key that you specify for KmsKeyArn.
KmsKeyArn (string) --
Specifies the ARN for the customer-managed KMS key that DataSync uses to encrypt the DataSync-managed secret stored for SecretArn. DataSync provides this key to Secrets Manager.
dict
Specifies configuration information for a customer-managed Secrets Manager secret where the authentication token for an AzureBlob storage location is stored in plain text. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.
SecretArn (string) --
Specifies the ARN for an Secrets Manager secret.
SecretAccessRoleArn (string) --
Specifies the ARN for the Identity and Access Management role that DataSync uses to access the secret specified for SecretArn.
dict
Response Syntax
{
'LocationArn': 'string'
}
Response Structure
(dict) --
LocationArn (string) --
The ARN of the Azure Blob Storage transfer location that you created.
{'CmkSecretConfig': {'KmsKeyArn': 'string', 'SecretArn': 'string'},
'CustomSecretConfig': {'SecretAccessRoleArn': 'string', 'SecretArn': 'string'}}
Creates a transfer location for an object storage system. DataSync can use this location as a source or destination for transferring data. You can make transfers with or without a DataSync agent.
Before you begin, make sure that you understand the prerequisites for DataSync to work with object storage systems.
See also: AWS API Documentation
Request Syntax
client.create_location_object_storage(
ServerHostname='string',
ServerPort=123,
ServerProtocol='HTTPS'|'HTTP',
Subdirectory='string',
BucketName='string',
AccessKey='string',
SecretKey='string',
AgentArns=[
'string',
],
Tags=[
{
'Key': 'string',
'Value': 'string'
},
],
ServerCertificate=b'bytes',
CmkSecretConfig={
'SecretArn': 'string',
'KmsKeyArn': 'string'
},
CustomSecretConfig={
'SecretArn': 'string',
'SecretAccessRoleArn': 'string'
}
)
string
[REQUIRED]
Specifies the domain name or IP version 4 (IPv4) address of the object storage server that your DataSync agent connects to.
integer
Specifies the port that your object storage server accepts inbound network traffic on (for example, port 443).
string
Specifies the protocol that your object storage server uses to communicate.
string
Specifies the object prefix for your object storage server. If this is a source location, DataSync only copies objects with this prefix. If this is a destination location, DataSync writes all objects with this prefix.
string
[REQUIRED]
Specifies the name of the object storage bucket involved in the transfer.
string
Specifies the access key (for example, a user name) if credentials are required to authenticate with the object storage server.
string
Specifies the secret key (for example, a password) if credentials are required to authenticate with the object storage server.
list
(Optional) Specifies the Amazon Resource Names (ARNs) of the DataSync agents that can connect with your object storage system. If you are setting up an agentless cross-cloud transfer, you do not need to specify a value for this parameter.
(string) --
list
Specifies the key-value pair that represents a tag that you want to add to the resource. Tags can help you manage, filter, and search for your resources. We recommend creating a name tag for your location.
(dict) --
A key-value pair representing a single tag that's been applied to an Amazon Web Services resource.
Key (string) -- [REQUIRED]
The key for an Amazon Web Services resource tag.
Value (string) --
The value for an Amazon Web Services resource tag.
bytes
Specifies a certificate chain for DataSync to authenticate with your object storage system if the system uses a private or self-signed certificate authority (CA). You must specify a single .pem file with a full certificate chain (for example, file:///home/user/.ssh/object_storage_certificates.pem).
The certificate chain might include:
The object storage system's certificate
All intermediate certificates (if there are any)
The root certificate of the signing CA
You can concatenate your certificates into a .pem file (which can be up to 32768 bytes before base64 encoding). The following example cat command creates an object_storage_certificates.pem file that includes three certificates:
cat object_server_certificate.pem intermediate_certificate.pem ca_root_certificate.pem > object_storage_certificates.pem
To use this parameter, configure ServerProtocol to HTTPS.
dict
Specifies configuration information for a DataSync-managed secret, which includes the SecretKey that DataSync uses to access a specific object storage location, with a customer-managed KMS key.
When you include this paramater as part of a CreateLocationObjectStorage request, you provide only the KMS key ARN. DataSync uses this KMS key together with the value you specify for the SecretKey parameter to create a DataSync-managed secret to store the location access credentials.
Make sure the DataSync has permission to access the KMS key that you specify.
SecretArn (string) --
Specifies the ARN for the DataSync-managed Secrets Manager secret that that is used to access a specific storage location. This property is generated by DataSync and is read-only. DataSync encrypts this secret with the KMS key that you specify for KmsKeyArn.
KmsKeyArn (string) --
Specifies the ARN for the customer-managed KMS key that DataSync uses to encrypt the DataSync-managed secret stored for SecretArn. DataSync provides this key to Secrets Manager.
dict
Specifies configuration information for a customer-managed Secrets Manager secret where the secret key for a specific object storage location is stored in plain text. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.
SecretArn (string) --
Specifies the ARN for an Secrets Manager secret.
SecretAccessRoleArn (string) --
Specifies the ARN for the Identity and Access Management role that DataSync uses to access the secret specified for SecretArn.
dict
Response Syntax
{
'LocationArn': 'string'
}
Response Structure
(dict) --
CreateLocationObjectStorageResponse
LocationArn (string) --
Specifies the ARN of the object storage system location that you create.
{'AuthenticationType': {'NONE'},
'CmkSecretConfig': {'KmsKeyArn': 'string', 'SecretArn': 'string'},
'CustomSecretConfig': {'SecretAccessRoleArn': 'string', 'SecretArn': 'string'},
'ManagedSecretConfig': {'SecretArn': 'string'}}
Provides details about how an DataSync transfer location for Microsoft Azure Blob Storage is configured.
See also: AWS API Documentation
Request Syntax
client.describe_location_azure_blob(
LocationArn='string'
)
string
[REQUIRED]
Specifies the Amazon Resource Name (ARN) of your Azure Blob Storage transfer location.
dict
Response Syntax
{
'LocationArn': 'string',
'LocationUri': 'string',
'AuthenticationType': 'SAS'|'NONE',
'BlobType': 'BLOCK',
'AccessTier': 'HOT'|'COOL'|'ARCHIVE',
'AgentArns': [
'string',
],
'CreationTime': datetime(2015, 1, 1),
'ManagedSecretConfig': {
'SecretArn': 'string'
},
'CmkSecretConfig': {
'SecretArn': 'string',
'KmsKeyArn': 'string'
},
'CustomSecretConfig': {
'SecretArn': 'string',
'SecretAccessRoleArn': 'string'
}
}
Response Structure
(dict) --
LocationArn (string) --
The ARN of your Azure Blob Storage transfer location.
LocationUri (string) --
The URL of the Azure Blob Storage container involved in your transfer.
AuthenticationType (string) --
The authentication method DataSync uses to access your Azure Blob Storage. DataSync can access blob storage using a shared access signature (SAS).
BlobType (string) --
The type of blob that you want your objects or files to be when transferring them into Azure Blob Storage. Currently, DataSync only supports moving data into Azure Blob Storage as block blobs. For more information on blob types, see the Azure Blob Storage documentation.
AccessTier (string) --
The access tier that you want your objects or files transferred into. This only applies when using the location as a transfer destination. For more information, see Access tiers.
AgentArns (list) --
The ARNs of the DataSync agents that can connect with your Azure Blob Storage container.
(string) --
CreationTime (datetime) --
The time that your Azure Blob Storage transfer location was created.
ManagedSecretConfig (dict) --
Describes configuration information for a DataSync-managed secret, such as an authentication token that DataSync uses to access a specific storage location. DataSync uses the default Amazon Web Services-managed KMS key to encrypt this secret in Secrets Manager.
SecretArn (string) --
Specifies the ARN for an Secrets Manager secret.
CmkSecretConfig (dict) --
Describes configuration information for a DataSync-managed secret, such as an authentication token that DataSync uses to access a specific storage location, with a customer-managed KMS key.
SecretArn (string) --
Specifies the ARN for the DataSync-managed Secrets Manager secret that that is used to access a specific storage location. This property is generated by DataSync and is read-only. DataSync encrypts this secret with the KMS key that you specify for KmsKeyArn.
KmsKeyArn (string) --
Specifies the ARN for the customer-managed KMS key that DataSync uses to encrypt the DataSync-managed secret stored for SecretArn. DataSync provides this key to Secrets Manager.
CustomSecretConfig (dict) --
Describes configuration information for a customer-managed secret, such as an authentication token that DataSync uses to access a specific storage location, with a customer-managed KMS key.
SecretArn (string) --
Specifies the ARN for an Secrets Manager secret.
SecretAccessRoleArn (string) --
Specifies the ARN for the Identity and Access Management role that DataSync uses to access the secret specified for SecretArn.
{'CmkSecretConfig': {'KmsKeyArn': 'string', 'SecretArn': 'string'},
'CustomSecretConfig': {'SecretAccessRoleArn': 'string', 'SecretArn': 'string'},
'ManagedSecretConfig': {'SecretArn': 'string'}}
Provides details about how an DataSync transfer location for an object storage system is configured.
See also: AWS API Documentation
Request Syntax
client.describe_location_object_storage(
LocationArn='string'
)
string
[REQUIRED]
Specifies the Amazon Resource Name (ARN) of the object storage system location.
dict
Response Syntax
{
'LocationArn': 'string',
'LocationUri': 'string',
'AccessKey': 'string',
'ServerPort': 123,
'ServerProtocol': 'HTTPS'|'HTTP',
'AgentArns': [
'string',
],
'CreationTime': datetime(2015, 1, 1),
'ServerCertificate': b'bytes',
'ManagedSecretConfig': {
'SecretArn': 'string'
},
'CmkSecretConfig': {
'SecretArn': 'string',
'KmsKeyArn': 'string'
},
'CustomSecretConfig': {
'SecretArn': 'string',
'SecretAccessRoleArn': 'string'
}
}
Response Structure
(dict) --
DescribeLocationObjectStorageResponse
LocationArn (string) --
The ARN of the object storage system location.
LocationUri (string) --
The URI of the object storage system location.
AccessKey (string) --
The access key (for example, a user name) required to authenticate with the object storage system.
ServerPort (integer) --
The port that your object storage server accepts inbound network traffic on (for example, port 443).
ServerProtocol (string) --
The protocol that your object storage system uses to communicate.
AgentArns (list) --
The ARNs of the DataSync agents that can connect with your object storage system.
(string) --
CreationTime (datetime) --
The time that the location was created.
ServerCertificate (bytes) --
The certificate chain for DataSync to authenticate with your object storage system if the system uses a private or self-signed certificate authority (CA).
ManagedSecretConfig (dict) --
Describes configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location. DataSync uses the default Amazon Web Services-managed KMS key to encrypt this secret in Secrets Manager.
SecretArn (string) --
Specifies the ARN for an Secrets Manager secret.
CmkSecretConfig (dict) --
Describes configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed KMS key.
SecretArn (string) --
Specifies the ARN for the DataSync-managed Secrets Manager secret that that is used to access a specific storage location. This property is generated by DataSync and is read-only. DataSync encrypts this secret with the KMS key that you specify for KmsKeyArn.
KmsKeyArn (string) --
Specifies the ARN for the customer-managed KMS key that DataSync uses to encrypt the DataSync-managed secret stored for SecretArn. DataSync provides this key to Secrets Manager.
CustomSecretConfig (dict) --
Describes configuration information for a customer-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed KMS key.
SecretArn (string) --
Specifies the ARN for an Secrets Manager secret.
SecretAccessRoleArn (string) --
Specifies the ARN for the Identity and Access Management role that DataSync uses to access the secret specified for SecretArn.
{'EndTime': 'timestamp', 'LaunchTime': 'timestamp'}
Provides information about an execution of your DataSync task. You can use this operation to help monitor the progress of an ongoing data transfer or check the results of the transfer.
See also: AWS API Documentation
Request Syntax
client.describe_task_execution(
TaskExecutionArn='string'
)
string
[REQUIRED]
Specifies the Amazon Resource Name (ARN) of the task execution that you want information about.
dict
Response Syntax
{
'TaskExecutionArn': 'string',
'Status': 'QUEUED'|'CANCELLING'|'LAUNCHING'|'PREPARING'|'TRANSFERRING'|'VERIFYING'|'SUCCESS'|'ERROR',
'Options': {
'VerifyMode': 'POINT_IN_TIME_CONSISTENT'|'ONLY_FILES_TRANSFERRED'|'NONE',
'OverwriteMode': 'ALWAYS'|'NEVER',
'Atime': 'NONE'|'BEST_EFFORT',
'Mtime': 'NONE'|'PRESERVE',
'Uid': 'NONE'|'INT_VALUE'|'NAME'|'BOTH',
'Gid': 'NONE'|'INT_VALUE'|'NAME'|'BOTH',
'PreserveDeletedFiles': 'PRESERVE'|'REMOVE',
'PreserveDevices': 'NONE'|'PRESERVE',
'PosixPermissions': 'NONE'|'PRESERVE',
'BytesPerSecond': 123,
'TaskQueueing': 'ENABLED'|'DISABLED',
'LogLevel': 'OFF'|'BASIC'|'TRANSFER',
'TransferMode': 'CHANGED'|'ALL',
'SecurityDescriptorCopyFlags': 'NONE'|'OWNER_DACL'|'OWNER_DACL_SACL',
'ObjectTags': 'PRESERVE'|'NONE'
},
'Excludes': [
{
'FilterType': 'SIMPLE_PATTERN',
'Value': 'string'
},
],
'Includes': [
{
'FilterType': 'SIMPLE_PATTERN',
'Value': 'string'
},
],
'ManifestConfig': {
'Action': 'TRANSFER',
'Format': 'CSV',
'Source': {
'S3': {
'ManifestObjectPath': 'string',
'BucketAccessRoleArn': 'string',
'S3BucketArn': 'string',
'ManifestObjectVersionId': 'string'
}
}
},
'StartTime': datetime(2015, 1, 1),
'EstimatedFilesToTransfer': 123,
'EstimatedBytesToTransfer': 123,
'FilesTransferred': 123,
'BytesWritten': 123,
'BytesTransferred': 123,
'BytesCompressed': 123,
'Result': {
'PrepareDuration': 123,
'PrepareStatus': 'PENDING'|'SUCCESS'|'ERROR',
'TotalDuration': 123,
'TransferDuration': 123,
'TransferStatus': 'PENDING'|'SUCCESS'|'ERROR',
'VerifyDuration': 123,
'VerifyStatus': 'PENDING'|'SUCCESS'|'ERROR',
'ErrorCode': 'string',
'ErrorDetail': 'string'
},
'TaskReportConfig': {
'Destination': {
'S3': {
'Subdirectory': 'string',
'S3BucketArn': 'string',
'BucketAccessRoleArn': 'string'
}
},
'OutputType': 'SUMMARY_ONLY'|'STANDARD',
'ReportLevel': 'ERRORS_ONLY'|'SUCCESSES_AND_ERRORS',
'ObjectVersionIds': 'INCLUDE'|'NONE',
'Overrides': {
'Transferred': {
'ReportLevel': 'ERRORS_ONLY'|'SUCCESSES_AND_ERRORS'
},
'Verified': {
'ReportLevel': 'ERRORS_ONLY'|'SUCCESSES_AND_ERRORS'
},
'Deleted': {
'ReportLevel': 'ERRORS_ONLY'|'SUCCESSES_AND_ERRORS'
},
'Skipped': {
'ReportLevel': 'ERRORS_ONLY'|'SUCCESSES_AND_ERRORS'
}
}
},
'FilesDeleted': 123,
'FilesSkipped': 123,
'FilesVerified': 123,
'ReportResult': {
'Status': 'PENDING'|'SUCCESS'|'ERROR',
'ErrorCode': 'string',
'ErrorDetail': 'string'
},
'EstimatedFilesToDelete': 123,
'TaskMode': 'BASIC'|'ENHANCED',
'FilesPrepared': 123,
'FilesListed': {
'AtSource': 123,
'AtDestinationForDelete': 123
},
'FilesFailed': {
'Prepare': 123,
'Transfer': 123,
'Verify': 123,
'Delete': 123
},
'LaunchTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1)
}
Response Structure
(dict) --
DescribeTaskExecutionResponse
TaskExecutionArn (string) --
The ARN of the task execution that you wanted information about. TaskExecutionArn is hierarchical and includes TaskArn for the task that was executed.
For example, a TaskExecution value with the ARN arn:aws:datasync:us-east-1:111222333444:task/task-0208075f79cedf4a2/execution/exec-08ef1e88ec491019b executed the task with the ARN arn:aws:datasync:us-east-1:111222333444:task/task-0208075f79cedf4a2.
Status (string) --
The status of the task execution.
Options (dict) --
Indicates how your transfer task is configured. These options include how DataSync handles files, objects, and their associated metadata during your transfer. You also can specify how to verify data integrity, set bandwidth limits for your task, among other options.
Each option has a default value. Unless you need to, you don't have to configure any option before calling StartTaskExecution.
You also can override your task options for each task execution. For example, you might want to adjust the LogLevel for an individual execution.
VerifyMode (string) --
Specifies if and how DataSync checks the integrity of your data at the end of your transfer.
ONLY_FILES_TRANSFERRED (recommended) - DataSync calculates the checksum of transferred data (including metadata) at the source location. At the end of the transfer, DataSync then compares this checksum to the checksum calculated on that data at the destination.
POINT_IN_TIME_CONSISTENT - At the end of the transfer, DataSync checks the entire source and destination to verify that both locations are fully synchronized.
NONE - DataSync performs data integrity checks only during your transfer. Unlike other options, there's no additional verification at the end of your transfer.
OverwriteMode (string) --
Specifies whether DataSync should modify or preserve data at the destination location.
ALWAYS (default) - DataSync modifies data in the destination location when source data (including metadata) has changed. If DataSync overwrites objects, you might incur additional charges for certain Amazon S3 storage classes (for example, for retrieval or early deletion). For more information, see Storage class considerations with Amazon S3 transfers.
NEVER - DataSync doesn't overwrite data in the destination location even if the source data has changed. You can use this option to protect against overwriting changes made to files or objects in the destination.
Atime (string) --
Specifies whether to preserve metadata indicating the last time a file was read or written to.
BEST_EFFORT (default) - DataSync attempts to preserve the original Atime attribute on all source files (that is, the version before the PREPARING steps of the task execution). This option is recommended.
NONE - Ignores Atime.
Mtime (string) --
Specifies whether to preserve metadata indicating the last time that a file was written to before the PREPARING step of your task execution. This option is required when you need to run the a task more than once.
PRESERVE (default) - Preserves original Mtime, which is recommended.
NONE - Ignores Mtime.
Uid (string) --
Specifies the POSIX user ID (UID) of the file's owner.
INT_VALUE (default) - Preserves the integer value of UID and group ID (GID), which is recommended.
NONE - Ignores UID and GID.
For more information, see Metadata copied by DataSync.
Gid (string) --
Specifies the POSIX group ID (GID) of the file's owners.
INT_VALUE (default) - Preserves the integer value of user ID (UID) and GID, which is recommended.
NONE - Ignores UID and GID.
For more information, see Understanding how DataSync handles file and object metadata.
PreserveDeletedFiles (string) --
Specifies whether files in the destination location that don't exist in the source should be preserved. This option can affect your Amazon S3 storage cost. If your task deletes objects, you might incur minimum storage duration charges for certain storage classes. For detailed information, see Considerations when working with Amazon S3 storage classes in DataSync.
PRESERVE (default) - Ignores such destination files, which is recommended.
REMOVE - Deletes destination files that aren’t present in the source.
PreserveDevices (string) --
Specifies whether DataSync should preserve the metadata of block and character devices in the source location and recreate the files with that device name and metadata on the destination. DataSync copies only the name and metadata of such devices.
NONE (default) - Ignores special devices (recommended).
PRESERVE - Preserves character and block device metadata. This option currently isn't supported for Amazon EFS.
PosixPermissions (string) --
Specifies which users or groups can access a file for a specific purpose such as reading, writing, or execution of the file.
For more information, see Understanding how DataSync handles file and object metadata.
PRESERVE (default) - Preserves POSIX-style permissions, which is recommended.
NONE - Ignores POSIX-style permissions.
BytesPerSecond (integer) --
Limits the bandwidth used by a DataSync task. For example, if you want DataSync to use a maximum of 1 MB, set this value to 1048576 ( =1024*1024).
TaskQueueing (string) --
Specifies whether your transfer tasks should be put into a queue during certain scenarios when running multiple tasks. This is ENABLED by default.
LogLevel (string) --
Specifies the type of logs that DataSync publishes to a Amazon CloudWatch Logs log group. To specify the log group, see CloudWatchLogGroupArn.
BASIC - Publishes logs with only basic information (such as transfer errors).
TRANSFER - Publishes logs for all files or objects that your DataSync task transfers and performs data-integrity checks on.
OFF - No logs are published.
TransferMode (string) --
Specifies whether DataSync transfers only the data (including metadata) that differs between locations following an initial copy or transfers all data every time you run the task. If you're planning on recurring transfers, you might only want to transfer what's changed since your previous task execution.
CHANGED (default) - After your initial full transfer, DataSync copies only the data and metadata that differs between the source and destination location.
ALL - DataSync copies everything in the source to the destination without comparing differences between the locations.
SecurityDescriptorCopyFlags (string) --
Specifies which components of the SMB security descriptor are copied from source to destination objects.
This value is only used for transfers between SMB and Amazon FSx for Windows File Server locations or between two FSx for Windows File Server locations. For more information, see Understanding how DataSync handles file and object metadata.
OWNER_DACL (default) - For each copied object, DataSync copies the following metadata:
The object owner.
NTFS discretionary access control lists (DACLs), which determine whether to grant access to an object. DataSync won't copy NTFS system access control lists (SACLs) with this option.
OWNER_DACL_SACL - For each copied object, DataSync copies the following metadata:
The object owner.
NTFS discretionary access control lists (DACLs), which determine whether to grant access to an object.
SACLs, which are used by administrators to log attempts to access a secured object. Copying SACLs requires granting additional permissions to the Windows user that DataSync uses to access your SMB location. For information about choosing a user with the right permissions, see required permissions for SMB, FSx for Windows File Server, or FSx for ONTAP (depending on the type of location in your transfer).
NONE - None of the SMB security descriptor components are copied. Destination objects are owned by the user that was provided for accessing the destination location. DACLs and SACLs are set based on the destination server’s configuration.
ObjectTags (string) --
Specifies whether you want DataSync to PRESERVE object tags (default behavior) when transferring between object storage systems. If you want your DataSync task to ignore object tags, specify the NONE value.
Excludes (list) --
A list of filter rules that exclude specific data during your transfer. For more information and examples, see Filtering data transferred by DataSync.
(dict) --
Specifies which files, folders, and objects to include or exclude when transferring files from source to destination.
FilterType (string) --
The type of filter rule to apply. DataSync only supports the SIMPLE_PATTERN rule type.
Value (string) --
A single filter string that consists of the patterns to include or exclude. The patterns are delimited by "|" (that is, a pipe), for example: /folder1|/folder2
Includes (list) --
A list of filter rules that include specific data during your transfer. For more information and examples, see Filtering data transferred by DataSync.
(dict) --
Specifies which files, folders, and objects to include or exclude when transferring files from source to destination.
FilterType (string) --
The type of filter rule to apply. DataSync only supports the SIMPLE_PATTERN rule type.
Value (string) --
A single filter string that consists of the patterns to include or exclude. The patterns are delimited by "|" (that is, a pipe), for example: /folder1|/folder2
ManifestConfig (dict) --
The configuration of the manifest that lists the files or objects to transfer. For more information, see Specifying what DataSync transfers by using a manifest.
Action (string) --
Specifies what DataSync uses the manifest for.
Format (string) --
Specifies the file format of your manifest. For more information, see Creating a manifest.
Source (dict) --
Specifies the manifest that you want DataSync to use and where it's hosted.
S3 (dict) --
Specifies the S3 bucket where you're hosting your manifest.
ManifestObjectPath (string) --
Specifies the Amazon S3 object key of your manifest. This can include a prefix (for example, prefix/my-manifest.csv).
BucketAccessRoleArn (string) --
Specifies the Identity and Access Management (IAM) role that allows DataSync to access your manifest. For more information, see Providing DataSync access to your manifest.
S3BucketArn (string) --
Specifies the Amazon Resource Name (ARN) of the S3 bucket where you're hosting your manifest.
ManifestObjectVersionId (string) --
Specifies the object version ID of the manifest that you want DataSync to use. If you don't set this, DataSync uses the latest version of the object.
StartTime (datetime) --
The time that DataSync sends the request to start the task execution. For non-queued tasks, LaunchTime and StartTime are typically the same. For queued tasks, LaunchTime is typically later than StartTime because previously queued tasks must finish running before newer tasks can begin.
EstimatedFilesToTransfer (integer) --
The number of files, objects, and directories that DataSync expects to transfer over the network. This value is calculated while DataSync prepares the transfer.
How this gets calculated depends primarily on your task’s transfer mode configuration:
If TranserMode is set to CHANGED - The calculation is based on comparing the content of the source and destination locations and determining the difference that needs to be transferred. The difference can include:
Anything that's added or modified at the source location.
Anything that's in both locations and modified at the destination after an initial transfer (unless OverwriteMode is set to NEVER).
(Basic task mode only) The number of items that DataSync expects to delete (if PreserveDeletedFiles is set to REMOVE).
If TranserMode is set to ALL - The calculation is based only on the items that DataSync finds at the source location.
EstimatedBytesToTransfer (integer) --
The number of logical bytes that DataSync expects to write to the destination location.
FilesTransferred (integer) --
The number of files, objects, and directories that DataSync actually transfers over the network. This value is updated periodically during your task execution when something is read from the source and sent over the network.
If DataSync fails to transfer something, this value can be less than EstimatedFilesToTransfer. In some cases, this value can also be greater than EstimatedFilesToTransfer. This element is implementation-specific for some location types, so don't use it as an exact indication of what's transferring or to monitor your task execution.
BytesWritten (integer) --
The number of logical bytes that DataSync actually writes to the destination location.
BytesTransferred (integer) --
The number of bytes that DataSync sends to the network before compression (if compression is possible). For the number of bytes transferred over the network, see BytesCompressed.
BytesCompressed (integer) --
The number of physical bytes that DataSync transfers over the network after compression (if compression is possible). This number is typically less than BytesTransferred unless the data isn't compressible.
Result (dict) --
The result of the task execution.
PrepareDuration (integer) --
The time in milliseconds that your task execution was in the PREPARING step. For more information, see Task execution statuses.
For Enhanced mode tasks, the value is always 0. For more information, see How DataSync prepares your data transfer.
PrepareStatus (string) --
The status of the PREPARING step for your task execution. For more information, see Task execution statuses.
TotalDuration (integer) --
The time in milliseconds that your task execution ran.
TransferDuration (integer) --
The time in milliseconds that your task execution was in the TRANSFERRING step. For more information, see Task execution statuses.
For Enhanced mode tasks, the value is always 0. For more information, see How DataSync transfers your data.
TransferStatus (string) --
The status of the TRANSFERRING step for your task execution. For more information, see Task execution statuses.
VerifyDuration (integer) --
The time in milliseconds that your task execution was in the VERIFYING step. For more information, see Task execution statuses.
For Enhanced mode tasks, the value is always 0. For more information, see How DataSync verifies your data's integrity.
VerifyStatus (string) --
The status of the VERIFYING step for your task execution. For more information, see Task execution statuses.
ErrorCode (string) --
An error that DataSync encountered during your task execution. You can use this information to help troubleshoot issues.
ErrorDetail (string) --
The detailed description of an error that DataSync encountered during your task execution. You can use this information to help troubleshoot issues.
TaskReportConfig (dict) --
The configuration of your task report, which provides detailed information about for your DataSync transfer. For more information, see Creating a task report.
Destination (dict) --
Specifies the Amazon S3 bucket where DataSync uploads your task report. For more information, see Task reports.
S3 (dict) --
Specifies the Amazon S3 bucket where DataSync uploads your task report.
Subdirectory (string) --
Specifies a bucket prefix for your report.
S3BucketArn (string) --
Specifies the ARN of the S3 bucket where DataSync uploads your report.
BucketAccessRoleArn (string) --
Specifies the Amazon Resource Name (ARN) of the IAM policy that allows DataSync to upload a task report to your S3 bucket. For more information, see Allowing DataSync to upload a task report to an Amazon S3 bucket.
OutputType (string) --
Specifies the type of task report that you want:
SUMMARY_ONLY: Provides necessary details about your task, including the number of files, objects, and directories transferred and transfer duration.
STANDARD: Provides complete details about your task, including a full list of files, objects, and directories that were transferred, skipped, verified, and more.
ReportLevel (string) --
Specifies whether you want your task report to include only what went wrong with your transfer or a list of what succeeded and didn't.
ERRORS_ONLY: A report shows what DataSync was unable to transfer, skip, verify, and delete.
SUCCESSES_AND_ERRORS: A report shows what DataSync was able and unable to transfer, skip, verify, and delete.
ObjectVersionIds (string) --
Specifies whether your task report includes the new version of each object transferred into an S3 bucket. This only applies if you enable versioning on your bucket. Keep in mind that setting this to INCLUDE can increase the duration of your task execution.
Overrides (dict) --
Customizes the reporting level for aspects of your task report. For example, your report might generally only include errors, but you could specify that you want a list of successes and errors just for the files that DataSync attempted to delete in your destination location.
Transferred (dict) --
Specifies the level of reporting for the files, objects, and directories that DataSync attempted to transfer.
ReportLevel (string) --
Specifies whether your task report includes errors only or successes and errors.
For example, your report might mostly include only what didn't go well in your transfer ( ERRORS_ONLY). At the same time, you want to verify that your task filter is working correctly. In this situation, you can get a list of what files DataSync successfully skipped and if something transferred that you didn't to transfer ( SUCCESSES_AND_ERRORS).
Verified (dict) --
Specifies the level of reporting for the files, objects, and directories that DataSync attempted to verify at the end of your transfer.
ReportLevel (string) --
Specifies whether your task report includes errors only or successes and errors.
For example, your report might mostly include only what didn't go well in your transfer ( ERRORS_ONLY). At the same time, you want to verify that your task filter is working correctly. In this situation, you can get a list of what files DataSync successfully skipped and if something transferred that you didn't to transfer ( SUCCESSES_AND_ERRORS).
Deleted (dict) --
Specifies the level of reporting for the files, objects, and directories that DataSync attempted to delete in your destination location. This only applies if you configure your task to delete data in the destination that isn't in the source.
ReportLevel (string) --
Specifies whether your task report includes errors only or successes and errors.
For example, your report might mostly include only what didn't go well in your transfer ( ERRORS_ONLY). At the same time, you want to verify that your task filter is working correctly. In this situation, you can get a list of what files DataSync successfully skipped and if something transferred that you didn't to transfer ( SUCCESSES_AND_ERRORS).
Skipped (dict) --
Specifies the level of reporting for the files, objects, and directories that DataSync attempted to skip during your transfer.
ReportLevel (string) --
Specifies whether your task report includes errors only or successes and errors.
For example, your report might mostly include only what didn't go well in your transfer ( ERRORS_ONLY). At the same time, you want to verify that your task filter is working correctly. In this situation, you can get a list of what files DataSync successfully skipped and if something transferred that you didn't to transfer ( SUCCESSES_AND_ERRORS).
FilesDeleted (integer) --
The number of files, objects, and directories that DataSync actually deletes in your destination location. If you don't configure your task to delete data in the destination that isn't in the source, the value is always 0.
FilesSkipped (integer) --
The number of files, objects, and directories that DataSync skips during your transfer.
FilesVerified (integer) --
The number of files, objects, and directories that DataSync verifies during your transfer.
ReportResult (dict) --
Indicates whether DataSync generated a complete task report for your transfer.
Status (string) --
Indicates whether DataSync is still working on your report, created a report, or can't create a complete report.
ErrorCode (string) --
Indicates the code associated with the error if DataSync can't create a complete report.
ErrorDetail (string) --
Provides details about issues creating a report.
EstimatedFilesToDelete (integer) --
The number of files, objects, and directories that DataSync expects to delete in your destination location. If you don't configure your task to delete data in the destination that isn't in the source, the value is always 0.
TaskMode (string) --
The task mode that you're using. For more information, see Choosing a task mode for your data transfer.
FilesPrepared (integer) --
The number of objects that DataSync will attempt to transfer after comparing your source and destination locations.
This counter isn't applicable if you configure your task to transfer all data. In that scenario, DataSync copies everything from the source to the destination without comparing differences between the locations.
FilesListed (dict) --
The number of objects that DataSync finds at your locations.
AtSource (integer) --
The number of objects that DataSync finds at your source location.
With a manifest, DataSync lists only what's in your manifest (and not everything at your source location).
With an include filter, DataSync lists only what matches the filter at your source location.
With an exclude filter, DataSync lists everything at your source location before applying the filter.
AtDestinationForDelete (integer) --
The number of objects that DataSync finds at your destination location. This counter is only applicable if you configure your task to delete data in the destination that isn't in the source.
FilesFailed (dict) --
The number of objects that DataSync fails to prepare, transfer, verify, and delete during your task execution.
Prepare (integer) --
The number of objects that DataSync fails to prepare during your task execution.
Transfer (integer) --
The number of objects that DataSync fails to transfer during your task execution.
Verify (integer) --
The number of objects that DataSync fails to verify during your task execution.
Delete (integer) --
The number of objects that DataSync fails to delete during your task execution.
LaunchTime (datetime) --
The time that the task execution actually begins. For non-queued tasks, LaunchTime and StartTime are typically the same. For queued tasks, LaunchTime is typically later than StartTime because previously queued tasks must finish running before newer tasks can begin.
EndTime (datetime) --
The time that the transfer task ends.
{'AuthenticationType': {'NONE'},
'CmkSecretConfig': {'KmsKeyArn': 'string', 'SecretArn': 'string'},
'CustomSecretConfig': {'SecretAccessRoleArn': 'string', 'SecretArn': 'string'}}
Modifies the following configurations of the Microsoft Azure Blob Storage transfer location that you're using with DataSync.
For more information, see Configuring DataSync transfers with Azure Blob Storage.
See also: AWS API Documentation
Request Syntax
client.update_location_azure_blob(
LocationArn='string',
Subdirectory='string',
AuthenticationType='SAS'|'NONE',
SasConfiguration={
'Token': 'string'
},
BlobType='BLOCK',
AccessTier='HOT'|'COOL'|'ARCHIVE',
AgentArns=[
'string',
],
CmkSecretConfig={
'SecretArn': 'string',
'KmsKeyArn': 'string'
},
CustomSecretConfig={
'SecretArn': 'string',
'SecretAccessRoleArn': 'string'
}
)
string
[REQUIRED]
Specifies the ARN of the Azure Blob Storage transfer location that you're updating.
string
Specifies path segments if you want to limit your transfer to a virtual directory in your container (for example, /my/images).
string
Specifies the authentication method DataSync uses to access your Azure Blob Storage. DataSync can access blob storage using a shared access signature (SAS).
dict
Specifies the SAS configuration that allows DataSync to access your Azure Blob Storage.
Token (string) -- [REQUIRED]
Specifies a SAS token that provides permissions to access your Azure Blob Storage.
The token is part of the SAS URI string that comes after the storage resource URI and a question mark. A token looks something like this:
sp=r&st=2023-12-20T14:54:52Z&se=2023-12-20T22:54:52Z&spr=https&sv=2021-06-08&sr=c&sig=aBBKDWQvyuVcTPH9EBp%2FXTI9E%2F%2Fmq171%2BZU178wcwqU%3D
string
Specifies the type of blob that you want your objects or files to be when transferring them into Azure Blob Storage. Currently, DataSync only supports moving data into Azure Blob Storage as block blobs. For more information on blob types, see the Azure Blob Storage documentation.
string
Specifies the access tier that you want your objects or files transferred into. This only applies when using the location as a transfer destination. For more information, see Access tiers.
list
(Optional) Specifies the Amazon Resource Name (ARN) of the DataSync agent that can connect with your Azure Blob Storage container. If you are setting up an agentless cross-cloud transfer, you do not need to specify a value for this parameter.
You can specify more than one agent. For more information, see Using multiple agents for your transfer.
(string) --
dict
Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed KMS key.
SecretArn (string) --
Specifies the ARN for the DataSync-managed Secrets Manager secret that that is used to access a specific storage location. This property is generated by DataSync and is read-only. DataSync encrypts this secret with the KMS key that you specify for KmsKeyArn.
KmsKeyArn (string) --
Specifies the ARN for the customer-managed KMS key that DataSync uses to encrypt the DataSync-managed secret stored for SecretArn. DataSync provides this key to Secrets Manager.
dict
Specifies configuration information for a customer-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed KMS key.
SecretArn (string) --
Specifies the ARN for an Secrets Manager secret.
SecretAccessRoleArn (string) --
Specifies the ARN for the Identity and Access Management role that DataSync uses to access the secret specified for SecretArn.
dict
Response Syntax
{}
Response Structure
(dict) --
{'CmkSecretConfig': {'KmsKeyArn': 'string', 'SecretArn': 'string'},
'CustomSecretConfig': {'SecretAccessRoleArn': 'string', 'SecretArn': 'string'}}
Modifies the following configuration parameters of the object storage transfer location that you're using with DataSync.
For more information, see Configuring DataSync transfers with an object storage system.
See also: AWS API Documentation
Request Syntax
client.update_location_object_storage(
LocationArn='string',
ServerPort=123,
ServerProtocol='HTTPS'|'HTTP',
Subdirectory='string',
ServerHostname='string',
AccessKey='string',
SecretKey='string',
AgentArns=[
'string',
],
ServerCertificate=b'bytes',
CmkSecretConfig={
'SecretArn': 'string',
'KmsKeyArn': 'string'
},
CustomSecretConfig={
'SecretArn': 'string',
'SecretAccessRoleArn': 'string'
}
)
string
[REQUIRED]
Specifies the ARN of the object storage system location that you're updating.
integer
Specifies the port that your object storage server accepts inbound network traffic on (for example, port 443).
string
Specifies the protocol that your object storage server uses to communicate.
string
Specifies the object prefix for your object storage server. If this is a source location, DataSync only copies objects with this prefix. If this is a destination location, DataSync writes all objects with this prefix.
string
Specifies the domain name or IP version 4 (IPv4) address of the object storage server that your DataSync agent connects to.
string
Specifies the access key (for example, a user name) if credentials are required to authenticate with the object storage server.
string
Specifies the secret key (for example, a password) if credentials are required to authenticate with the object storage server.
list
(Optional) Specifies the Amazon Resource Names (ARNs) of the DataSync agents that can connect with your object storage system. If you are setting up an agentless cross-cloud transfer, you do not need to specify a value for this parameter.
(string) --
bytes
Specifies a certificate chain for DataSync to authenticate with your object storage system if the system uses a private or self-signed certificate authority (CA). You must specify a single .pem file with a full certificate chain (for example, file:///home/user/.ssh/object_storage_certificates.pem).
The certificate chain might include:
The object storage system's certificate
All intermediate certificates (if there are any)
The root certificate of the signing CA
You can concatenate your certificates into a .pem file (which can be up to 32768 bytes before base64 encoding). The following example cat command creates an object_storage_certificates.pem file that includes three certificates:
cat object_server_certificate.pem intermediate_certificate.pem ca_root_certificate.pem > object_storage_certificates.pem
To use this parameter, configure ServerProtocol to HTTPS.
Updating this parameter doesn't interfere with tasks that you have in progress.
dict
Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed KMS key.
SecretArn (string) --
Specifies the ARN for the DataSync-managed Secrets Manager secret that that is used to access a specific storage location. This property is generated by DataSync and is read-only. DataSync encrypts this secret with the KMS key that you specify for KmsKeyArn.
KmsKeyArn (string) --
Specifies the ARN for the customer-managed KMS key that DataSync uses to encrypt the DataSync-managed secret stored for SecretArn. DataSync provides this key to Secrets Manager.
dict
Specifies configuration information for a customer-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed KMS key.
SecretArn (string) --
Specifies the ARN for an Secrets Manager secret.
SecretAccessRoleArn (string) --
Specifies the ARN for the Identity and Access Management role that DataSync uses to access the secret specified for SecretArn.
dict
Response Syntax
{}
Response Structure
(dict) --