AWS DataSync expands support for AWS Secrets Manager across all location types

AWS DataSync has broadened its integration with AWS Secrets Manager, now allowing for credential management across all types of locations. This includes the Hadoop Distributed File System (HDFS), Amazon FSx for Windows File Server, and Amazon FSx for NetApp ONTAP. Previously, the integration with Secrets Manager was limited to specific location types, necessitating the direct provision of credentials via the DataSync API or console.

This update enables the centralization of credential management through Secrets Manager for all DataSync locations, offering a uniform method for managing data transfer credentials. Users have the option to encrypt these credentials with a custom AWS KMS key, rather than the default AWS-owned key, aligning with organizational security and governance standards. Credentials are stored in the user’s account, allowing updates to be made independently of the DataSync service.

DataSync offers two methods for credential management. Users can supply a secret Amazon Resource Name (ARN) that references credentials managed within Secrets Manager, granting complete control over rotation, auditing, and access policies. Alternatively, DataSync can handle the creation and management of secrets automatically.

This feature is available in most AWS regions where AWS DataSync is operational. For a comprehensive list of supported regions, users can consult the AWS Capabilities tool in the Builder Center. To begin using this feature, users should visit the AWS DataSync console. More detailed information can be found in the AWS DataSync documentation under the section on managing credentials with AWS Secrets Manager.