AWS::DataSync::Agent - AWS CloudFormation


The AWS::DataSync::Agent resource activates an AWS DataSync agent that you've deployed for storage discovery or data transfers. The activation process associates the agent with your AWS account.

For more information, see the following topics in the AWS DataSync User Guide:


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::DataSync::Agent", "Properties" : { "ActivationKey" : String, "AgentName" : String, "SecurityGroupArns" : [ String, ... ], "SubnetArns" : [ String, ... ], "Tags" : [ Tag, ... ], "VpcEndpointId" : String } }


Type: AWS::DataSync::Agent Properties: ActivationKey: String AgentName: String SecurityGroupArns: - String SubnetArns: - String Tags: - Tag VpcEndpointId: String



Specifies your DataSync agent's activation key. If you don't have an activation key, see Activating your agent.

Required: No

Type: String

Pattern: [A-Z0-9]{5}(-[A-Z0-9]{5}){4}

Maximum: 29

Update requires: Replacement


Specifies a name for your agent. We recommend specifying a name that you can remember.

Required: No

Type: String

Pattern: ^[a-zA-Z0-9\s+=._:@/-]+$

Minimum: 0

Maximum: 256

Update requires: No interruption


The Amazon Resource Names (ARNs) of the security groups used to protect your data transfer task subnets. See SecurityGroupArns.

Pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\-0-9]*:[0-9]{12}:security-group/.*$

Required: No

Type: Array of String

Maximum: 128

Update requires: Replacement


Specifies the ARN of the subnet where your VPC service endpoint is located. You can only specify one ARN.

Required: No

Type: Array of String

Maximum: 128

Update requires: Replacement


Specifies labels that help you categorize, filter, and search for your AWS resources. We recommend creating at least one tag for your agent.

Required: No

Type: Array of Tag

Maximum: 50

Update requires: No interruption


The ID of the virtual private cloud (VPC) endpoint that the agent has access to. This is the client-side VPC endpoint, powered by AWS PrivateLink. If you don't have an AWS PrivateLink VPC endpoint, see AWS PrivateLink and VPC endpoints in the Amazon VPC User Guide.

For more information about activating your agent in a private network based on a VPC, see Using AWS DataSync in a Virtual Private Cloud in the AWS DataSync User Guide.

A VPC endpoint ID looks like this: vpce-01234d5aff67890e1.

Required: No

Type: String

Pattern: ^vpce-[0-9a-f]{17}$

Update requires: Replacement

Return values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the agent Amazon Resource Name (ARN). For example:


For more information about using the Ref function, see Ref.


The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.


The Amazon Resource Name (ARN) of the agent. Use the ListAgents operation to return a list of agents for your account and AWS Region.


The type of endpoint that your agent is connected to. If the endpoint is a VPC endpoint, the agent is not accessible over the public internet.


DataSync Agent

The following example specifies a DataSync agent named MyAgent. The agent activation key is included in the template.


{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Specifies a DataSync agent", "Resources": { "Agent": { "Type": "AWS::DataSync::Agent", "Properties": { "ActivationKey": "AAAAA-7AAAA-GG7MC-3I9R3-27COD", "AgentName": "MyAgent" } } } }


AWSTemplateFormatVersion: 2010-09-09 Description: Specifies a DataSync agent Resources: Agent: Type: AWS::DataSync::Agent Properties: ActivationKey: AAAAA-7AAAA-GG7MC-3I9R3-27COD AgentName: MyAgent