AWS DataSync expands support for AWS Secrets Manager across all location types

AWS DataSync has announced expanded support for AWS Secrets Manager, enabling credential management across all location types, including the Hadoop Distributed File System (HDFS), Amazon FSx for Windows File Server, and Amazon FSx for NetApp ONTAP. Previously, this integration was available only for a limited range of location types, necessitating direct provision of credentials via the DataSync API or console.

This enhancement allows users to centralize credential management for all DataSync locations within Secrets Manager, facilitating a unified and consistent method for handling data transfers. Additionally, users have the option to encrypt credentials using their own AWS KMS key instead of the default AWS-owned key, aligning with organizational security requirements and governance policies. All secrets are securely stored in the user’s account, enabling independent credential updates without affecting the DataSync service.

DataSync offers two methods for credential management. Users can provide a secret Amazon Resource Name (ARN) that references credentials managed within Secrets Manager, granting full control over rotation, auditing, and access policies. Alternatively, DataSync can automatically create and manage secrets on the user’s behalf.

This new capability is available in most AWS regions where AWS DataSync is offered. For a comprehensive list of supported regions, users can refer to the AWS Capabilities tool in the Builder Center. To begin utilizing this feature, users should visit the AWS DataSync console. Further information can be found in the ‘Managing credentials with AWS Secrets Manager’ section of the AWS DataSync documentation.