Creating a new data broker in AWS

When you create a new data broker group, choose Amazon Web Services to deploy the data broker software on a new EC2 instance in a VPC. BlueXP copy and sync guides you through the installation process, but the requirements and steps are repeated on this page to help you prepare for installation.

You also have the option to install the data broker on an existing Linux host in the cloud or on your premises. Learn more.

Supported AWS regions

All regions are supported except for the China regions.

Root privileges

The data broker software automatically runs as root on the Linux host. Running as root is a requirement for data broker operations. For example, to mount shares.

Networking requirements

  • The data broker needs an outbound internet connection so it can poll the BlueXP copy and sync service for tasks over port 443.

    When BlueXP copy and sync deploys the data broker in AWS, it creates a security group that enables the required outbound communication. Note that you can configure the data broker to use a proxy server during the installation process.

    If you need to limit outbound connectivity, see the list of endpoints that the data broker contacts.

  • NetApp recommends configuring the source, target, and data broker to use a Network Time Protocol (NTP) service. The time difference between the three components should not exceed 5 minutes.

Permissions required to deploy the data broker in AWS

The AWS user account that you use to deploy the data broker must have the permissions included in this NetApp-provided policy.

Requirements to use your own IAM role with the AWS data broker

When BlueXP copy and sync deploys the data broker, it creates an IAM role for the data broker instance. You can deploy the data broker using your own IAM role, if you prefer. You might use this option if your organization has strict security policies.

The IAM role must meet the following requirements:

Follow the steps below to specify the IAM role when deploying the data broker.

Creating the data broker

There are a few ways to create a new data broker. These steps describe how to install a data broker in AWS when creating a sync relationship.

  1. Click Create New Sync.

  2. On the Define Sync Relationship page, choose a source and target and click Continue.

    Complete the steps until you reach the Data Broker Group page.

  3. On the Data Broker Group page, click Create Data Broker and then select Amazon Web Services.

    A screenshot of the Data Broker page that enables you to choose between an AWS, Azure, Google Cloud, and On-Prem data broker.

  4. Enter a name for the data broker and click Continue.

  5. Enter an AWS access key so BlueXP copy and sync can create the data broker in AWS on your behalf.

    The keys aren’t saved or used for any other purposes.

    If you’d rather not provide access keys, click the link at the bottom of the page to use a CloudFormation template instead. When you use this option, you don’t need to provide credentials because you are logging in directly to AWS.

    The following video shows how to launch the data broker instance using a CloudFormation template:

  6. If you entered an AWS access key, select a location for the instance, select a key pair, choose whether to enable a public IP address, and select an existing IAM role, or leave the field blank so BlueXP copy and sync creates the role for you. You also have the option of encrypting your data broker using a KMS key.

    If you choose your own IAM role, you’ll need to provide the required permissions.

    A screenshot of the information that you need to provide when deploying a data broker in AWS.

  7. Specify a proxy configuration, if a proxy is required for internet access in the VPC.

  8. After the data broker is available, click Continue in BlueXP copy and sync.

    The following image shows a successfully deployed instance in AWS:

    This screenshot shows a successfully deployed instance. The interface shows details about the instance including AWS networking.

  9. Complete the pages in the wizard to create the new sync relationship.


You have deployed a data broker in AWS and created a new sync relationship. You can use this data broker group with additional sync relationships.

Details about the data broker instance

BlueXP copy and sync creates a data broker in AWS using the following configuration.

Instance type

m5n.xlarge when available in the region, otherwise m5.xlarge




16 GB

Operating system

Amazon Linux 2023

Disk size and type