Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Next up in the FabCon + SQLCon recap series: The roadmap for Microsoft SQL and Maximizing Developer experiences in Fabric. All sessions are available on-demand after the live show. Register now

Reply
dmct
New Member

Does ADF Managed VNet with Azure IR Connect to Amazon S3 via Public Internet?

‎01-29-2025 04:22 AM

Hi everyone,

I'm using Azure Data Factory (ADF) with a Managed Virtual Network (VNet) and the Azure Integration Runtime (IR) to connect to Amazon S3. I want to ensure that my data transfer does not traverse the public internet for security reasons.

Could someone please confirm:

  1. If the data transfer between ADF and Amazon S3 goes through the public internet in this setup?
  2. What configurations or settings are required to ensure the data transfer remains within the Microsoft backbone network?
  3. Any best practices or additional considerations to secure the data transfer?

Thank you for your assistance!

Labels:
Message 1 of 3
1,177 Views
0
1 ACCEPTED SOLUTION
nilendraFabric
Super User
Super User

‎01-29-2025 10:06 AM

 

enabling Managed VNet alone does not guarantee that traffic to external services like Amazon S3 stays off the public internet.

 

Quoted from MS doc :

 

Network security

"By default, ADF transfers data from Amazon S3 to Azure Blob Storage or Azure Data Lake Storage Gen2 using encrypted connection over HTTPS protocol. HTTPS provides data encryption in transit and prevents eavesdropping and man-in-the-middle attacks.

Alternatively, if you don't want data to be transferred over public Internet, you can achieve higher security by transferring data over a private peering link between AWS Direct Connect and Azure Express Route. Refer to the solution architecture in the next section on how this can be achieved."


A great articles covering all aspects of your question:

 

https://learn.microsoft.com/en-us/azure/data-factory/data-migration-guidance-s3-azure-storage

 

nilendraFabric_0-1738173993453.png

 

 



If this helps please accept the solution.

 

Thanks

 

View solution in original post

Message 2 of 3
1,136 Views
2 REPLIES 2
dmct
New Member

‎01-30-2025 05:01 AM

Thank-you for reply @nilendraFabric 
That's the article I was looking for and never found it. 

Message 3 of 3
1,108 Views
nilendraFabric
Super User
Super User

‎01-29-2025 10:06 AM

 

enabling Managed VNet alone does not guarantee that traffic to external services like Amazon S3 stays off the public internet.

 

Quoted from MS doc :

 

Network security

"By default, ADF transfers data from Amazon S3 to Azure Blob Storage or Azure Data Lake Storage Gen2 using encrypted connection over HTTPS protocol. HTTPS provides data encryption in transit and prevents eavesdropping and man-in-the-middle attacks.

Alternatively, if you don't want data to be transferred over public Internet, you can achieve higher security by transferring data over a private peering link between AWS Direct Connect and Azure Express Route. Refer to the solution architecture in the next section on how this can be achieved."


A great articles covering all aspects of your question:

 

https://learn.microsoft.com/en-us/azure/data-factory/data-migration-guidance-s3-azure-storage

 

nilendraFabric_0-1738173993453.png

 

 



If this helps please accept the solution.

 

Thanks

 

Message 2 of 3
1,137 Views

Helpful resources

Announcements
FabCon and SQLCon Highlights Carousel

FabCon &SQLCon Highlights

Experience the highlights from FabCon & SQLCon, available live and on-demand starting April 14th.

New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

March Fabric Update Carousel

Fabric Monthly Update - March 2026

Check out the March 2026 Fabric update to learn about new features.

View All