![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 27%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 13%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPV%3C/text%3E%3C/svg%3E)
Hello Harn(Au) Thonglertwong! Welcome to Microsoft QnA portal and thanks for posting your query here.
Following are the answers for your queries.
- What is AWS IR? Is there documentation on how to install it?
AWS IR in Microsoft Purview refers to a fully managed integration runtime that runs in AWS, provisioned by Microsoft Purview for scanning AWS-native data sources. You do not set up or install AWS IR yourself—it is automatically managed and provisioned by Microsoft internally when you configure supported AWS sources in Purview.
As it is already mentioned in the Documentation you have read**:** The article "Choose the right integration runtime configuration for your scenario" (see Types of integration runtimes) states:
- “The AWS integration runtime is a fully managed and elastic compute hosted by Microsoft Purview in AWS. It's applicable when scanning Amazon data sources like S3, RDS.”
So, you cannot install or deploy AWS IR on your own infrastructure. There is no downloadable package or manual deployment for AWS IR.
If AWS IR is available for your scenario, it appears as an option in the data source configuration in the Purview portal.
- How can I connect Purview to AWS S3 privately?
According to the "Supported data sources" table, AWS S3 is supported only using Azure IR or AWS IR—neither of which supports creating a private, VPC-bound connection to S3 from your own network.
Azure IR and AWS IR are both managed by Microsoft; they scan S3 with public endpoints—private S3 access (such as via VPC Endpoints/gateways or over private networks) is not supported at this time.
As of now, you cannot use SHIR or Kubernetes SHIR to connect to S3 for private scanning in Microsoft Purview.
Reference: Choose the right integration runtime – Supported Data Sources Table
- What choice do I have to connect Purview to Redshift privately? Can I use AWS IR instead of Kubernetes SHIR?
- For Amazon Redshift, the supported IRs are:
- Azure IR
- AWS IR
- Kubernetes supported SHIR (Self-Hosted Integration Runtime on Kubernetes)
If you need a private connection to Redshift where the scanning happens within your VPC (for example, using a VPC endpoint or private subnet), you must use Kubernetes supported SHIR. This IR can be deployed by you, within your own AWS VPC, so it can access Redshift privately.
AWS IR and Azure IR only support public endpoint access for Redshift. They do not support scanning Amazon Redshift over a private network/VPC.
You cannot use AWS IR for private Redshift access, only for scanning public Redshift clusters.
References:
Choose the right integration runtime – Supported Data Sources Table
Kubernetes supported SHIR - Learn how to install and configurePlease do a Upvote if the response provided is useful, so that you can help others in the community looking for remediation for similar issues.
Thanks
Pratyush