Limit client access for your NFS file share
We recommend editing the NFS client access settings to to define a list of specific client IP addresses or CIDR block ranges for NFS clients that are allowed to connect to your NFS file share. If you choose not to limit access, any client on your network can mount to your file share.
To limit client access for your NFS file share
Open the Storage Gateway console at https://console.aws.amazon.com/storagegateway/home
. -
Choose File shares from the navigation pane on the left side of the console page, and then choose the File share ID of the NFS file share that you want to edit.
-
From the Actions drop down menu, choose Edit file share access settings.
The Access object section displays a list of IP addresses and CIDR blocks that are currently allowed to connect to the NFS file share. If access is not currently limited, you will see an entry under Allowed clients for the 0.0.0.0/0 CIDR block, which indicates that all possible IPv4 addresses are allowed to connect.
-
Under Allowed clients, to the right of the 0.0.0.0/0 CIDR block, choose Remove.
-
Choose Add client, and then provide an IP address or address range in CIDR notation for the clients that you want to allow.
-
Repeat the previous step to add more IP addresses or ranges as necessary. If make a mistake or need to revoke access, you can choose Remove to the right of the IP address or range that you want to delete from the list.
-
Choose Save changes when finished.