Naming rules, restrictions, and limitations

Accessing your data using Amazon S3 access points

Amazon S3 access points simplify managing data access for any application or AWS service that works with Amazon S3. With S3 access points, users shared datasets, including data lakes, media archives, and user-generated content, can easily control and scale data access for hundreds of applications, teams, or individuals by creating individualized access points with names and permissions customized for each. You can use S3 access points to access file data stored on Amazon FSx file systems as if it were in Amazon S3, allowing you to use it with applications and services that work with Amazon S3 without application changes or moving data out of your file system. These access points are Amazon S3 endpoints that attach to Amazon FSx for NetApp ONTAP volumes.

S3 access points attached to FSx for ONTAP file volumes support read and write access to your file data using S3 object operations (for example, GetObject, PutObject, and ListObjectsV2) against an Amazon S3 endpoint.

Each S3 access point attached to an FSx for ONTAP file system has an AWS Identity and Access Management (IAM) access point policy and an associated UNIX or Windows file system user that is used to authorize all requests made through the access point. For each request, Amazon S3 first evaluates all the relevant policies, including those on the user, access point, S3 VPC Endpoint, and service control policies, to authorize the request. Once the request is authorized by Amazon S3, the request is then authorized by the file system, which evaluates whether the file system user associated with the S3 access point has permission to access to the data on the file system. You can configure an access point to accept requests only from a virtual private cloud (VPC) to restrict Amazon S3 data access to a private network. Amazon S3 enforces Block public access by default for all access points attached to an FSx for ONTAP volume, and you cannot modify or disable this setting. You use the Amazon FSx console, CLI, and API to create an S3 access point and attach it to an FSx for ONTAP volume. You can simultaneously access your file data from the S3 access point using the S3 API, and from clients using the Network File System (NFS) protocol and SMB protocol. Your data continues to reside on the FSx for Open NetApp ONTAP ZFS file system.

Amazon S3 access points for FSx for ONTAP file systems deliver latency in the tens of milliseconds range, consistent with Amazon S3 bucket access. Performance scales with your Amazon FSx file system's provisioned throughput, with maximum throughput and requests per second bound by your underlying Amazon FSx file system configuration. For more information about file system performance capabilities, see Performance for FSx for ONTAP

Naming rules, restrictions, and limitations

When creating an S3 access point you choose a name for it. The following topics provide information about S3 access point naming rules and restrictions and limitations.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Mounting on macOS clients

Provisioning iSCSI for Linux