Creating, updating, removing file shares
This topic describes how you can manage file shares by performing the following tasks.
-
Create a new file share
-
Modify an existing file share
-
Remove an existing file share
You can use the Windows-native Shared Folders GUI and the Amazon FSx CLI for remote management on PowerShell to manage file shares on your FSx for Windows File Server file system. You might experience delays when using the Shared Folder GUI (fsmgmt.msc) when first opening the context menu for shares located on a different file system. To avoid these delays, use PowerShell to manage file shares that are located on multiple file systems.
Note that there are rules and limitations required for all file systems supported by Windows on the names of files and directories.
To ensure that you can successfully create and access your data, you should name your files and directories according to these Windows guidelines.
For more information, see Naming Conventions
Warning
Amazon FSx requires that the SYSTEM user has Full control NTFS ACL permissions on every folder on which you create an SMB file share. Do not change the NTFS ACL permissions for this user on your folders, as doing so can make your file shares inaccessible.
To manage file shares on your Amazon FSx file system, you can use the Shared Folders GUI. The Shared Folders GUI provides a central location for managing all shared folders on a Windows server. The following procedures describe how to manage your file shares.
To connect shared folders to your FSx for Windows File Server file system
-
Launch your Amazon EC2 instance and connect it to the Microsoft Active Directory that your Amazon FSx file system is joined to. To do this, choose one of the following procedures from the AWS Directory Service Administration Guide:
-
Connect to your instance as a user that is a member of the file system administrators group. In AWS Managed Microsoft Active Directory, this group is called AWS Delegated FSx Administrators. In your self-managed Microsoft Active Directory, this group is called Domain Admins or the custom name for the administrators group that you provided during creation. For more information, see Connect to your Windows instance in the Amazon Elastic Compute Cloud User Guide for Windows Instances.
-
Open the Start menu and run fsmgmt.msc using Run As Administrator. Doing this opens the Shared Folders GUI tool.
-
For Action, choose Connect to another computer.
-
For Another computer, enter the Domain Name System (DNS) name for your Amazon FSx file system, for example
amznfsxabcd0123.corp.example.com
.To find your file system's DNS name on the Amazon FSx console, choose File systems, choose your file system, and then check the Network & Security section of the file system details page. You can also get the DNS name in the response of the DescribeFileSystems API operation.
-
Choose OK. An entry for your Amazon FSx file system then appears in the list for the Shared Folders tool.
Now that Shared Folders is connected to your Amazon FSx file system, you can manage the
Windows file shares on the file system. The default share is called \share
.
You can do so with the following actions:
-
Create a new file share – In the Shared Folders tool, choose Shares in the left pane to see the active shares for your Amazon FSx file system. Choose New Share and complete the Create a Shared Folder wizard.
You have to create the local folder prior to creating the new file share. You can do so as follows:
Using the Shared Folders tool: click on "Browse" when specifying local folder path and click on "Make new folder" to create the local folder.
Using command line:
New-Item -Type Directory -Path \\
amznfsxabcd0123.corp.example.com
\D$\share\MyNewShare
-
Modify a file share – In the Shared Folders tool, open the context (right-click) menu for the file share that you want to modify in the right pane, and choose Properties. Modify the properties and choose OK.
-
Remove a file share – In the Shared Folders tool, open the context (right-click) menu for the file share that you want to remove in the right pane, and then choose Stop Sharing.
Note
For Single-AZ 2 and Multi-AZ file systems, removing file shares or modifying file shares (including updating permissions, user limits, and other properties) using the Shared Folders GUI tool is possible only if you connect to fsmgmt.msc using the DNS Name of the Amazon FSx file system. The Shared Folders GUI tool does not support these actions if you connect using the IP address or DNS alias name of the file system.
Note
If you are using the fsmgmt.msc Shared Folders GUI tool to access shares located on multiple FSx for Windows File Server file systems, you may experience delays when first opening the file share context menu for a share that is located on a different file system. To avoid these delays, you can manage file shares using PowerShell as described below.
You can manage file shares using custom FSx for Windows File Server remote-management commands for PowerShell. These commands can help you to automate managing file share tasks such as:
-
Migrating file shares from existing file servers to Amazon FSx
-
Synchronizing file shares across AWS Regions for disaster recovery
-
Programmatically managing ongoing file shares workflows, such as team file-share provisioning
To learn how to use the Amazon FSx CLI for remote management on PowerShell, see Using the Amazon FSx CLI for PowerShell.
The following table lists the Amazon FSx CLI remote management PowerShell commands that you can use to manage file shares on FSx for Windows File Server file systems.
Share Management Command | Description |
---|---|
New-FSxSmbShare |
Creates a new file share. |
Remove-FSxSmbShare |
Removes a file share. |
Get-FSxSmbShare |
Retrieves existing file shares. |
Set-FSxSmbShare |
Sets properties for a share. |
Get-FSxSmbShareAccess |
Retrieves the access control list (ACL) of a share. |
Grant-FSxSmbShareAccess |
Adds an allow access control entry (ACE) for a trustee to the security descriptor of a share. |
Revoke-FSxSmbShareAccess |
Removes all of the allow ACEs for a trustee from the security descriptor of a share. |
Block-FSxSmbShareAccess |
Adds a deny ACE for a trustee to the security descriptor of a share. |
Unblock-FSxSmbShareAccess |
Removes all of the deny ACEs for a trustee from the security descriptor of a share. |
The online help for each command provides a reference of all command options. To
access this help, run the command with a -?
, for example
New-FSxSmbShare -?
.
Passing credentials to New-FSxSmbShare
You can pass credentials to New-FSxSmbShare so that you can run it in a loop to create hundreds or thousands of shares without having to re-enter credentials each time.
Prepare the credential object required to create the file shares on your FSx for Windows File Server file server using one of the following options.
To generate the credential object interactively, use the following command.
$credential = Get-Credential
To generate the credential object using an AWS Secrets Manager resource, use the following command.
$credential = ConvertFrom-Json -InputObject (Get-SECSecretValue -SecretId $AdminSecret).SecretString $FSxAdminUserCredential = (New-Object PSCredential($credential.UserName,(ConvertTo-SecureString $credential.Password -AsPlainText -Force)))
You can create continuously available (CA) shares
using the Amazon FSx CLI for Remote Management on PowerShell.
CA shares created on an FSx for Windows File Server Multi-AZ file system are highly durable and highly available.
An Amazon FSx Single-AZ file system is built on a single node cluster. As a result, CA shares created on a
Single-AZ file system are highly durable, but are not highly available.
Use the New-FSxSmbShare
command with the -ContinuouslyAvailable
option set to $True
to specify
that the share is a continuously available share. The following is an example command to create a CA share.
New-FSxSmbShare -Name "New CA Share" -Path "D:\share\new-share" -Description "CA share" -ContinuouslyAvailable $True
You can modify the -ContinuouslyAvailable
option on an existing file share using the Set-FSxSmbShare
command.
Determine if an existing file share is continuously available
Use the following command to view the value of the Continuously Available property for an existing file share.
Invoke-Command -ComputerName
powershell_endpoint
-ConfigurationName FSxRemoteAdmin -scriptblock { get-fsxsmbshare -nameshare_name
}
If CA is enabled, the output will include the following line:
[...] ContinuouslyAvailable : True [...]
If CA is not enabled, the output will include the following line:
[...] ContinuouslyAvailable : False [...]
To enable Continuously Available on an existing file share, use the following command:
Invoke-Command -ComputerName
powershell_endpoint
-ConfigurationName FSxRemoteAdmin -scriptblock { set-fsxsmbshare -nameshare_name
-ContinuouslyAvailable $True}