Getting Started with the Amazon FSx CLI for Remote Management on PowerShell
The Amazon FSx CLI for remote management on PowerShell enables file system administration for users in the file system administrators group. To start a remote PowerShell session on your Amazon FSx for Windows File Server file system, first meet the following prerequisites:
-
Be able to connect to a Windows compute instance that has network connectivity with your file system.
-
Be logged into the Windows compute instance as a member of the file system administrators group. In AWS Managed Microsoft AD, that group is AWS Delegated FSx Administrators. In your self-managed Microsoft AD, that group is Domain Admins or the custom group that you specified for administration when you created your file system. For more information, see Connecting to Your Windows Instance in the Amazon EC2 User Guide for Windows Instances.
-
Make sure that your file system's security group inbound rules allows traffic on port 5985.
Security and the CLI for Remote Management on PowerShell
The Amazon FSx CLI for Remote Management on PowerShell uses the following security features:
-
User logins are authenticated using Kerberos authentication.
-
Management session communications are encrypted using Kerberos.
Using the CLI for Remote Management on PowerShell
You have two options to run remote management commands on your Amazon FSx file
system. You can establish a long-running Remote PowerShell session and run the
commands inside the session. Or, you can use the Invoke-Command
to run
a single command or a single block of commands without establishing a long-running
Remote PowerShell session. If you want to set and pass variables as parameters to
the remote management command, you need to use Invoke-Command
.
For Multi-AZ file systems, you can only use the Amazon FSx CLI for Remote Management while the file system is on its preferred file server. For more information, see Availability and Durability: Single-AZ and Multi-AZ File Systems.
To run these commands, you must know the Windows Remote PowerShell Endpoint for your file system. To find this endpoint, follow these steps:
-
Open the Amazon FSx console at https://console.aws.amazon.com/fsx/
. -
Choose your file system. On the Network & security tab, locate the Windows Remote PowerShell Endpoint, as shown following.

To start a remote PowerShell session on your file system
-
Connect to a compute instance that has network connectivity with your file system as a user that is a member of the file system administrators group.
-
Open a Windows PowerShell window on the compute instance.
-
Use the following command to open the remote session on your Amazon FSx file system. Replace
with the Windows Remote PowerShell endpoint of file system that you want to administer.FSxFileSystem-Remote-PowerShell-Endpoint
PS C:\Users\delegateadmin>
enter-pssession -ComputerName
FSxFileSystem-Remote-PowerShell-Endpoint
-ConfigurationName FsxRemoteAdmin[fs-0123456789abcdef0]: PS>
You are prompted to enter user credentials in a pop-up.
You can also run Amazon FSx CLI for remote management CLI on PowerShell commands
on your file
system using the Invoke-Command
cmdlet, described following.
The following example illustrates the syntax
required when using the Invoke-Command
cmdlet to run PowerShell commands on an Amazon FSx for Windows File Server file system.
PS C:\Users\delegateadmin>
Invoke-Command -ComputerName amznfsxzzzzzzzz.corp.example.com -ConfigurationName FSxRemoteAdmin -scriptblock {
fsx-command
}