AWS Storage Gateway
User Guide (API Version 2013-06-30)

Creating an SMB File Share

Creating an SMB accessible file share is a two-step process. Before you create an SMB file share, you configure the SMB settings for your file gateway for either Microsoft Active Directory (AD) or guest access. A file share can provide one type of SMB access only. After setting the authentication methods, you create your file share.

Note

An SMB file share doesn't operate correctly without the requisite ports open in your security group. For more information, see Port Requirements.

To configure your SMB file share for Microsoft Active Directory access

  1. Open the AWS Storage Gateway console at https://console.aws.amazon.com/storagegateway/home.

  2. Choose Gateways, and on the Gateway page, select the box next to the file gateway that you want to join to a domain.

  3. For Actions, choose Edit SMB Settings.

  4. For Microsoft Active Directory authentication, choose Join Domain,

  5. For Domain name, type your fully qualified domain name.

    Note

    You can use the AWS Directory Service to create a hosted Microsoft Active Directory domain service in the AWS Cloud.

  6. For Domain user, type your account name. Your account must be able to join a server to a domain.

  7. Type your account password into the Domain password text box.

  8. Choose Save to complete the authentication.

    A message at the top of the Gateways section of your console indicates that your gateway "Successfully joined domain."

    If the banner displays the message Invalid domain name/DNS name cannot be resolved, this indicates the the specific endpoint was not found. You might also see the error Invalid users/Invalid password, an authentication failure that you logon was not recognized by the domain service.

    The error message The gateway cannot connect to the specified domain may incidate that the user quota is exhausted. The default limit allows each user to join up to ten (10) systems to a domain. Another possible cause of this error is that the user did not have administrator privileges.

    Finally, an error that states The specified request timed out might indicate that there is a problem with your firewall rules not allowing access to the domain.

To configure your SMB file share for guest access

  1. Open the AWS Storage Gateway console at https://console.aws.amazon.com/storagegateway/home.

  2. Choose Gateways, and on the Gateway page, select the box next to the file gateway that you want to use for your guest file share.

  3. For Actions, choose Edit SMB Settings.

    The Edit SMB dialog box appears as shown in the following screenshot.

  4. Select Set guest password to enable guest access for your SMB file share.

    Note

    If you provide only guest access, your file gateway doesn't have to be part of an AD domain. You can also use a file gateway that is a member of your Microsoft AD domain to create file shares with guest access.

  5. For Guest password, type a password that meets your organization's security requirements.

  6. Choose Save to complete authentication.

    A message at the top of the Gateways section of your console indicates that your gateway now allows guest access.

In the next procedure, you create an SMB file share with either Microsoft Active Directory or guest access. Make sure that you define the SMB file share settings for your file gateway before performing the following steps.

To create an SMB file share

  1. Open the AWS Storage Gateway console at https://console.aws.amazon.com/storagegateway/home.

  2. On the navigation pane, choose Shares, select the file gateway that you want to use, and then choose Create file share.

  3. On the Configure file share settings page, for Amazon S3 bucket name, provide a name for an existing Amazon S3 bucket. You use this bucket for your gateway to store files in and retrieve

  4. For Access Objects using, choose Server Message Block (SMB).

  5. For Gateway, make sure that your gateway is chosen, and then choose Next.

    The Configure how files are stored in Amazon S3 page appears, as shown following.

  6. For Storage class for new objects, choose a storage class to use for new objects created in your Amazon S3 bucket:

    • Choose S3 Standard to store your frequently accessed object data redundantly in multiple Availability Zones that are geographically separated.

    • Choose S3 Standard-IA to store your infrequently accessed object data redundantly in multiple Availability Zones that are geographically separated.

    • Choose S3 One Zone-IA to store your infrequently accessed object data in a single Availability Zone.

    For more information, see Storage Classes in the Amazon Simple Storage Service Developer Guide.

  7. For Object metadata, choose the metadata you want to use:

    • Choose Guess MIME type to enable guessing of the MIME type for uploaded objects based on file extensions.

    • Choose Give bucket owner full control to give full control to the owner of the S3 bucket that maps to the file SMB file share. For more information on using your file share to access objects in a bucket owned by another account, see Using a File Share for Cross-Account Access.

    • Choose Enable requester pays if you are using this file share on a bucket that requires the requester or reader instead of bucket owner to pay for access charges. For more information, see Requester Pays Buckets.

  8. For Access to your bucket, choose the AWS Identity and Access Management (IAM) role that you want your gateway to use to access your Amazon S3 bucket. This role allows the gateway to access your S3 bucket. A file gateway can create a new IAM role and access policy on your behalf. Or, if you have an IAM role you want to use, you can specify it in the IAM role box and set up the access policy manually. For more information, see Granting Access to an Amazon S3 Bucket. For information about IAM roles, see IAM Roles in the IAM User Guide.

  9. Choose Next to review configuration settings for your SMB file share, as shown in the figure following.

  10. For Microsoft AD authentication, make sure that Active Directory appears for Select authentication method. Microsoft AD access is the default authentication method.

    Note

    For Microsoft AD access, your file gateway must be joined to a domain.

    For guest access, you must have set a guest access password.

    Both access types are available at the same time.

  11. Choose Read-write (the default) or Read-only. Choose Close to enforce your authentication settings.

  12. Review your file share configuration settings, and then choose Create file share.

    After your SMB file share is created, you can see your file share settings in its Details tab.

The preceding procedure creates a Microsoft Active Directory file share. Anyone with domain credentials can access this file share. To limit access to certain users and groups, see Editing Access Settings for Your SMB File Share.

Next Step

Mounting Your SMB File Share on Your Client