AWS::DataSync::LocationFSxONTAP SMB - AWS CloudFormation

AWS::DataSync::LocationFSxONTAP SMB

Specifies the Server Message Block (SMB) protocol configuration that AWS DataSync uses to access a storage virtual machine (SVM) on your Amazon FSx for NetApp ONTAP file system. For more information, see Accessing FSx for ONTAP file systems.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Domain" : String, "MountOptions" : SmbMountOptions, "Password" : String, "User" : String }

YAML

Domain: String MountOptions: SmbMountOptions Password: String User: String

Properties

Domain

Specifies the fully qualified domain name (FQDN) of the Microsoft Active Directory that your storage virtual machine (SVM) belongs to.

If you have multiple domains in your environment, configuring this setting makes sure that DataSync connects to the right SVM.

Required: No

Type: String

Pattern: ^([A-Za-z0-9]+[A-Za-z0-9-.]*)*[A-Za-z0-9-]*[A-Za-z0-9]$

Maximum: 253

Update requires: Replacement

MountOptions

Specifies how DataSync can access a location using the SMB protocol.

Required: Yes

Type: SmbMountOptions

Update requires: Replacement

Password

Specifies the password of a user who has permission to access your SVM.

Required: Yes

Type: String

Pattern: ^.{0,104}$

Maximum: 104

Update requires: Replacement

User

Specifies a user name that can mount the location and access the files, folders, and metadata that you need in the SVM.

If you provide a user in your Active Directory, note the following:

  • If you're using AWS Directory Service for Microsoft Active Directory, the user must be a member of the AWS Delegated FSx Administrators group.

  • If you're using a self-managed Active Directory, the user must be a member of either the Domain Admins group or a custom group that you specified for file system administration when you created your file system.

Make sure that the user has the permissions it needs to copy the data you want:

  • SE_TCB_NAME: Required to set object ownership and file metadata. With this privilege, you also can copy NTFS discretionary access lists (DACLs).

  • SE_SECURITY_NAME: May be needed to copy NTFS system access control lists (SACLs). This operation specifically requires the Windows privilege, which is granted to members of the Domain Admins group. If you configure your task to copy SACLs, make sure that the user has the required privileges. For information about copying SACLs, see Ownership and permissions-related options.

Required: Yes

Type: String

Pattern: ^[^\x5B\x5D\\/:;|=,+*?]{1,104}$

Maximum: 104

Update requires: Replacement