쿠키 기본 설정 선택

당사는 사이트와 서비스를 제공하는 데 필요한 필수 쿠키 및 유사한 도구를 사용합니다. 고객이 사이트를 어떻게 사용하는지 파악하고 개선할 수 있도록 성능 쿠키를 사용해 익명의 통계를 수집합니다. 필수 쿠키는 비활성화할 수 없지만 '사용자 지정' 또는 ‘거부’를 클릭하여 성능 쿠키를 거부할 수 있습니다.

사용자가 동의하는 경우 AWS와 승인된 제3자도 쿠키를 사용하여 유용한 사이트 기능을 제공하고, 사용자의 기본 설정을 기억하고, 관련 광고를 비롯한 관련 콘텐츠를 표시합니다. 필수가 아닌 모든 쿠키를 수락하거나 거부하려면 ‘수락’ 또는 ‘거부’를 클릭하세요. 더 자세한 내용을 선택하려면 ‘사용자 정의’를 클릭하세요.

Managing file system access with with Amazon VPC

포커스 모드
Managing file system access with with Amazon VPC - FSx for OpenZFS
이 페이지는 귀하의 언어로 번역되지 않았습니다. 번역 요청

You access your Amazon FSx for OpenZFS file systems and volumes using the file system's DNS name. The DNS name maps to the private IP address of the file system's elastic network interface in your VPC. Only resources within the associated VPC, or resources connected with the associated VPC by AWS Direct Connect or VPN, can access the data in your file system over the NFS protocol. For more information, see What is Amazon VPC? in the Amazon VPC User Guide.

Warning

You must not modify or delete the elastic network interface(s) associated with your file system. Modifying or deleting the network interface can cause a permanent loss of connection between your VPC and your file system.

Amazon VPC security groups

A security group acts as a virtual firewall for your FSx for OpenZFS file systems to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your file system, and outbound rules control the outgoing traffic from your file system. When you create a file system, you specify the VPC that it gets created in, and the default security group for that VPC is applied. You can add rules to each security group that allow traffic to or from its associated file systems and volumes. You can modify the rules for a security group at any time. New and modified rules are automatically applied to all resources that are associated with the security group. When Amazon FSx decides whether to allow traffic to reach a resource, it evaluates all of the rules from all of the security groups that are associated with the resource.

To use a security group to control access to your Amazon FSx file system, add inbound and outbound rules. Inbound rules control incoming traffic, and outbound rules control outgoing traffic from your file system. Make sure that you have the right network traffic rules in your security group to map your Amazon FSx file system's file share to a folder on your supported compute instance.

For more information on security group rules, see Security Group Rules in the Amazon EC2 User Guide.

Creating a VPC security group

To create a security group for Amazon FSx
  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2.

  2. In the navigation pane, choose Security Groups.

  3. Choose Create Security Group.

  4. Specify a name and description for the security group.

  5. For VPC, choose the Amazon VPC associated with your file system to create the security group within that VPC.

  6. Remove any outbound rules on the security group. FSx for OpenZFS file systems do not initiate outbound connections in your VPC.

  7. Add the following rules to the inbound ports of your security group.

    Protocol

    Ports

    Role

    TCP

    111

    Remote procedure call for NFS

    UDP 111 Remote procedure call for NFS

    TCP

    2049

    NFS server daemon

    UDP

    2049

    NFS server daemon

    TCP

    20001 - 20003

    NFS mount, status monitor, and lock daemon

    UDP

    20001 - 20003

    NFS mount, status monitor, and lock daemon

Disallow access to a file system

To temporarily disallow network access to your file system from all clients, you can remove all the security groups associated with your file system's elastic network interface(s) and replace them with a group that has no inbound/outbound rules.

이 페이지에서

프라이버시사이트 이용 약관쿠키 기본 설정
© 2025, Amazon Web Services, Inc. 또는 계열사. All rights reserved.