EasyManua.ls Logo

AWS Storage Gateway - File Share Best Practices

AWS Storage Gateway
438 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
AWS Storage Gateway User Guide
File Share Best Practices
Status Meaning
UNAVAILABLE The file share is in an unhealthy state. Certain issues can cause the file share
to go into an unhealthy state. For example, role policy errors can cause this,
or if the file share maps to an Amazon S3 bucket that doesn't exist. When
the issue that caused the unhealthy state is resolved, the file returns to
AVAILABLE state.
File Share Best Practices
In this section, you can find information about best practices for creating file shares.
Topics
Preventing Multiple File Shares Writing to Your Amazon S3 Bucket (p. 155)
Allowing Specific NFS Clients to Mount Your File Share (p. 155)
Preventing Multiple File Shares Writing to Your Amazon S3
Bucket
When you create a file share, we recommend that you configure your Amazon S3 bucket so that only
one file share can write to it. If you configure your S3 bucket to be written to by multiple file shares,
unpredictable results can occur. To prevent this, create an S3 bucket policy that denies all roles except
the role used for the file share to put or delete objects in the bucket. Then attach this policy to the S3
bucket.
The following example policy denies all roles except the role that created the bucket to write to the S3
bucket. The s3:DeleteObject and s3:PutObject actions are denied for all roles except "TestUser".
The policy applies to all objects in the "arn:aws:s3:::TestBucket/*" bucket.
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"DenyMultiWrite",
"Effect":"Deny",
"Principal":"*",
"Action":[
"s3:DeleteObject",
"s3:PutObject"
],
"Resource":"arn:aws:s3:::TestBucket/*",
"Condition":{
"StringNotLike":{
"aws:userid":"TestUser:*"
}
}
}
]
}
Allowing Specific NFS Clients to Mount Your File Share
We recommend that you change the allowed NFS client settings for your file share. If you don't, any
client on your network can mount your file share. For information about how to edit your NFS client
settings, see Editing Access Settings for Your NFS File Share (p. 150).
API Version 2013-06-30
155

Table of Contents