AWS::DataSync::LocationFSxONTAP SMB - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::DataSync::LocationFSxONTAP SMB

Specifies the Server Message Block (SMB) protocol configuration that Amazon DataSync uses to access a storage virtual machine (SVM) on your Amazon FSx for NetApp ONTAP file system. For more information, see Accessing FSx for ONTAP file systems.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "Domain" : String, "MountOptions" : SmbMountOptions, "Password" : String, "User" : String }


Domain: String MountOptions: SmbMountOptions Password: String User: String



Specifies the fully qualified domain name (FQDN) of the Microsoft Active Directory that your storage virtual machine (SVM) belongs to.

If you have multiple domains in your environment, configuring this setting makes sure that DataSync connects to the right SVM.

Required: No

Type: String

Pattern: ^([A-Za-z0-9]+[A-Za-z0-9-.]*)*[A-Za-z0-9-]*[A-Za-z0-9]$

Maximum: 253

Update requires: Replacement


Specifies how DataSync can access a location using the SMB protocol.

Required: Yes

Type: SmbMountOptions

Update requires: Replacement


Specifies the password of a user who has permission to access your SVM.

Required: Yes

Type: String

Pattern: ^.{0,104}$

Maximum: 104

Update requires: Replacement


Specifies a user name that can mount the location and access the files, folders, and metadata that you need in the SVM.

If you provide a user in your Active Directory, note the following:

  • If you're using Amazon Directory Service for Microsoft Active Directory, the user must be a member of the Amazon Delegated FSx Administrators group.

  • If you're using a self-managed Active Directory, the user must be a member of either the Domain Admins group or a custom group that you specified for file system administration when you created your file system.

Make sure that the user has the permissions it needs to copy the data you want:

  • SE_TCB_NAME: Required to set object ownership and file metadata. With this privilege, you also can copy NTFS discretionary access lists (DACLs).

  • SE_SECURITY_NAME: May be needed to copy NTFS system access control lists (SACLs). This operation specifically requires the Windows privilege, which is granted to members of the Domain Admins group. If you configure your task to copy SACLs, make sure that the user has the required privileges. For information about copying SACLs, see Ownership and permissions-related options.

Required: Yes

Type: String

Pattern: ^[^\x5B\x5D\\/:;|=,+*?]{1,104}$

Maximum: 104

Update requires: Replacement