Create an Amazon VPC endpoint - Amazon Storage Gateway
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon S3 File Gateway documentation has been moved to What is Amazon S3 File Gateway?

Volume Gateway documentation has been moved to What is Volume Gateway?

Tape Gateway documentation has been moved to What is Tape Gateway?

Create an Amazon VPC endpoint

This step is not a requirement for creating a Amazon FSx File Gateway. However, we recommend that you create a virtual private cloud (VPC) endpoint for Storage Gateway and activate your FSx File Gateway gateway through the VPC. Doing so creates a private connection between your VPC and Storage Gateway.

If you already have a VPC endpoint for Storage Gateway, you can use it for your FSx File Gateway. A single VPC endpoint that can support multiple gateways allows gateways deployed in your VPC to connect to the Storage Gateway service VPC. If you have already created a VPC endpoint for Storage Gateway, go to the next step, Create and activate an Amazon FSx File Gateway.

To create an Amazon VPC endpoint

  1. Open the Amazon Web Services Management Console at https://console.amazonaws.cn/vpc/home/, and choose the Amazon Region that you want to create your gateway in.

  2. In the left navigation pane, choose Endpoints, and then choose Create endpoint.

  3. On the Create endpoint page, choose Amazon services for Service category.

  4. For Service name, search for storagegateway. The Region will default to the Region that you are signed in to—for example, com.amazonaws.region.storagegateway. So if you are signed in to US East (Ohio), you would see com.amazonaws.us-east-2.storagegateway.

  5. For VPC, choose your VPC and note its Availability Zones and subnets.

  6. Verify that Enable Private DNS Name is not selected.

  7. For Security group, create a new security group to use with your VPC. Make sure that all of the following TCP ports are allowed in your security group:

    • TCP 1026

    • TCP 1027

    • TCP 1028

    • TCP 1031

    • TCP 2222

    Note

    The gateway uses these ports to communicate back to the Storage Gateway managed service. When you are using a VPC endpoint, the following ports must be open for inbound access from the IP address of your gateway.

  8. Choose Create endpoint. The initial state of the endpoint is Pending. When the endpoint is created, take note of the ID of the VPC endpoint that you just created.

    Note

    We recommend that you provide a name for this VPC endpoint, for example, StorageGatewayEndpoint.

  9. When the endpoint is created, choose Endpoints, and then choose the new VPC endpoint.

  10. In the DNS Names section, use the first Domain Name System (DNS) name that doesn't specify an Availability Zone. Your DNS name should look similar to the following:

    vpce-1234567e1c24a1fe9-62qntt8k.storagegateway.us-east-1.vpce.amazonaws.com

    Note

    This DNS name will resolve to the Storage Gateway endpoint private IP addresses that are allocated in your VPC.

  11. Review the list of ports that must be opened on your firewall.

Now that you have created a VPC endpoint, you can create your FSx File Gateway.

Next step

Create and activate an Amazon FSx File Gateway