Managing your Amazon FSx File Gateway resources - Amazon Storage Gateway
Gateway statusUnderstanding file system statusEdit basic gateway informationEditing Active Directory settings for n FSx File GatewayEditing settings for an Amazon FSx file systemDetaching an Amazon FSx file system
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon S3 File Gateway documentation has been moved to What is Amazon S3 File Gateway?

Volume Gateway documentation has been moved to What is Volume Gateway?

Tape Gateway documentation has been moved to What is Tape Gateway?

Managing your Amazon FSx File Gateway resources

The following sections provide information about how to manage your Amazon FSx File Gateway (FSx File Gateway) resources, including attaching and detaching Amazon FSx file systems, and configuring Microsoft Active Directory settings.

Understanding gateway status

Each gateway in your Amazon Storage Gateway deployment has an associated status that tells you at a glance what the health of the gateway is. Most of the time, the status indicates that the gateway is functioning normally and that no action is needed on your part. In some cases, the status indicates a problem that might or might not require action on your part.

You can see the status for each gateway in your deployment on the Gateways page of the Storage Gateway console. The gateway status appears in the Status column next to the name of the gateway. A gateway that is functioning normally has a status of RUNNING.

In the following table, you can find a description of each gateway status, and whether you should act based on the status. A gateway should have RUNNING status all or most of the time it's in use.

Status Meaning
RUNNING

The gateway is configured properly and is available to use.
OFFLINE

Your gateway might be in an OFFLINE status for one or more of the following reasons:

  • The gateway can't reach the Storage Gateway service endpoints.

  • The gateway had an unexpected shutdown.

  • The gateway has an associated cache disk that is disconnected, has been modified, or has failed.

Understanding file system status

You can view the health of a file system at a glance by looking at its status. If the status indicates that the file system is functioning normally, no action is needed on your part. If the status indicates that there's a problem, you can investigate to determine whether action could be required.

You can view a file system's status on the Storage Gateway console in the Status column. A file system that's functioning properly shows a status of AVAILABLE. This should be the status most of the time.

The following table describes file share statuses, what they mean, and whether action might be required.

Status Meaning
AVAILABLE

The file system is configured properly and is available to use. This is the standard status for a file system that's working properly.
CREATING

The file system is not yet fully created and is not ready for use. The CREATING status is transitional. No action is required. If the file system gets stuck in this status, it's probably because the gateway VM lost connection to Amazon.
UPDATING

The file system configuration is currently updating. The UPDATING status is transitional. No action is required. If a file system gets stuck in this status, it's probably because the gateway VM lost connection to Amazon.
DELETING

The file system is being deleted. The file system is not deleted until all data is uploaded to Amazon. The DELETING status is transitional, and no action is required.
FORCE_DELETING

The file system is being deleted forcibly. The file system is deleted immediately and data is not uploaded to Amazon. The FORCE_DELETING status is transitional, and no action is required.
ERROR

The file system is in an unhealthy state. Action is required. Some possible causes include problems with access credentials or privileges, connectivity issues, or insufficient storage space on the file system. When the issue that caused the unhealthy state is resolved, the file system returns to a status of AVAILABLE.

Edit basic information for an FSx File Gateway

You can use the Storage Gateway console to edit basic information for an existing gateway, including the gateway name, time zone, and CloudWatch log group.

To edit basic information for an existing gateway

  1. Open the Storage Gateway console at https://console.amazonaws.cn/storagegateway/home.

  2. Choose Gateways, then choose the gateway for which you want to edit basic information.

  3. From the Actions dropdown menu, choose Edit gateway information.

  4. For Gateway name, enter a name for your gateway. You can search for this name to find your gateway on the list pages in the Storage Gateway console.

    Note

    Gateway names must be between 2 and 255 characters, and cannot include a slash (\ or /).

    Changing a gateway's name will disconnect any CloudWatch alarms set up to monitor the gateway. To reconnect the alarms, update the GatewayName for each alarm in the CloudWatch console.

  5. For Gateway time zone, choose the local time zone for the part of the world where you want to deploy your gateway.

  6. For Choose how to set up log group, choose how to set up Amazon CloudWatch Logs to monitor the health of your gateway. You can choose from the following options:

    • Create a new log group – Set up a new log group to monitor your gateway.

    • Use an existing log group – Choose an existing log group from the corresponding dropdown list.

    • Deactivate logging – Do not use Amazon CloudWatch Logs to monitor your gateway.

  7. When you finish modifying the settings you want to change, choose Save changes.

Editing Active Directory settings for n FSx File Gateway

To use your corporate Microsoft Active Directory or Amazon Managed Microsoft AD for user authenticated access to your Amazon FSx file system, edit the SMB settings for your gateway and provide your Active Directory domain credentials. Doing this allows your gateway to join your Active Directory domain and allows members of the domain to access the file system.

Note

Using Amazon Directory Service, you can create a hosted Active Directory domain service in the Amazon Web Services Cloud.

To use Amazon Managed Microsoft AD with an Amazon EC2 gateway, you must create the Amazon EC2 instance in the same VPC as the Amazon Managed Microsoft AD, add the _workspaceMembers security group to the Amazon EC2 instance, and join the AD domain using the Admin credentials from the Amazon Managed Microsoft AD.

For more information about Amazon Managed Microsoft AD, see the Amazon Directory Service Administration Guide.

For more information about Amazon EC2, see the Amazon Elastic Compute Cloud Documentation.

To turn on Active Directory authentication

  1. Open the Storage Gateway console at https://console.amazonaws.cn/storagegateway/home.

  2. Choose Gateways, then choose the gateway for which you want to edit SMB settings.

  3. From the Actions drop-down menu, choose Edit SMB settings, then choose Active Directory settings.

  4. For Domain name, enter the name of the Active Directory domain you want your gateway to join.

    Note

    Active Directory status shows Detached when a gateway has never joined a domain.

    Your Active Directory service account must have the requisite permissions. For more information, see Active Directory service account permission requirements.

    Joining a domain creates an Active Directory computer account in the default computers container (which is not an OU), using the gateway's Gateway ID as the account name (for example, SGW-1234ADE). It is not possible to customize the name of this account.

    If your Active Directory environment requires that you pre-stage accounts to facilitate the join domain process, you will need to create this account ahead of time.

    If your Active Directory environment has a designated OU for new computer objects, you must specify that OU when joining the domain.

    If your gateway can't join an Active Directory directory, try joining with the directory's IP address by using the JoinDomain API operation.

  5. For Domain user and Domain password, enter the credentials for the Active Directory service account that the gateway will use to join the domain.

  6. (Optional) For Organization unit (OU), enter the designated OU that your Active Directory uses for new computer objects.

  7. (Optional) For Domain controller(s) (DC), enter the name of one or more DCs through which your gateway will connect to Active Directory. You can enter multiple DCs as a comma-separated list. You can leave this field blank to allow DNS to automatically select a DC.

  8. Choose Save changes.

Editing settings for an Amazon FSx file system

After creating an Amazon FSx for Windows File Server file system, you can edit settings for CloudWatch logs, automated cache refresh, and Amazon FSx service account credentials.

To edit Amazon FSx file system settings

  1. Open the Storage Gateway console at https://console.amazonaws.cn/storagegateway/home.

  2. In the navigation pane, choose File system, and choose the file system whose settings you want to edit.

  3. For Actions, choose Edit file system settings.

  4. In the file system settings section, verify the gateway, Amazon FSx location, and IP address information.

    Note

    You cannot edit a file system's IP address after it is attached to a gateway. To change the IP address, you must detach and reattach the file system.

  5. In the Audit logs section, choose an option to use CloudWatch log groups to monitor access to Amazon FSx file systems. You can use an existing log group.

  6. For Automated cache refresh settings, choose an option. If you choose Set refresh interval, set the time in days, hours, and minutes to refresh the file system's cache using Time To Live (TTL).

    TTL is the length of time since the last refresh. When the directory is accessed after that length of time, the File Gateway refreshes that directory's contents from the Amazon FSx file system.

    Note

    Valid refresh interval values are between 5 minutes and 30 days.

  7. In the Service account settings - optional section, enter a user name and a Password. These credentials are for a user that has the Backup Administrator role from the Active Directory service associated with your Amazon FSx file systems.

  8. Choose Save changes.

Detaching an Amazon FSx file system

Detaching a file system doesn't delete your data in FSx for Windows File Server. Data that is written to these the file systems before you detach them will still be uploaded to your FSx for Windows File Server.

To detach an Amazon FSx file system

  1. Open the Storage Gateway console at https://console.amazonaws.cn/storagegateway/home.

  2. Choose FSx file systems, then select one or more file systems to detach.

  3. For Actions, choose Detach file system. The confirmation dialog box appears.

  4. Verify that you want to detach the specified file systems, then type the word detach in the confirmation box and choose Detach.