Configure routing to access Multi-AZ file systems from outside your VPC - FSx for ONTAP
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Configure routing to access Multi-AZ file systems from outside your VPC

If you have a Multi-AZ file system with an EndpointIPAddressRange that's outside your VPC's CIDR range, you need to set up additional routing in your Amazon Transit Gateway to access your file system from peered or on-premises networks.

Important

To access a Multi-AZ file system using a Transit Gateway, each of the Transit Gateway's attachments must be created in a subnet whose route table is associated with your file system.

Note

No additional Transit Gateway configuration is required for Single-AZ file systems or Multi-AZ file systems with an EndpointIPAddressRange that's within your VPC's IP address range.

To configure routing using Amazon Transit Gateway

  1. Open the Amazon FSx console at https://console.amazonaws.cn/fsx/.

  2. Choose the FSx for ONTAP file system for which you are configuring access from a peered network.

  3. In Network & security copy the Endpoint IP address range.

  4. Add a route to Transit Gateway that routes traffic destined for this IP address range to your file system's VPC. For more information, see Work with transit gateways in the Amazon VPC Transit Gateways.

  5. Confirm that you can access your FSx for ONTAP file system from the peered network.

To add the route table to your file system, see Updating a file system.

Note

DNS records for the management, NFS, and SMB endpoints are only resolvable from within the same VPC as the file system. In order to mount a volume or connect to a management port from another network, you need to use the endpoint's IP address. These IP addresses do not change over time.