Administering file systems
This chapter describes how to access the Amazon FSx CLI for remote management on PowerShell, and how to perform the available file system administrative tasks. You can also use the Microsoft Windows–native graphical user interface (GUI) to perform some administrative tasks.
Topics
- Using the Amazon FSx CLI for PowerShell
- Starting an Amazon FSx remote PowerShell session
- Managing DNS aliases
- Managing file shares on FSx for Windows File Server file systems
- File access auditing
- User sessions and open files
- Data deduplication
- Storage quotas
- Managing encryption in transit
- Managing storage configuration
- Managing throughput capacity
- Tag your Amazon FSx resources
- Working with Amazon FSx maintenance windows
- Best practices for administering Amazon FSx file systems
Using the Amazon FSx CLI for PowerShell
The Amazon FSx CLI for remote management on PowerShell enables file system administration for users in the file system administrators group. To start a remote PowerShell session on your FSx for Windows File Server file system, you first need to meet the following prerequisites:
-
Be able to connect to a Windows compute instance that has network connectivity with your FSx for Windows File Server file system.
-
Be logged into the Windows compute instance as a member of the file system administrators group. If you are using Amazon Managed Microsoft AD, that is the Amazon Delegated FSx Administrators group. If you are using a self-managed Microsoft Active Directory, that is the Domain Admins group or the custom group that you specified for administration when you created your file system. For more information, see Self-managed Active Directory best practices.
-
Your file system's VPC security group inbound rules allow traffic on port 5985.
The Amazon FSx CLI for remote management on PowerShell uses the following security features:
User credentials are authenticated using Kerberos authentication.
Management session communications between the connected client and file system are encrypted using Kerberos.
You have two options to run remote management CLI commands on your Amazon FSx file system:
You can establish a long-running Remote PowerShell session and run the commands inside the session.
You can use the
Invoke-Commandto run a single command or a single block of commands without establishing a long-running Remote PowerShell session.
If you want to set and pass variables as parameters to
the remote management command, you will need to use Invoke-Command.
Note
For Multi-AZ file systems, you can only use the Amazon FSx CLI for Remote Management while the file system is using its preferred file server. For more information, see Availability and durability: Single-AZ and Multi-AZ file systems.
You need to use the file system's Windows Remote PowerShell Endpoint
when using the Remote PowerShell. Using the Amazon Web Services Management Console, you can find the endpoint in the
Network & security tab, on the File system details page. Using the Amazon CLI
describe-file-systems command, the RemoteAdministrationEndpoint
property is returned in the response. The remote administration endpoint uses the format
amznfsxctlyaa1k., for example,
ActiveDirectory-DNS-nameamznfsxctlyaa1k.corp.example.com.
You can use the Get-Command cmdlet to get information
about the cmdlets, functions, and aliases available in PowerShell. For more information, see
the Microsoft
Get-Command
You can also run Amazon FSx CLI for remote management CLI on PowerShell commands on your file
system using the Invoke-Command cmdlet, using the following syntax.
PS C:\Users\delegateadmin>Invoke-Command -ComputerName amznfsxctlyaa1k.corp.example.com -ConfigurationName FSxRemoteAdmin -scriptblock {fsx-command}
For instructions on how to start a long-lived Remote PowerShell session on your FSx for Windows File Server files system, see Starting an Amazon FSx remote PowerShell session