Creating, updating, removing file shares - Amazon FSx for Windows File Server
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Creating, updating, removing file shares

This topic describes how you can manage file shares by performing the following tasks.

  • Create a new file share

  • Modify an existing file share

  • Remove an existing file share

You can use the Windows-native Shared Folders GUI and the Amazon FSx CLI for remote management on PowerShell to manage file shares on your FSx for Windows File Server file system. You might experience delays when using the Shared Folder GUI (fsmgmt.msc) when first opening the context menu for shares located on a different file system. To avoid these delays, use PowerShell to manage file shares that are located on multiple file systems.

Note that there are rules and limitations required for all file systems supported by Windows on the names of files and directories. To ensure that you can successfully create and access your data, you should name your files and directories according to these Windows guidelines. For more information, see Naming Conventions.

Warning

Amazon FSx requires that the SYSTEM user has Full control NTFS ACL permissions on every folder on which you create an SMB file share. Do not change the NTFS ACL permissions for this user on your folders, as doing so can make your file shares inaccessible.

To manage file shares on your Amazon FSx file system, you can use the Shared Folders GUI. The Shared Folders GUI provides a central location for managing all shared folders on a Windows server. The following procedures describe how to manage your file shares.

To connect shared folders to your FSx for Windows File Server file system
  1. Launch your Amazon EC2 instance and connect it to the Microsoft Active Directory that your Amazon FSx file system is joined to. To do this, choose one of the following procedures from the Amazon Directory Service Administration Guide:

  2. Connect to your instance as a user that is a member of the file system administrators group. In Amazon Managed Microsoft Active Directory, this group is called Amazon Delegated FSx Administrators. In your self-managed Microsoft Active Directory, this group is called Domain Admins or the custom name for the administrators group that you provided during creation. For more information, see Connect to your Windows instance in the Amazon Elastic Compute Cloud User Guide for Windows Instances.

  3. Open the Start menu and run fsmgmt.msc using Run As Administrator. Doing this opens the Shared Folders GUI tool.

  4. For Action, choose Connect to another computer.

  5. For Another computer, enter the Domain Name System (DNS) name for your Amazon FSx file system, for example amznfsxabcd0123.corp.example.com.

    To find your file system's DNS name on the Amazon FSx console, choose File systems, choose your file system, and then check the Network & Security section of the file system details page. You can also get the DNS name in the response of the DescribeFileSystems API operation.

  6. Choose OK. An entry for your Amazon FSx file system then appears in the list for the Shared Folders tool.

Now that Shared Folders is connected to your Amazon FSx file system, you can manage the Windows file shares on the file system. The default share is called \share. You can do so with the following actions:

  • Create a new file share – In the Shared Folders tool, choose Shares in the left pane to see the active shares for your Amazon FSx file system. Choose New Share and complete the Create a Shared Folder wizard.

    You have to create the local folder prior to creating the new file share. You can do so as follows:

    • Using the Shared Folders tool: click on "Browse" when specifying local folder path and click on "Make new folder" to create the local folder.

    • Using command line:

      New-Item -Type Directory -Path \\amznfsxabcd0123.corp.example.com\D$\share\MyNewShare
  • Modify a file share – In the Shared Folders tool, open the context (right-click) menu for the file share that you want to modify in the right pane, and choose Properties. Modify the properties and choose OK.

  • Remove a file share – In the Shared Folders tool, open the context (right-click) menu for the file share that you want to remove in the right pane, and then choose Stop Sharing.

    Note

    For Single-AZ 2 and Multi-AZ file systems, removing file shares or modifying file shares (including updating permissions, user limits, and other properties) using the Shared Folders GUI tool is possible only if you connect to fsmgmt.msc using the DNS Name of the Amazon FSx file system. The Shared Folders GUI tool does not support these actions if you connect using the IP address or DNS alias name of the file system.

    Note

    If you are using the fsmgmt.msc Shared Folders GUI tool to access shares located on multiple FSx for Windows File Server file systems, you may experience delays when first opening the file share context menu for a share that is located on a different file system. To avoid these delays, you can manage file shares using PowerShell as described below.

You can manage file shares using custom FSx for Windows File Server remote-management commands for PowerShell. These commands can help you to automate managing file share tasks such as:

  • Migrating file shares from existing file servers to Amazon FSx

  • Synchronizing file shares across Amazon Web Services Regions for disaster recovery

  • Programmatically managing ongoing file shares workflows, such as team file-share provisioning

To learn how to use the Amazon FSx CLI for remote management on PowerShell, see Using the Amazon FSx CLI for PowerShell.

The following table lists the Amazon FSx CLI remote management PowerShell commands that you can use to manage file shares on FSx for Windows File Server file systems.

Share Management Command Description

New-FSxSmbShare

Creates a new file share.

Remove-FSxSmbShare

Removes a file share.

Get-FSxSmbShare

Retrieves existing file shares.

Set-FSxSmbShare

Sets properties for a share.

Get-FSxSmbShareAccess

Retrieves the access control list (ACL) of a share.

Grant-FSxSmbShareAccess

Adds an allow access control entry (ACE) for a trustee to the security descriptor of a share.

Revoke-FSxSmbShareAccess

Removes all of the allow ACEs for a trustee from the security descriptor of a share.

Block-FSxSmbShareAccess

Adds a deny ACE for a trustee to the security descriptor of a share.

Unblock-FSxSmbShareAccess

Removes all of the deny ACEs for a trustee from the security descriptor of a share.

The online help for each command provides a reference of all command options. To access this help, run the command with a -?, for example New-FSxSmbShare -?.

Passing credentials to New-FSxSmbShare

You can pass credentials to New-FSxSmbShare so that you can run it in a loop to create hundreds or thousands of shares without having to re-enter credentials each time.

Prepare the credential object required to create the file shares on your FSx for Windows File Server file server using one of the following options.

  • To generate the credential object interactively, use the following command.

    $credential = Get-Credential
  • To generate the credential object using an Amazon Secrets Manager resource, use the following command.

    $credential = ConvertFrom-Json -InputObject (Get-SECSecretValue -SecretId $AdminSecret).SecretString $FSxAdminUserCredential = (New-Object PSCredential($credential.UserName,(ConvertTo-SecureString $credential.Password -AsPlainText -Force)))

You can create continuously available (CA) shares using the Amazon FSx CLI for Remote Management on PowerShell. CA shares created on an FSx for Windows File Server Multi-AZ file system are highly durable and highly available. An Amazon FSx Single-AZ file system is built on a single node cluster. As a result, CA shares created on a Single-AZ file system are highly durable, but are not highly available. Use the New-FSxSmbShare command with the -ContinuouslyAvailable option set to $True to specify that the share is a continuously available share. The following is an example command to create a CA share.

New-FSxSmbShare -Name "New CA Share" -Path "D:\share\new-share" -Description "CA share" -ContinuouslyAvailable $True

You can modify the -ContinuouslyAvailable option on an existing file share using the Set-FSxSmbShare command.

Determine if an existing file share is continuously available

Use the following command to view the value of the Continuously Available property for an existing file share.

Invoke-Command -ComputerName powershell_endpoint -ConfigurationName FSxRemoteAdmin -scriptblock { get-fsxsmbshare -name share_name }

If CA is enabled, the output will include the following line:

[...] ContinuouslyAvailable : True [...]

If CA is not enabled, the output will include the following line:

[...] ContinuouslyAvailable : False [...]

To enable Continuously Available on an existing file share, use the following command:

Invoke-Command -ComputerName powershell_endpoint -ConfigurationName FSxRemoteAdmin -scriptblock { set-fsxsmbshare -name share_name -ContinuouslyAvailable $True}