FSx for Windows
cloudformation template microsoftad.yml for AWS managed AD
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
KeyWord:
Type: String
DirectoryName:
Type: String
Subnet1:
Type: AWS::EC2::Subnet::Id
Subnet2:
Type: AWS::EC2::Subnet::Id
VPC:
Type: AWS::EC2::VPC::Id
Resources:
MicrosoftAD:
Type: AWS::DirectoryService::MicrosoftAD
Properties:
Name: !Ref DirectoryName
Edition: Standard
Password: '{{resolve:ssm-secure:test-directory-password:1}}'
VpcSettings:
SubnetIds:
- !Ref Subnet1
- !Ref Subnet2
VpcId: !Ref VPC
Outputs:
MicrosoftAD:
Value: !Ref MicrosoftAD
MicrosoftADDns:
Value: !Join
- ','
- !GetAtt MicrosoftAD.DnsIpAddresses
cloudformation template fsx.yml for FSx for Windows
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
KeyWord:
Type: String
MicrosoftAD:
Type: String
VPC:
Type: AWS::EC2::VPC::Id
Subnet1:
Type: AWS::EC2::Subnet::Id
Subnet2:
Type: AWS::EC2::Subnet::Id
SecurityGroupWeb:
Type: AWS::EC2::SecurityGroup::Id
Resources:
SecurityGroupFSx:
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref VPC
GroupName: !Sub ${KeyWord}_SecurityGroupFSx
GroupDescription: 'FSx for windows securitygroup'
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 445
ToPort: 445
SourceSecurityGroupId: !Ref SecurityGroupWeb
- IpProtocol: tcp
FromPort: 5985
ToPort: 5985
SourceSecurityGroupId: !Ref SecurityGroupWeb
Tags:
- Key: Name
Value: !Sub ${KeyWord}_SecurityGroupFSx
FSxForWindows:
Type: 'AWS::FSx::FileSystem'
Properties:
FileSystemType: WINDOWS
StorageCapacity: 32
StorageType: SSD
SubnetIds:
- !Ref Subnet1
- !Ref Subnet2
SecurityGroupIds:
- !Ref SecurityGroupFSx
Tags:
- Key: Name
Value: !Sub ${KeyWord}_FSx_for_windows
WindowsConfiguration:
ActiveDirectoryId: !Ref MicrosoftAD
DeploymentType: MULTI_AZ_1
PreferredSubnetId: !Ref Subnet1
ThroughputCapacity: 8
Outputs:
FSxForWindows:
Value: !Ref FSxForWindows
SecurityGroupFSx:
Value: !Ref SecurityGroupFSx
FSxForWindowsDNSName:
Value: !GetAtt FSxForWindows.DNSName
cloudformation parent template parent_fsx.yml
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
KeyWord:
Default: nestedstacktest
Type: String
DirectoryName:
Default: mydirectory.example.com
Type: String
Resources:
MicrosoftAD:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: microsoftad.yml
Parameters:
KeyWord : !Ref KeyWord
VPC: !ImportValue mystack-Vpc
Subnet1: !ImportValue mystack-PublicSubnet1
Subnet2: !ImportValue mystack-PublicSubnet2
DirectoryName: !Ref DirectoryName
FSx:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: fsx.yml
Parameters:
KeyWord : !Ref KeyWord
VPC: !ImportValue mystack-Vpc
Subnet1: !ImportValue mystack-PublicSubnet1
Subnet2: !ImportValue mystack-PublicSubnet2
SecurityGroupWeb: !ImportValue mystack-SecurityGroupPub
MicrosoftAD: !GetAtt MicrosoftAD.Outputs.MicrosoftAD
Outputs:
MicrosoftAD:
Value: !GetAtt MicrosoftAD.Outputs.MicrosoftAD
MicrosoftADDns:
Value: !GetAtt MicrosoftAD.Outputs.MicrosoftADDns
SecurityGroupFSx:
Value: !GetAtt FSx.Outputs.SecurityGroupFSx
FSxForWindows:
Value: !GetAtt FSx.Outputs.FSxForWindows
FSxForWindowsDNSName:
Value: !GetAtt FSx.Outputs.FSxForWindowsDNSName
Makefile
template_file=parent_fsx.yml
package_file=parent_fsx_packaged.yml
stack_name=testfsx
bucket_name=mybucketname
validate:
aws cloudformation validate-template --template-body file://microsoftad.yml
aws cloudformation validate-template --template-body file://fsx.yml
aws cloudformation validate-template --template-body file://parent_fsx.yml
$(package_file):
aws cloudformation package --template-file $(template_file) --s3-bucket $(bucket_name) --output-template-file $(package_file)
package: $(package_file)
build: $(package_file)
aws cloudformation deploy --template-file $(package_file) --stack-name $(stack_name) --tags Name=testnestedstack --capabilities CAPABILITY_IAM
events:
aws cloudformation describe-stack-events --stack-name $(stack_name)
describe:
aws cloudformation describe-stacks --stack-name $(stack_name)
delete:
aws cloudformation delete-stack --stack-name $(stack_name)
clean:
rm $(package_file)
mount FSx for Windows on ubuntu server
we can check address for mount point ip address
$ dig <access point dns name> +short @<dns of your directory>
check whether you can mount your file system
$ sudo apt update && sudo apt install -y cifs-utils
$ sudo mount -t cifs -o vers=3.0,sec=ntlmsspi,user=<your username>@<your domain> //10.0.0.xxx/share /mountpoint
create credential file and test it
$ sudo chmod 600 /root/smb.cred
$ sudo cat /root/smb.cred
username=<your username>
password=<your password>
domain=<your domain>
sudo mount -t cifs -o vers=3.0,sec=ntlmsspi,credentials=/root/smb.cred //10.0.0.xxx/share /mountpoint
write fstab entry and test it
$ sudo grep /mnt /etc/fstab
//10.0.0.xxx/share /mnt cifs vers=3.0,sec=ntlmsspi,credentials=/root/smb.cred 0 0
$ sudo mount /mountpoint
$ df /mountpoint
$ sudo umount /mountpoint