AWS Storage gateway and read only share

0

I want to create 2 file shares on our new storage gateway. A read-only file share and an admin file share. The ready only will be given out to users and the admin share to and IT team. This will be archive so I don't want users editing or deleting any files.

This is our current setup :

Configuration : S3 bucket, AWS storage gateway, EC2 host for gateway cache, SMB file share

I have created the read-only share but when i try to create the admin share it complains about overlapping paths, as they are both going to the root of the s3 bucket.

What is the best way to achieve this?

Should I create another storage gateway for the admin share (can I use the same EC2 instance or is there a better way).

thanks

asked 2 years ago978 views
1 Answer
1
Accepted Answer

Hi, You are correct in that a single S3 location (root of the bucket or prefix within the bucket) can only be mapped to one file share on a single S3 File Gateway. In order to provide different levels of permissions to different user groups, you can tackle this in one of two ways.

  1. Assign SMB permissions via security groups. ie. 'Domain Admins' have full control, 'Users' have read-only access. https://docs.aws.amazon.com/filegateway/latest/files3/smb-acl.html SMB permissions (ACL's) persists on the objects themselves ,and you can manage this through windows explorer (as an admin). This would allow for a single S3 File Gateway to host a single File Share, with separate permissions based on who is accessing the share (in your case, IT group vs. general users).

  2. Create a separate gateway, and control access via the Gateway File Share settings. This would allow you to create a file share on one gateway where IT group users have admin control, and a separate file share on a second gateway with read-only access for the rest of your users. https://docs.aws.amazon.com/filegateway/latest/files3/CreatingAnSMBFileShare.html

Ed

AWS
Ed_L
answered 2 years ago
  • Thanks for your reply I think I will be going for option 1. It's the simplest method and the lower-cost option.

    I've tested option 2 and it would work well but I would need a second gateway and EC2 instance cache host. I tried to register the second gateway with the original EC2 host but this failed. Each gateway must need its own host.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions