AWS Storage gateway and read only share

0

I want to create 2 file shares on our new storage gateway. A read-only file share and an admin file share. The ready only will be given out to users and the admin share to and IT team. This will be archive so I don't want users editing or deleting any files.

This is our current setup :

Configuration : S3 bucket, AWS storage gateway, EC2 host for gateway cache, SMB file share

I have created the read-only share but when i try to create the admin share it complains about overlapping paths, as they are both going to the root of the s3 bucket.

What is the best way to achieve this?

Should I create another storage gateway for the admin share (can I use the same EC2 instance or is there a better way).

thanks

已提問 2 年前檢視次數 993 次
1 個回答
1
已接受的答案

Hi, You are correct in that a single S3 location (root of the bucket or prefix within the bucket) can only be mapped to one file share on a single S3 File Gateway. In order to provide different levels of permissions to different user groups, you can tackle this in one of two ways.

  1. Assign SMB permissions via security groups. ie. 'Domain Admins' have full control, 'Users' have read-only access. https://docs.aws.amazon.com/filegateway/latest/files3/smb-acl.html SMB permissions (ACL's) persists on the objects themselves ,and you can manage this through windows explorer (as an admin). This would allow for a single S3 File Gateway to host a single File Share, with separate permissions based on who is accessing the share (in your case, IT group vs. general users).

  2. Create a separate gateway, and control access via the Gateway File Share settings. This would allow you to create a file share on one gateway where IT group users have admin control, and a separate file share on a second gateway with read-only access for the rest of your users. https://docs.aws.amazon.com/filegateway/latest/files3/CreatingAnSMBFileShare.html

Ed

AWS
Ed_L
已回答 2 年前
  • Thanks for your reply I think I will be going for option 1. It's the simplest method and the lower-cost option.

    I've tested option 2 and it would work well but I would need a second gateway and EC2 instance cache host. I tried to register the second gateway with the original EC2 host but this failed. Each gateway must need its own host.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南