Skip to content

Resource: awsStoragegatewaySmbFileShare

Manages an AWS Storage Gateway SMB File Share.

Example Usage

Active Directory Authentication

\~> NOTE: The gateway must have already joined the Active Directory domain prior to SMB file share creationE.g., via "SMB Settings" in the AWS Storage Gateway console or smbActiveDirectorySettings in the awsStoragegatewayGateway resource.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.storagegatewaySmbFileShare.StoragegatewaySmbFileShare(this, "example", {
  authentication: "ActiveDirectory",
  gatewayArn: "${aws_storagegateway_gateway.example.arn}",
  locationArn: "${aws_s3_bucket.example.arn}",
  roleArn: "${aws_iam_role.example.arn}",
});

Guest Authentication

\~> NOTE: The gateway must have already had the SMB guest password set prior to SMB file share creationE.g., via "SMB Settings" in the AWS Storage Gateway console or smbGuestPassword in the awsStoragegatewayGateway resource.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.storagegatewaySmbFileShare.StoragegatewaySmbFileShare(this, "example", {
  authentication: "GuestAccess",
  gatewayArn: "${aws_storagegateway_gateway.example.arn}",
  locationArn: "${aws_s3_bucket.example.arn}",
  roleArn: "${aws_iam_role.example.arn}",
});

Argument Reference

The following arguments are supported:

  • gatewayArn - (Required) Amazon Resource Name (ARN) of the file gateway.
  • locationArn - (Required) The ARN of the backed storage used for storing file data.
  • vpcEndpointDnsName - (Optional) The DNS name of the VPC endpoint for S3 private link.
  • bucketRegion - (Optional) The region of the S3 buck used by the file share. Required when specifying a vpcEndpointDnsName.
  • roleArn - (Required) The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.
  • adminUserList - (Optional) A list of users in the Active Directory that have admin access to the file share. Only valid if authentication is set to activeDirectory.
  • authentication - (Optional) The authentication method that users use to access the file share. Defaults to activeDirectory. Valid values: activeDirectory, guestAccess.
  • auditDestinationArn - (Optional) The Amazon Resource Name (ARN) of the CloudWatch Log Group used for the audit logs.
  • defaultStorageClass - (Optional) The default storage class for objects put into an Amazon S3 bucket by the file gateway. Defaults to S3_STANDARD.
  • fileShareName - (Optional) The name of the file share. Must be set if an S3 prefix name is set in locationArn.
  • guessMimeTypeEnabled - (Optional) Boolean value that enables guessing of the MIME type for uploaded objects based on file extensions. Defaults to true.
  • invalidUserList - (Optional) A list of users in the Active Directory that are not allowed to access the file share. Only valid if authentication is set to activeDirectory.
  • kmsEncrypted - (Optional) Boolean value if true to use Amazon S3 server side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Defaults to false.
  • kmsKeyArn - (Optional) Amazon Resource Name (ARN) for KMS key used for Amazon S3 server side encryption. This value can only be set when kmsEncrypted is true.
  • objectAcl - (Optional) Access Control List permission for S3 objects. Defaults to private.
  • oplocksEnabled - (Optional) Boolean to indicate Opportunistic lock (oplock) status. Defaults to true.
  • cacheAttributes - (Optional) Refresh cache information. see Cache Attributes for more details.
  • readOnly - (Optional) Boolean to indicate write status of file share. File share does not accept writes if true. Defaults to false.
  • requesterPays - (Optional) Boolean who pays the cost of the request and the data download from the Amazon S3 bucket. Set this value to true if you want the requester to pay instead of the bucket owner. Defaults to false.
  • smbAclEnabled - (Optional) Set this value to true to enable ACL (access control list) on the SMB fileshare. Set it to false to map file and directory permissions to the POSIX permissions. This setting applies only to activeDirectory authentication type.
  • caseSensitivity - (Optional) The case of an object name in an Amazon S3 bucket. For clientSpecified, the client determines the case sensitivity. For caseSensitive, the gateway determines the case sensitivity. The default value is clientSpecified.
  • validUserList - (Optional) A list of users in the Active Directory that are allowed to access the file share. If you need to specify an Active directory group, add '@' before the name of the group. It will be set on Allowed group in AWS console. Only valid if authentication is set to activeDirectory.
  • accessBasedEnumeration - (Optional) The files and folders on this share will only be visible to users with read access. Default value is false.
  • notificationPolicy - (Optional) The notification policy of the file share. For more information see the AWS Documentation. Default value is {}.
  • tags - (Optional) Key-value map of resource tags. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

cacheAttributes

  • cacheStaleTimeoutInSeconds - (Optional) Refreshes a file share's cache by using Time To Live (TTL). TTL is the length of time since the last refresh after which access to the directory would cause the file gateway to first refresh that directory's contents from the Amazon S3 bucket. Valid Values: 300 to 2,592,000 seconds (5 minutes to 30 days)

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - Amazon Resource Name (ARN) of the SMB File Share.
  • arn - Amazon Resource Name (ARN) of the SMB File Share.
  • fileshareId - ID of the SMB File Share.
  • path - File share path used by the NFS client to identify the mount point.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Timeouts

Configuration options:

  • create - (Default 10M)
  • update - (Default 10M)
  • delete - (Default 15M)

Import

awsStoragegatewaySmbFileShare can be imported by using the SMB File Share Amazon Resource Name (ARN), e.g.,

$ terraform import aws_storagegateway_smb_file_share.example arn:aws:storagegateway:us-east-1:123456789012:share/share-12345678