aws ec2 create-vpc --cidr-block <CIDR_BLOCK> aws ec2 create-subnet --vpc-id <VPC_ID> --cidr-block <CIDR_BLOCK> aws ec2 create-security-group --group-name <GROUP_NAME> --description <DESCRIPTION> aws ec2 authorize-security-group-ingress --group-id <GROUP_ID> --protocol <PROTOCOL> --port <PORT> --cidr-ip <CIDR_IP>
aws ec2 run-instances --image-id <IMAGE_ID> --instance-type <INSTANCE_TYPE> --subnet-id <SUBNET_ID> --security-group-ids <GROUP_ID>
Connect to the EC2 instance using Remote Desktop Protocol (RDP) and install the necessary software and updates.
Create an FSx for Windows file system and configure its settings such as the file system size, backup settings, and performance settings using the following command:
aws fsx create-file-system --storage-capacity <STORAGE_CAPACITY> --file-system-type <FILE_SYSTEM_TYPE> --subnet-ids <SUBNET_ID>
Map the EC2 instance to the FSx file system using the appropriate drive letter and assign it proper permissions and access controls.
Create a Microsoft AD and configure its settings such as the domain name and subnets using the following command:
aws directoryservice create-microsoft-ad --name <NAME> --password <PASSWORD> --vpc-settings VpcId=<VPC_ID>,SubnetIds=<SUBNET_ID>
net ads join -U <ADMIN_NAME>%<PASSWORD>
aws cloudwatch put-dashboard --dashboard-name <DASHBOARD_NAME> --dashboard-body <DASHBOARD_BODY>
aws fsx create-backup --file-system-id <FILE_SYSTEM_ID>
aws iam create-role --role-name fsx-access --assume-role-policy-document file://trust-policy.json
where trust-policy.json is a file that contains the trust relationship policy for the IAM role. The policy should specify the EC2 service as the trusted entity and allow it to assume the role.
Next, create a policy that allows the IAM role to access the FSx file system using the following command:
aws iam create-policy --policy-name fsx-policy --policy-document file://permission-policy.json
where permission-policy.json is a file that contains the permissions policy for the IAM role. The policy should specify the actions that are allowed on the FSx file system, such as CreateFileSystem, DescribeFileSystems, and DeleteFileSystem.
Finally, attach the policy to the IAM role using the following command:
aws iam attach-role-policy --role-name fsx-access --policy-arn arn:aws:iam::<account-id>:policy/fsx-policy
where account-id is your AWS account ID.
aws ec2 associate-iam-instance-profile --instance-id <instance-id> --iam-instance-profile Name=fsx-access
where instance-id is the ID of the EC2 instance that you launched earlier. This command will allow the EC2 instance to use the IAM role and access the FSx file system.
mount -t cifs //<file-system-id>.<dns-name>.fsx.aws.<region>.amazonaws.com/<share-name> <mount-point> -o vers=3.0,username=<fsx-user>,password=<fsx-password>
where file-system-id is the ID of the FSx file system, dns-name is the DNS name of the FSx file system, region is the AWS region where the FSx file system is located, share-name is the name of the share that you created earlier, mount-point is the local path on the EC2 instance where you want to mount the FSx file system, fsx-user is the user name for accessing the FSx file system, and fsx-password is the password for accessing the FSx file system. This command will allow you to access the files and folders on the FSx file system from the EC2 instance.
net ads join -U <administrator>
where administrator is the user name of an administrator in the Microsoft AD. This command will allow the EC2 instance to join the Microsoft AD, which will enable you to use the EC2 instance as a file server for the AD environment.
net share <share-name>=<mount-point> /grant:<user-group>,full
where share-name is the name of the share that you want to create, mount-point is the path to the mounted FSx file system, and user-group is the name of a user group in the Microsoft AD that you want to grant access to the share. This command will create a share on the EC2 instance and grant access to the specified user group.
Verify the share by accessing it from a Windows client in the same Microsoft AD. This will confirm that the EC2 instance is correctly joined to the Microsoft AD and is able to share files from the FSx file system.
Set up the EC2 instance as a preferred file server using the following command:
aws fsx create-preferred-file-server --file-system-id <file-system-id> --windows-configuration-id <windows-configuration-id>
where file-system-id is the ID of the FSx file system and windows-configuration-id is the ID of the Windows configuration for the EC2 instance. This command will set the EC2 instance as the preferred file server for the FSx file system, which will ensure that clients will connect to this instance for file access when it’s available.
aws fsx create-standby-file-server --file-system-id <file-system-id> --windows-configuration-id <windows-configuration-id>
where file-system-id is the ID of the FSx file system and windows-configuration-id is the ID of the Windows configuration for the EC2 instance. This command will set the EC2 instance as the standby file server for the FSx file system, which will ensure that clients will connect to this instance as a backup when the preferred file server is unavailable.
Verify the file server configuration by accessing the share from a Windows client in the Microsoft AD. Confirm that clients are connecting to the EC2 instance as the preferred or standby file server as expected.
Repeat steps 7 to 18 for each additional EC2 instance you want to use with the FSx file system to set up a high-availability file server architecture using AWS CLI.
Monitor the FSx file system performance, availability, and utilization using the AWS CloudWatch service, and troubleshoot any issues as needed. You can use the following command to view CloudWatch metrics:
aws cloudwatch get-metric-data
aws fsx create-backup
aws iam update-policy