Manages a FSx Windows File System. See the FSx Windows Guide for more information.
Additional information for using AWS Directory Service with Windows File Systems can be found in the FSx Windows Guide.
resource "aws_fsx_windows_file_system" "example" {
active_directory_id = aws_directory_service_directory.example.id
kms_key_id = aws_kms_key.example.arn
storage_capacity = 300
subnet_ids = [aws_subnet.example.id]
throughput_capacity = 1024
}
Additional information for using AWS Directory Service with Windows File Systems can be found in the FSx Windows Guide.
resource "aws_fsx_windows_file_system" "example" {
kms_key_id = aws_kms_key.example.arn
storage_capacity = 300
subnet_ids = [aws_subnet.example.id]
throughput_capacity = 1024
self_managed_active_directory {
dns_ips = ["10.0.0.111", "10.0.0.222"]
domain_name = "corp.example.com"
password = "avoid-plaintext-passwords"
username = "Admin"
}
}
The following arguments are required:
subnet_ids
- (Required) A list of IDs for the subnets that the file system will be accessible from. To specify more than a single subnet set deployment_type
to MULTI_AZ_1
.throughput_capacity
- (Required) Throughput (megabytes per second) of the file system in power of 2 increments. Minimum of 8
and maximum of 2048
.The following arguments are optional:
active_directory_id
- (Optional) The ID for an existing Microsoft Active Directory instance that the file system should join when it's created. Cannot be specified with self_managed_active_directory
.aliases
- (Optional) An array DNS alias names that you want to associate with the Amazon FSx file system. For more information, see Working with DNS Aliasesaudit_log_configuration
- (Optional) The configuration that Amazon FSx for Windows File Server uses to audit and log user accesses of files, folders, and file shares on the Amazon FSx for Windows File Server file system. See Audit Log Configuration below.automatic_backup_retention_days
- (Optional) The number of days to retain automatic backups. Minimum of 0
and maximum of 90
. Defaults to 7
. Set to 0
to disable.backup_id
- (Optional) The ID of the source backup to create the filesystem from.copy_tags_to_backups
- (Optional) A boolean flag indicating whether tags on the file system should be copied to backups. Defaults to false
.daily_automatic_backup_start_time
- (Optional) The preferred time (in HH:MM
format) to take daily automatic backups, in the UTC time zone.deployment_type
- (Optional) Specifies the file system deployment type, valid values are MULTI_AZ_1
, SINGLE_AZ_1
and SINGLE_AZ_2
. Default value is SINGLE_AZ_1
.disk_iops_configuration
- (Optional) The SSD IOPS configuration for the Amazon FSx for Windows File Server file system. See Disk Iops Configuration below.kms_key_id
- (Optional) ARN for the KMS Key to encrypt the file system at rest. Defaults to an AWS managed KMS Key.preferred_subnet_id
- (Optional) Specifies the subnet in which you want the preferred file server to be located. Required for when deployment type is MULTI_AZ_1
.security_group_ids
- (Optional) A list of IDs for the security groups that apply to the specified network interfaces created for file system access. These security groups will apply to all network interfaces.self_managed_active_directory
- (Optional) Configuration block that Amazon FSx uses to join the Windows File Server instance to your self-managed (including on-premises) Microsoft Active Directory (AD) directory. Cannot be specified with active_directory_id
. See Self-Managed Active Directory below.skip_final_backup
- (Optional) When enabled, will skip the default final backup taken when the file system is deleted. This configuration must be applied separately before attempting to delete the resource to have the desired behavior. Defaults to false
.tags
- (Optional) A map of tags to assign to the file system. If configured with a provider default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.storage_capacity
- (Optional) Storage capacity (GiB) of the file system. Minimum of 32 and maximum of 65536. If the storage type is set to HDD
the minimum value is 2000. Required when not creating filesystem for a backup.storage_type
- (Optional) Specifies the storage type, Valid values are SSD
and HDD
. HDD
is supported on SINGLE_AZ_2
and MULTI_AZ_1
Windows file system deployment types. Default value is SSD
.weekly_maintenance_start_time
- (Optional) The preferred start time (in d:HH:MM
format) to perform weekly maintenance, in the UTC time zone.iops
- (Optional) - The total number of SSD IOPS provisioned for the file system.mode
- (Optional) - Specifies whether the number of IOPS for the file system is using the system. Valid values are AUTOMATIC
and USER_PROVISIONED
. Default value is AUTOMATIC
.The self_managed_active_directory
configuration block supports the following arguments:
dns_ips
- (Required) A list of up to two IP addresses of DNS servers or domain controllers in the self-managed AD directory. The IP addresses need to be either in the same VPC CIDR range as the file system or in the private IP version 4 (IPv4) address ranges as specified in RFC 1918.domain_name
- (Required) The fully qualified domain name of the self-managed AD directory. For example, corp.example.com
.password
- (Required) The password for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain.username
- (Required) The user name for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain.file_system_administrators_group
- (Optional) The name of the domain group whose members are granted administrative privileges for the file system. Administrative privileges include taking ownership of files and folders, and setting audit controls (audit ACLs) on files and folders. The group that you specify must already exist in your domain. Defaults to Domain Admins
.organizational_unit_distinguished_name
- (Optional) The fully qualified distinguished name of the organizational unit within your self-managed AD directory that the Windows File Server instance will join. For example, OU=FSx,DC=yourdomain,DC=corp,DC=com
. Only accepts OU as the direct parent of the file system. If none is provided, the FSx file system is created in the default location of your self-managed AD directory. To learn more, see RFC 2253.audit_log_destination
- (Optional) The Amazon Resource Name (ARN) for the destination of the audit logs. The destination can be any Amazon CloudWatch Logs log group ARN or Amazon Kinesis Data Firehose delivery stream ARN. Can be specified when file_access_audit_log_level
and file_share_access_audit_log_level
are not set to DISABLED
. The name of the Amazon CloudWatch Logs log group must begin with the /aws/fsx
prefix. The name of the Amazon Kinesis Data Firehouse delivery stream must begin with the aws-fsx
prefix. If you do not provide a destination in audit_log_destionation
, Amazon FSx will create and use a log stream in the CloudWatch Logs /aws/fsx/windows log group.file_access_audit_log_level
- (Optional) Sets which attempt type is logged by Amazon FSx for file and folder accesses. Valid values are SUCCESS_ONLY
, FAILURE_ONLY
, SUCCESS_AND_FAILURE
, and DISABLED
. Default value is DISABLED
.file_share_access_audit_log_level
- (Optional) Sets which attempt type is logged by Amazon FSx for file share accesses. Valid values are SUCCESS_ONLY
, FAILURE_ONLY
, SUCCESS_AND_FAILURE
, and DISABLED
. Default value is DISABLED
.This resource exports the following attributes in addition to the arguments above:
arn
- Amazon Resource Name of the file system.dns_name
- DNS name for the file system, e.g., fs-12345678.corp.example.com
(domain name matching the Active Directory domain name)id
- Identifier of the file system (e.g. fs-12345678
).network_interface_ids
- Set of Elastic Network Interface identifiers from which the file system is accessible.owner_id
- AWS account identifier that created the file system.preferred_file_server_ip
- The IP address of the primary, or preferred, file server.remote_administration_endpoint
- For MULTI_AZ_1
deployment types, use this endpoint when performing administrative tasks on the file system using Amazon FSx Remote PowerShell. For SINGLE_AZ_1
deployment types, this is the DNS name of the file system.tags_all
- A map of tags assigned to the resource, including those inherited from the provider default_tags
configuration block.vpc_id
- Identifier of the Virtual Private Cloud for the file system.create
- (Default 45m
)delete
- (Default 30m
)update
- (Default 45m
)In Terraform v1.5.0 and later, use an import
block to import FSx File Systems using the id
. For example:
import {
to = aws_fsx_windows_file_system.example
id = "fs-543ab12b1ca672f33"
}
Using terraform import
, import FSx File Systems using the id
. For example:
% terraform import aws_fsx_windows_file_system.example fs-543ab12b1ca672f33
Certain resource arguments, like security_group_ids
and the self_managed_active_directory
configuation block password
, do not have a FSx API method for reading the information after creation. If these arguments are set in the Terraform configuration on an imported resource, Terraform will always show a difference. To workaround this behavior, either omit the argument from the Terraform configuration or use ignore_changes
to hide the difference. For example:
resource "aws_fsx_windows_file_system" "example" {
# ... other configuration ...
security_group_ids = [aws_security_group.example.id]
# There is no FSx API for reading security_group_ids
lifecycle {
ignore_changes = [security_group_ids]
}
}