in app.py [0:0]
def __init__(self, scope:Construct, id:str, vpc:ec2.IVpc, directory:DirectoryServicesConstruct, subnet_group_name:str='Private')->None:
super().__init__(scope, id)
# https://docs.aws.amazon.com/fsx/latest/WindowsGuide/limit-access-security-groups.html
self.security_group = ec2.SecurityGroup(self,'SecurityGroup',
vpc=vpc,
description='FSX for Windows SecurityGroup',
allow_all_outbound=True)
for port, name in [(445,'SMB Clients'), (5985,'Admins')]:
self.security_group.add_ingress_rule(
peer=ec2.Peer.ipv4(vpc.vpc_cidr_block),
connection = ec2.Port.tcp(port),
description='Allow FSx %s' % name)
subnet_ids = vpc.select_subnets(subnet_group_name=subnet_group_name).subnet_ids
single_subnet = subnet_ids[0:1]
preferred_subnet_id = single_subnet[0]
self.filesystem = fsx.CfnFileSystem(self,'FileSystem',
subnet_ids = single_subnet,
file_system_type='WINDOWS',
security_group_ids=[ self.security_group.security_group_id],
# HDD min = 2TB / SSD = 32
storage_type='SSD',
storage_capacity= 32,
# tags=[
# cdk.CfnTag(key='Name',value='winfs.%s' + DIRECTORY_NAME),
# ],
windows_configuration= fsx.CfnFileSystem.WindowsConfigurationProperty(
weekly_maintenance_start_time='1:11:00', # Mon 6AM (UTC-5)
# 2^n MiB/s with n between 8 and 2048
throughput_capacity=8,
active_directory_id=directory.mad.ref,
automatic_backup_retention_days=30,
copy_tags_to_backups=True,
deployment_type='SINGLE_AZ_2', # MULTI_AZ_1,
preferred_subnet_id= preferred_subnet_id))
'''
Setup FSX Windows
'''
self.datasync_location = ds.CfnLocationFSxWindows(self,'FSX-Location',
fsx_filesystem_arn= "arn:aws:fsx:{region}:{account}:file-system/{id}".format(
region = cdk.Aws.REGION,
account = cdk.Aws.ACCOUNT_ID,
id = self.filesystem.ref),
user=directory.admin,
domain=directory.mad.short_name,
password= directory.password.secret_value.to_string(),
security_group_arns=[ DataSyncConstruct.sg_arn(self.security_group)])