1 Answer
- Newest
- Most votes
- Most comments
0
Hello.
When using Amazon WorkSpaces, users authenticate through Active Directory (AWS Managed or not). Will EFS Access Points use their identity authenticated through AD to control their access exclusively through EFS?
EFS cannot be controlled by AD.
I am looking for ways to granularly control user access to specific shares on a shared EFS. Any suggestions or best practices would be greatly appreciated.
Why not try using FSx For Windows File Server?
Since FSx For Windows File Server can participate in Active Directory, I think it is possible to restrict folder access for each AD user.
https://aws.amazon.com/jp/blogs/desktop-and-application-streaming/using-amazon-fsx-for-windows-file-server-with-amazon-workspaces/
Relevant content
- asked 2 years ago
- asked 6 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 months ago
Hi @Riku,
Thanks for your reply.
To clarify, my WorkSpace bundles are Linux-based, and as per WorkSpaces requirements, they require the WorkSpace instances to be domain-joined (https://docs.aws.amazon.com/workspaces/latest/adminguide/manage_linux_workspace.html#:~:text=As%20with%20Windows%20WorkSpaces%2C%20Amazon%20Linux%20WorkSpaces%20are%20domain%20joined%2C%20so%20you%20can%20use%20Active%20Directory%20Users%20and%20Groups%20to%3A).
Since I will use EFS with Linux-based WorkSpaces, I need to know how to control access within the EFS share mounted to each WorkSpace instance. Ideally, this would utilize the authenticated AD credentials for the Linux WorkSpace instance or another best practice method. FSx for Windows File Server is not an option in this case.
Any insights or best practices for achieving this would be greatly appreciated.
Thank you!