By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS govcloud bucket to file gateway missing connection

0

I have an S3 bucket in my govcloud account. In the same govcloud account a file gateway was created from the downloaded .ova. A fileshare (SMB) was created pointing to the S3 bucket using the gateway. The gateway's VM console can be logged onto and 3. Test Network Connectivity passes all three tests. On the govcloud Gateway Overview page I can see the VM become Offline when the VM is powered down in VCenter. After the VM is powered up and the Gateway Overview page is refreshed the VM goes to Online.

From a Windows PC, an Explorer window can browse to the UNC path to the \<VM gateway><file share> on the VM. A directory structure (No files yet) has been built there but I do not see that same directory structure in the bucket. I must be missing something to sync those directories up to AWS govcloud?

TIA, Tim

Topics
Storage
Tags
AWS Storage GatewayStorage
Language
English
tgibney_UCI
asked a year ago246 views
1 Answer
0

Hello Tim,

Based on the behavior you are observing, the IAM role assigned to file share might be missing S3:PutObject permissions. I would recommend verifying the IAM role policy permissions and ensure it has these permissions. If you are using SSE-KMS encryption on the file share, please ensure that the file share IAM role has kms:Encrypt, kms:Decrypt, kms:ReEncrypt, kms:GenerateDataKey, and kms:DescribeKey permissions.

If not already enabled, I would suggest enabling CloudWatch health logs to get notified about errors related to S3.

Thanks - Surya

profile pictureAWS
Surya
answered a year ago
  • tgibney_UCI
    a year ago

    Apparently I had a role, and must have since when I originally created the bucket, gateway, fileshare, and built the VM, I could see directories created in the cloud on the SMB share locally and vice versa; IAM > Roles > StorageGatewayBucketAccessRole16715426617200.4422551916127462. But when I select that role I get the following:

    Entity does not exist
One of the entities that you specified for this operation does not exist.
The role with name StorageGatewayBucketAccessRole16715426617200.4422551916127462 cannot be found.

    Why did the role seemingly disappear?

  • Surya
    a year ago

    You would be able to check the CloudTrail logs for event name DeleteRole and DeleteRolePolicy to get additional insight into the role deletion. I have seen some cases where customers enforce automatic role deletions if they don't have certain tags etc, but it could be for a different reason in your case. I would suggest checking the CloudTrail log for the User name and further check with your IAM team.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content