|
| 1 | +# NetApp FSxN Third Party CloudFormation Extensions Examples |
| 2 | + |
| 3 | +## Overview |
| 4 | +This repository contains example CloudFormation templates that use the NetApp FSxN Third Party CloudFormation Extensions. |
| 5 | + |
| 6 | +It also contains shell scripts that can be used to get you started quickly, as well as some shell |
| 7 | +scripts that allow you to deploy these examples with the AWS CLI. |
| 8 | + |
| 9 | +And, as a bonus, there is one Python script that can be used to create a clone of an existing FSx for NetApp ONTAP volume. |
| 10 | + |
| 11 | +## Prerequisites |
| 12 | +### Get a Preview Key |
| 13 | +- The first thing you need to do before you can use any of the NetApp FSxN Third Party CloudFormation Extensions is obtain a `preview key`. |
| 14 | +You can get one of those by sending an email to [[email protected]](mailto:[email protected]) requesting one. |
| 15 | + |
| 16 | +## Getting Started |
| 17 | +Once you have the preview key, you are ready to activate the extensions and start using them. |
| 18 | + |
| 19 | +### Step 1 Create an IAM role |
| 20 | +You need to create an IAM role that the extensions will assume to create and/or modify resources on your behalf. |
| 21 | +The following is a CloudFormation template that you can use to create the role: |
| 22 | +``` |
| 23 | +AWSTemplateFormatVersion: "2010-09-09" |
| 24 | +Description: > |
| 25 | + This CloudFormation template creates a role assumed by CloudFormation |
| 26 | + during CRUDL operations to mutate resources on your behalf. |
| 27 | +
|
| 28 | +Resources: |
| 29 | + ExecutionRole: |
| 30 | + Type: AWS::IAM::Role |
| 31 | + Properties: |
| 32 | + MaxSessionDuration: 8400 |
| 33 | + AssumeRolePolicyDocument: |
| 34 | + Version: '2012-10-17' |
| 35 | + Statement: |
| 36 | + - Effect: Allow |
| 37 | + Principal: |
| 38 | + Service: resources.cloudformation.amazonaws.com |
| 39 | + Action: sts:AssumeRole |
| 40 | + Path: "/" |
| 41 | + Policies: |
| 42 | + - PolicyName: ResourceTypePolicy |
| 43 | + PolicyDocument: |
| 44 | + Version: '2012-10-17' |
| 45 | + Statement: |
| 46 | + - Effect: Allow |
| 47 | + Action: |
| 48 | + - "fsx:DescribeFileSystems" |
| 49 | + - "lambda:InvokeFunction" |
| 50 | + - "secretsmanager:GetSecretValue" |
| 51 | + Resource: "*" |
| 52 | +Outputs: |
| 53 | + ExecutionRoleArn: |
| 54 | + Value: |
| 55 | + Fn::GetAtt: ExecutionRole.Arn |
| 56 | +``` |
| 57 | +You can use the above template to create the role by running the following command: |
| 58 | +``` |
| 59 | +aws cloudformation create-stack --stack-name create_execution_role_for_NetApp_CF_extensions --template-body file://<path-to-template> --capabilities CAPABILITY_NAMED_IAM |
| 60 | +``` |
| 61 | + |
| 62 | +### Step 2: Activate the Extensions |
| 63 | +The next step is to activate all the extension. You can do that by running the `activate_extensions` |
| 64 | +script found in the `scripts` directory in this repository. |
| 65 | +``` |
| 66 | +./activate_extensions -r <aws-region> -p <preview-key> -a <role-arn> |
| 67 | +``` |
| 68 | +Where: |
| 69 | +- `<aws-region>` is the AWS region you want to activate the extensions in. |
| 70 | +- `<preview-key>` is the preview key you obtained from NetApp. |
| 71 | +- `<role-arn>` is the ARN of the role that the extensions will assume to create resources. |
| 72 | + |
| 73 | +### Step 3: Deploy a Workload Factory Link |
| 74 | +Before you can use any of the FSxN extensions you must have a Workload Factory Link deployed. |
| 75 | +If you don't already have one, you can either deploy one via the [Workload Factory console](https://console.workloads.netapp.com), |
| 76 | +or you can create one by using the `NetApp::FSxN::Link::MODULE` CloudFormation module, which is part of the third party extensions. |
| 77 | +To make deploying the Workload Factory Link easy you can use the `deploy_link` script found in the `scripts` directory in this repository. |
| 78 | +It invokes the `NetApp::FSxN::Link::Module` module with the appropriate parameters and will output the ARN |
| 79 | +of the Workload Factory Link Lambda function that will be used in all of the CloudFormation templates that use these FSxN extensions. |
| 80 | + |
| 81 | +Here is the synopsis of how to use the `deploy_link` script: |
| 82 | +``` |
| 83 | +./deploy_link -r <aws-region> -s <subnet-id>,<subnet-id> -g <security-group-id>,<security-group-id> -n <link_name> |
| 84 | +``` |
| 85 | +Where: |
| 86 | +- `<aws-region>` is the AWS region you want to activate the extensions in. |
| 87 | +- `<subnet-id>,<subnet-id>` are the subnet(s) you want to deploy the link in. No spaces between the subnet IDs. |
| 88 | +Only one is required, but is recommended to have at least two. These subnets must have access to the FSxN management endpoint. |
| 89 | +- `<security-group-id>,<security-group-id>` are the security group that will be attached to the Lambda Link function. |
| 90 | +No spaces between the security group IDs. Only one is required. |
| 91 | +- `<link_name>` is the name you want to give the link. It is also used as the name assigned to the link Lambda function. |
| 92 | + |
| 93 | +Once you have done this, you are ready to start using the examples in this repository. |
| 94 | + |
| 95 | +| File | Description | |
| 96 | +|------|-------------| |
| 97 | +|create_clone.yaml|Creates a clone of an existing FSx for NetApp ONTAP volume.| |
| 98 | +|create_export.yaml|Creates an export policy for an FSx for NetApp ONTAP file system.| |
| 99 | +|create_sm_with_peering.yaml|Creates a SnapMirror relationship with a specified source volume. It will also establish the vserver and cluster peering relationships.| |
| 100 | +|create_sm_without_peering.yaml|Creates a SnapMirror relationship with a specified source volume. It assumes that there is already a peering relationship between the source and destination clusters and vservers.| |
| 101 | +|create_snapshot.yaml|Creates a snapshot of an FSx for NetApp ONTAP volume.| |
| 102 | +|create_volume.yaml|Creates an FSx for NetApp ONTAP volume.| |
| 103 | + |
| 104 | +Note that there is a script, in the `scripts` directory, for each of these CloudFormation templates that can be used to deploy them via the AWS CLI. |
| 105 | + |
| 106 | +## Author Information |
| 107 | + |
| 108 | +This repository is maintained by the contributors listed on [GitHub](https://github.com/NetApp/FSx-ONTAP-samples-scripts/graphs/contributors). |
| 109 | + |
| 110 | +## License |
| 111 | + |
| 112 | +Licensed under the Apache License, Version 2.0 (the "License"). |
| 113 | + |
| 114 | +You may obtain a copy of the License at [apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0). |
| 115 | + |
| 116 | +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an _"AS IS"_ basis, without WARRANTIES or conditions of any kind, either express or implied. |
| 117 | + |
| 118 | +See the License for the specific language governing permissions and limitations under the License. |
| 119 | + |
| 120 | +© 2025 NetApp, Inc. All Rights Reserved. |
0 commit comments