Managing complex Amazon FSx for NetApp ONTAP (FSx for ONTAP) operations in AWS has traditionally required manual intervention or third-party tools. The AWS Management Console offers baseline functionalities, but advanced tasks such as configuring multiprotocol access, data replication, and block storage often involve time-consuming steps.
To address these challenges, NetApp® is excited to announce the release of the NetApp::FSxN CloudFormation package, which is available now on GitHub. This new custom resources package empowers FSx for ONTAP admins to automate advanced management operations directly within the AWS console for the first time. Adopting automation via AWS CloudFormation unlocks all the benefits of infrastructure as code (IaC), including streamlined workflows, reduced errors, and improved standardization.
In this article, I’ll talk about the benefits of this package, how it complements the existing AWS::FSx package, the resources it supports, and how to get started in three simple steps.
Here’s what I’ll cover:
- Introducing the NetApp::FSxN CloudFormation package
- What are the benefits of managing FSx for ONTAP with CloudFormation?
- What is the difference between the NetApp::FSxN and AWS::FSxN CloudFormation packages?
- What resources are supported by the NetApp::FSxN CloudFormation package?
- How does the NetApp::FSxN CloudFormation package manage resources under the hood?
- Get started with NetApp::FSxN CloudFormation package
- An alternative: Workload factory
- What’s Next?
Introducing the NetApp::FSxN CloudFormation package
The NetApp::FSxN CloudFormation package is a powerful extension that bridges the gap between AWS-native tools and the advanced management needs of FSx for ONTAP users.
With this package, you now have a way to seamlessly handle advanced NetApp ONTAP® operations natively in AWS—operations that are currently not available with FSx for ONTAP using the AWS console—giving you more control, flexibility, operational and cost efficiency, ease of use, and scalability.
What are the benefits of managing FSx for ONTAP with CloudFormation?
Automating operations can substantially improve the efficiency and reliability of managing FSx for ONTAP resources. By managing operations via CloudFormation, the NetApp::FSxN package offers several key advantages:
- Streamlined management: Replace repetitive, manual operations with pre-defined CloudFormation templates.
- Error reduction: Minimize human errors by automating complex workflows, such as setting up SnapMirror® relationships or managing multiprotocol volumes.
- Standardization: Use consistent configurations across deployments, to help stay aligned with best practices for your industry and specific workload.
- Ease of use: Perform advanced FSx for ONTAP operations directly in AWS CloudFormation without relying on third-party tools.
- Increased efficiency: Leveraging IaC to manage your FSx for ONTAP environments saves time and resources.
This new CloudFormation package unlocks these benefits for some of the most critical advanced FSx for ONTAP operations, simplifying management even for large-scale production systems.
What is the difference between the NetApp::FSxN and AWS::FSxN CloudFormation packages?
The NetApp::FSxN package is designed to complement the existing AWS::FSx package. While AWS::FSx handles foundational tasks, such as deploying FSx for ONTAP file systems or creating basic volumes, NetApp::FSxN extends these capabilities to advanced operations that the AWS console and AWS::FSx don’t support.
For instance, you can use AWS::FSx to create an FSx for ONTAP file system and then leverage NetApp::FSxN to set up a SnapMirror replication relationship between clusters or configure a NetApp Snapshot™ policy. Combining these two packages gives you an end-to-end solution for managing FSx for ONTAP resources.
Best Practice: Avoid managing the same resource through both modules to prevent configuration conflicts!
What resources are supported by the NetApp::FSxN CloudFormation package?
The package supports a range of advanced FSx for ONTAP resources, each designed to address specific operational needs.
|
Resource name
|
Description
|
Learn More
|
AWS console availability
|
|
SnapMirror
|
Data replication technology for disaster recovery, migration, data mobility, and business continuity.
|
More info
|
❌
|
|
Snapshot
|
Point-in-time volume or LUN copies that are read only for versioning, data recovery, archiving, etc.
|
More info
|
❌
|
|
Snapshot Policy
|
Set of rules to automate snapshot creation and retention for a volume.
|
|
Export Policy
|
Set of NFS access rules for client or network access to a volume.
|
More info
|
❌
|
|
Volume
|
A logical storage unit for data files, snapshots, and block devices.
|
More info
|
✅ (limited configuration)
|
|
CIFS Share
|
SMB-compatible shared folder for secure file sharing across Windows clients and applications.
|
More info
|
❌
|
|
iSCSI LUN (Logical Unit Number)
|
Block storage object for workloads requiring block-level access, appearing as a virtual disk to the host.
|
More info
|
❌
|
|
iGroup
(used by the iSCSI LUN schema)
|
Collection of host initiators (IQNs) to control secure access to LUNs.
|
More info
|
❌
|
|
Cluster Peer
(used by the SnapMirror schema)
|
Trusted network relationship between FSx for ONTAP and other ONTAP file systems for secure communication and authenticated data replication.
|
|
❌
|
|
Storage VM (SVM) Peer
(used by the SnapMirror schema
|
Relationship between two SVMs from different FSx for ONTAP or other ONTAP file systems for trusted resource sharing.
|
|
❌
|
For each resource, you can define your property configuration using CloudFormation’s intuitive interface—whether through the UI, CLI, or SDK. The package handles the automation, allowing you to focus on operational outcomes rather than manual processes.
How does the NetApp::FSxN CloudFormation package manage resources under the hood?
As a prerequisite, get familiar with AWS CloudFormation and IaC through the official AWS CloudFormation User Guide.
Under the hood, the NetApp::FSxN package relies on a Link—an AWS Lambda function running in your AWS account. The Link establishes a secure connection to your FSx for ONTAP file systems using stored ONTAP credentials and facilitates advanced operations via CloudFormation.
All resources except the LinkArn as a property. Other required properties for resource set-up are FsxAdminPasswordSource, FileSystemId, and UUID.
If you’re interested in learning more about the inner workings of each resource deployment, you can review the JSON CloudFormation schema with a special focus on these key sections:
- properties: Inputs required for resource configuration.
- handlers: Permissions and operations executed.
- definitions: Reusable objects like password sources and name/UUID references.
Expert tip: The Link is also how NetApp BlueXP™ workload factory manages resources, providing consistency and reliability across operations.
Get started with NetApp::FSxN CloudFormation package
Deploying CloudFormation custom resources is a simple and straightforward three-step process.
Note: This walkthrough won’t provide exact instructions on how to deploy resources in CloudFormation since that’s a standard process. Please refer to the official CloudFormation documentation for guidance with your preferred tool (SDK, UI, CLI).
Step 1: Create the Link module
The first step is to create the AWS Lambda that performs the FSx for ONTAP operations under the hood via a secure connection to your FSx for ONTAP file systems using stored ONTAP credentials.
- Download the Link CloudFormation module from GitHub: NetApp::FSxN CloudFormation package.
- Deploy the module using AWS CloudFormation to set up the AWS Lambda function.
- Store the ARN of the created AWS Lambda function to provide as the input LinkArn property for each FSx for ONTAP resource in Step 3.
Step 2: Obtain a preview key
The preview key is necessary to consume FSx for ONTAP resources created with the package, and all resources use the same key.
Contact your NetApp account manager or email ng-fsx-cloudformation@netapp.com to request a preview key.
Store the key safely and add your ONTAP credentials inside the AWS Secrets Manager. Then, provide the key as the input PreviewKey property and the secret’s ARN and key within the SecretSource definition for each FSx for ONTAP resource in Step 3.
Step 3: Deploy your FSx for ONTAP stack
Given the created AWS Lambda (LinkArn), your ONTAP credentials (SecretSource) and the active preview key (PreviewKey), you can now create your FSx for ONTAP IaC by deploying the CloudFormation package with your desired resources’ property configuration.
For more information about available commands and workflows, see the official CloudFormation documentation.
An alternative: Workload factory
While the IaC capabilities of the new CloudFormation template offer flexibility for developers using FSx for ONTAP, there is another option to deploy these same functions without any advanced programmatic knowledge: BlueXP workload factory.
Workload factory simplifies the deployment process with its Codebox feature, which automatically provides IaC code snippets that you can copy and paste to use with Restful API calls, Amazon CloudFormation, and Terraform.
Plus, workload factory offers workload-centric management that’s tailored to the needs of your GenAI, database, VMware migration, and general storage workloads, with automated implementation of best practices for FSx for ONTAP resources that are specific to your workload’s needs.
Learn more about BlueXP workload factory or get started now.
What’s Next?
The NetApp FSx for ONTAP CloudFormation package is a game-changer for automating advanced ONTAP operations that are not available in FSx for ONTAP. This automation workflow is designed with NetApp best practices, giving you more efficiency, standardization, and control over your FSx for ONTAP resources一all directly within the AWS console.
Learn more about our GitHub NetApp::FSxN CloudFormation package.
