Skip to main content

Create a link

Contributors netapp-rlithman
PDFs

You can create and manage links to provide a trust relationship and connectivity between a Workload Factory account and one or more FSx for ONTAP file systems. This enables you to monitor and manage certain features directly from the FSx for ONTAP file system that are not available through the AWS FSx for ONTAP API.

Learn more about links.

About this task

Links leverage AWS Lambda to execute code in response to events and automatically manage the computing resources required by that code. The links that you create are part of your NetApp account and they are associated with an AWS account.

You can create a link in your account when defining an FSx for ONTAP file system. That link will be used for that file system, and it can be used by other FSx for ONTAP file systems.

You'll need to launch an AWS CloudFormation stack in your AWS account to create the link.

You have two options for creating links - automatically or manually.

  • Automatically: Creates a link with automatic registration via Workload Factory. A link created automatically requires tokens for Workload Factory automation and the CloudFormation code is short-lived. It can only be used for up to 6 hours.

  • Manually: Creates a link with manual registration. The CloudFormation code persists giving you more time to complete the operation. This is useful when working with different teams like Security and DevOps which may first need to grant the permissions necessary to complete link creation.

Before you begin

  • You should consider which link creation option you'll use.

  • You must have credentials to log in to your AWS account.

  • You must have the following permissions in your AWS account when adding a link using a CloudFormation stack:

    Details 
    "cloudformation:GetTemplateSummary",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStacks",
"cloudformation:ListStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:ListStackResources",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"iam:ListRoles",
"iam:GetRolePolicy",
"iam:GetRole",
"iam:DeleteRolePolicy",
"iam:CreateRole",
"iam:DetachRolePolicy",
"iam:PassRole",
"iam:PutRolePolicy",
"iam:DeleteRole",
"iam:AttachRolePolicy",
"lambda:AddPermission",
"lambda:RemovePermission",
"lambda:InvokeFunction",
"lambda:GetFunction",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:TagResource",
"codestar-connections:GetSyncConfiguration",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer"
Create automatically

Use CloudFormation to automatically create and register the link within Workload Factory.

Steps

  1. Log in to the Workload Factory console

  2. In Storage, select Go to storage inventory.

  3. In the FSx for ONTAP tab, select the three dots menu of the file system to associate a link to and then select Manage.

  4. In the file system overview, select Associate link.

  5. In the Associate link dialog, select Create a new link and select Continue.

  6. On the Create Link page, provide the following:

    1. Link name: Enter the name that you want to use for this link. The name must be unique within your account.

    2. Tags: Optionally, add any tags that you want to associate with this link so you can more easily categorize your resources. For example, you could add a tag that identifies this link as being used by FSx for ONTAP file systems.

      The AWS account and the additional information for Account, Location, and Security group are retrieved automatically based on the FSx for ONTAP file system.

  7. Click Create.

    The Redirect to CloudFormation dialog appears and explains how to create the link from the AWS CloudFormation service is displayed.

  8. Select Continue to open the AWS Management Console, and then log in to the AWS account for this FSx for ONTAP file system.

  9. On the Quick create stack page, under Capabilities, select I acknowledge that AWS CloudFormation might create IAM resources.

    Note that three permissions are granted to Lambda when you launch the CloudFormation template. Workload Factory uses these permissions when using links.

    "lambda:InvokeFunction",
"lambda:GetFunction",
"lambda:UpdateFunctionCode"

  10. Select Create stack and then select Continue.

    You can monitor the link creation status from the Events page. This should take no more than 5 minutes.

  11. Return to the Workload Factory interface and you'll see that the link is associated with the FSx for ONTAP file system.

Create manually

With this option, you extract the ARN for the link from AWS CloudFormation and report it here. Workload Factory manually registers the link for you.

Steps

  1. Log in to the Workload Factory console

  2. In Storage, select Go to storage inventory.

  3. In the FSx for ONTAP tab, select the three dots menu of the file system to associate a link to and then select Manage.

  4. In the file system overview, select Associate link.

  5. In the Associate link dialog, select Create a new link and select Continue.

  6. On the Create Link page, provide the following:

    1. Link name: Enter the name that you want to use for this link. The name must be unique within your account.

    2. Tags: Optionally, add any tags that you want to associate with this link so you can more easily categorize your resources. For example, you could add a tag that identifies this link as being used by FSx for ONTAP file systems.

    3. Link registration: Click on the dropdown arrow to expand the instructions for how to register the link from the AWS CloudFormation service. Follow the instructions.

      Note that three permissions are granted to Lambda when you launch the CloudFormation template. Workload Factory uses these permissions when using links.

      "lambda:InvokeFunction",
"lambda:GetFunction",
"lambda:UpdateFunctionCode"

      After you successfully create the stack, paste the Lambda ARN in the text box.

    4. The AWS account and the additional information for Account, Location, and Security group are retrieved automatically based on the FSx for ONTAP file system.

  7. Click Create.

    You can monitor the link creation status from the Events page. This should take no more than 5 minutes.

  8. Return to the Workload Factory interface and you'll see that the link is associated with the FSx for ONTAP file system.

Result

The link you created is associated with the FSx for ONTAP file system.