roy
Using EFS File Sync on an on-prem linux server, with an AWS EFS volume. What’s the best way to securely connect to this over a site-to-site VPN without using Access Key and Secret (these need to be rotated and want to avoid having to update every time the keys are changed)? Idea please?
1 Answers
Scott Pletcher
Maybe I’m not following the question…please advise if I’m not.
EFS File Sync Agent is a virtual machine that you can run in your VMWare environment or on AWS as an EC2 instances. From what I recall in setting one up, you don’t need any Access Key or Secrets configured it get it running. You just start the machine and configure the sync tasks from the AWS Console. An encryption key gets generated when you set it up that creates the secure link.
Hey Scott. Thanks for the quick response. I misunderstood the File Sync Agent when I read a description. I thought this was an agent which had to be installed into an existing linux server with a link to the EFS mount (i did wonder about that due to EFS only mounting over Direct Connect. So, from what you describe, this is similar to the role of a file storage gateway to S3? I’ll review the docs and work out how to rotate encryption keys as specified intervals.
Excuse spelling – written on an iphone without my glasses on! 😀
Yep, its real close to Storage Gateway conceptually. It gets a little confusing too because AWS offers what it calls an EFS Utility which can be installed on an on-prem Linux system, but more of a mount helper. Also, for what its worth, when I first read about the "file sync agent", I too thought it was some daemon that gets installed on my on-prem system. It wasn’t until I went through the process of setting it up did I understand about the appliance aspect. Goes to show that doing is the best learning. I can probably make it more clear in the lecture and I’ll put it on my to-do list.