From 7040c84ed8d8a4618f65d4368ef490880ed80431 Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Thu, 6 Feb 2025 16:04:28 -0600
Subject: [PATCH 1/6] Updated based no comments received.

---
 .../NetApp-FSxN-Custom-Resources-Samples/README.md           | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md
index d9a7d98..7bd02c6 100644
--- a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md
+++ b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md
@@ -56,7 +56,7 @@ Outputs:
 ```
 You can use the above template to create the role by running the following command:
 ```
-aws cloudformation create-stack --stack-name create_execution_role_for_NetApp_CF_extensions --template-body file://<path-to-template> --capabilities CAPABILITY_NAMED_IAM
+aws cloudformation create-stack --stack-name CreateExecutionRoleForNetAppCFextensions --template-body file://<path-to-template> --capabilities CAPABILITY_NAMED_IAM
 ```
 
 ### Step 2: Activate the Extensions
@@ -86,7 +86,8 @@ Where:
 - `<aws-region>` is the AWS region you want to activate the extensions in.
 - `<subnet-id>,<subnet-id>` are the subnet(s) you want to deploy the link in. No spaces between the subnet IDs.
 Only one is required, but is recommended to have at least two. These subnets must have access to the FSxN management endpoint.
-- `<security-group-id>,<security-group-id>` are the security group that will be attached to the Lambda Link function.
+- `<security-group-id>,<security-group-id>` are the security group(s) that will be attached to the Lambda Link function.
+The security groups must allow access to the FSxN management endpoint over port 443.
 No spaces between the security group IDs. Only one is required.
 - `<link_name>` is the name you want to give the link. It is also used as the name assigned to the link Lambda function.
 

From 87ecdf94c54a3cc92a2dc97f48a7168f0d9556bd Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Mon, 10 Feb 2025 10:57:13 -0600
Subject: [PATCH 2/6] Made adjustment based on review.

---
 .../scripts/README.md                         | 18 ++++++++++++++++
 .../scripts/create_SM_relationship            | 10 ++++-----
 .../scripts/create_clone                      |  4 ++--
 .../scripts/create_export_policy              |  5 +++--
 .../scripts/create_snapshot                   |  4 ++--
 .../scripts/create_volume                     |  4 ++--
 CloudFormation/deploy-fsx-ontap/template.yaml | 21 +++++++++++++++++++
 7 files changed, 53 insertions(+), 13 deletions(-)

diff --git a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/README.md b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/README.md
index 56f8bad..ce346e4 100644
--- a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/README.md
+++ b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/README.md
@@ -16,6 +16,24 @@ There are also a couple scripts that can be used to help enable the NetApp FSxN
 |deploy_link | This script will use CloudFormation to deploy a Workload Factory Link.|
 |createClone.py | This is a Python script that will create a clone of a volume using boto to deploy a CloudFormation stack that creates a clone.|
 
+## Usage
+To run these scripts you'll need to download them, change the permissions to be executable, and then run them. For example:
+```bash
+chmod +x create_volume
+./create_volme -r us-west-2 -l arn:aws:lambda:ca-central-1:759999999999:function:wf-link -s arn:aws:secretsmanager:us-east-1:759999999999:secret:fsnSecret-yyaL32 -f fs-02a89999999999999 -v prod -n vol1 -t ../create_volume.yaml
+```
+
+To see the required parameters for each script, you can run the script with the `-h` flag. For example:
+```bash
+./create_volume -h
+Usage: create_volume [-r region] -l link_ARN -s secret_ARN [-k secret_key] -f fsx_id -v svm_name -n volune_name [-z size_in_MB] [-a aggregate] -t template
+Notes:
+  The default region is the region configured in the AWS CLI.
+  The default secret key is 'credentials'.
+  The default aggregate is "aggr1".
+  The default size is 20MB.
+```
+
 ## Author Information
 
 This repository is maintained by the contributors listed on [GitHub](https://github.com/NetApp/FSx-ONTAP-samples-scripts/graphs/contributors).
diff --git a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_SM_relationship b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_SM_relationship
index da97eba..7b854cd 100755
--- a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_SM_relationship
+++ b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_SM_relationship
@@ -12,12 +12,12 @@
 ################################################################################
 usage () {
 cat <<EOF
-Usage: $(basename $0) [--region region] --source-link-arn link_arn --source-secret-arn secret_arn [--source-secret-key password] --source-fsx fsx_id --source-svm svm_name  --source-vol vol_name \\
-                                          --dest-link-arn link_arn   --dest-secret-arn secret_arn   [--dest-sceret-key password]   --dest-fsx fsx_id   --dest-svm svm_name [--dest-vol vol_name_dp] \\
+Usage: $(basename $0) [--region region] --source-link-arn link_arn --source-secret-arn secret_arn [--source-secret-key key] --source-fsx fsx_id --source-svm svm_name  --source-vol vol_name \\
+                                          --dest-link-arn link_arn   --dest-secret-arn secret_arn   [--dest-sceret-key key]   --dest-fsx fsx_id   --dest-svm svm_name [--dest-vol vol_name_dp] \\
                                --template templete_filename [--dest-aggr aggregate1]
 Notes:
   The default region is whatever the default region is in the AWS CLI configuration.
-  The default secret key is 'password'.
+  The default secret key is 'credentials'.
   The default destination volume name is the source volume name with '_dp' appended.
   The default aggregate is 'aggr1'.
 EOF
@@ -26,13 +26,13 @@ EOF
 # Instead of passing a bunch of parameters, set the values of the variables here.
 sourceLinkArn=""
 sourceSecretArn=""
-sourceSecretKey="password"
+sourceSecretKey="credentials"
 sourceFsxId=""
 sourceSvmName=""
 sourceVolumeName=""
 destinationLinkArn=""
 destinationSecretArn=""
-destinationSecretKey="password"
+destinationSecretKey="credentials"
 destinationFsxId=""
 destinationSvmName=""
 destinationAggregate="aggr1"
diff --git a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_clone b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_clone
index d48db22..2874647 100755
--- a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_clone
+++ b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_clone
@@ -12,7 +12,7 @@ cat <<EOF
 Usage: $(basename $0) [-r region] -l link_arn -s secret_arn [-k secretKey] -f fsx_id -v svm_name -p parent_volume_name [-c clone_volume_name] -t templete_filename
 Notes:
     The default region is whatever the default region is for the AWS CLI.
-    The default secretKey is 'password'.
+    The default secretKey is 'credentials'.
     The clone_volume_name defaults to the parent_volume_name with '_clone' appended.
 EOF
 }
@@ -20,7 +20,7 @@ EOF
 # Set the default values.
 linkArn=""
 secretArn=""
-secretKey="password"
+secretKey="credentials"
 fsxId=""
 svmName=""
 parentVolumeName=""
diff --git a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_export_policy b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_export_policy
index 8bf8519..5457403 100755
--- a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_export_policy
+++ b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_export_policy
@@ -11,17 +11,18 @@
 ################################################################################
 usage () {
 cat <<EOF
-Usage: $(basename $0) [-r region] -l link_ARN -s secret_ARN -k secret_key -f fsx_id -v svm_name -n policy_name [-p protocols] -c match_CIDR -t templete_filename
+Usage: $(basename $0) [-r region] -l link_ARN -s secret_ARN [-k secret_key] -f fsx_id -v svm_name -n policy_name [-p protocols] -c match_CIDR -t templete_filename
 Notes:
     The default region is whatever the default region is set in the AWS CLI.
     The default protocols is "any"
+    The default secret_key is "credentials"
 EOF
 }
 #
 # Set the default values.
 linkArn=""
 secretArn=""
-secretKey="password"
+secretKey="credentials"
 fsxId=""
 svmName=""
 policyName=""
diff --git a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_snapshot b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_snapshot
index 7417fcb..e5fd930 100755
--- a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_snapshot
+++ b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_snapshot
@@ -13,14 +13,14 @@ cat <<EOF
 Usage: $(basename $0) [-r region] -l link_ARN -s secret_ARN [-k secret_key] -f fsx_id -v svm_name -n volume_name -p snapshot_name -t templete_filename
 Notes:
   The default region is the region configured in the AWS CLI.
-  The default secret key is 'password'.
+  The default secret key is 'credentials'.
 EOF
 }
 #
 # Set the default values.
 linkArn=""
 secretArn=""
-secretKey="password"
+secretKey="credentials"
 fsxId=""
 svmName=""
 volumeName=""
diff --git a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_volume b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_volume
index c99a123..738a08f 100755
--- a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_volume
+++ b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/scripts/create_volume
@@ -13,7 +13,7 @@ cat <<EOF
 Usage: $(basename $0) [-r region] -l link_ARN -s secret_ARN [-k secret_key] -f fsx_id -v svm_name -n volune_name [-z size_in_MB] [-a aggregate] -t template
 Notes:
   The default region is the region configured in the AWS CLI.
-  The default secret key is 'password'.
+  The default secret key is 'credentials'.
   The default aggregate is "aggr1".
   The default size is 20MB.
 EOF
@@ -22,7 +22,7 @@ EOF
 # Set the default values.
 linkArn=""
 secretArn=""
-secretKey="password"
+secretKey="credentials"
 fsxId=""
 volumeName=""
 svmName=""
diff --git a/CloudFormation/deploy-fsx-ontap/template.yaml b/CloudFormation/deploy-fsx-ontap/template.yaml
index 401a1f6..1561e41 100644
--- a/CloudFormation/deploy-fsx-ontap/template.yaml
+++ b/CloudFormation/deploy-fsx-ontap/template.yaml
@@ -13,6 +13,9 @@ Metadata:
           - ThroughputCapacity
           - PrimarySubnet
           - SecurityGroupIds
+          - BackupRetentionDays
+          - DailyAutomaticBackupStartTime
+          - WeeklyMaintenanceStartTime
       - Label:
           default: "Scale Out Only Parameters"
         Parameters:
@@ -59,6 +62,21 @@ Parameters:
   PrimarySubnet:
     Description: "The primary subnet."
     Type: "AWS::EC2::Subnet::Id"
+
+  BackupRetentionDays:
+    Description: "The number of days to retain backups for. The default is 30. If set to 0, backups are disabled."
+    Type: Number
+    Default: 30
+
+  DailyAutomaticBackupStartTime:
+    Description: "The preferred time, in UTC, to take daily automatic backups. The default is 00:00."
+    Type: String
+    Default: "00:00"
+
+  WeeklyMaintenanceStartTime:
+    Description: "The preferred time, in UTC, to perform weekly maintenance. The format d:hh:mm where Monday = 1 and Sunday = 7. The default is 7:00:00."
+    Type: String
+    Default: "7:00:00"
   #
   # Unfortunately, has to be set to type String since it is an optional parameter.
   SecondarySubnet:
@@ -97,6 +115,9 @@ Resources:
       SubnetIds: [!Ref PrimarySubnet, !If [ MultiAZ, !Ref SecondarySubnet, !Ref "AWS::NoValue" ]]
       SecurityGroupIds: !Ref SecurityGroupIds
       OntapConfiguration:
+        AutomaticBackupRetentionDays: !Ref BackupRetentionDays
+        DailyAutomaticBackupStartTime: !Ref DailyAutomaticBackupStartTime
+        WeeklyMaintenanceStartTime: !Ref WeeklyMaintenanceStartTime
         DeploymentType: !Ref DeploymentType
         ThroughputCapacityPerHAPair: !Ref ThroughputCapacity
         HAPairs: !If [ ScaleOut, !Ref HAPairs, 1 ]

From a2855a51d56203112bf88fb9427b82d4e88a6768 Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Mon, 10 Feb 2025 14:48:13 -0600
Subject: [PATCH 3/6] Added instructions on how to create a secret.

---
 .../README.md                                  | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md
index 7bd02c6..7cd5f79 100644
--- a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md
+++ b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md
@@ -91,7 +91,23 @@ The security groups must allow access to the FSxN management endpoint over port
 No spaces between the security group IDs. Only one is required.
 - `<link_name>` is the name you want to give the link. It is also used as the name assigned to the link Lambda function.
 
-Once you have done this, you are ready to start using the examples in this repository.
+### Step 4: Create an AWS Secret Manager Secret
+All of the extensions use an AWS Secrets Manager secret to obtain the credentials needed to manage the FSx for ONTAP file system.
+The secret should be a JSON object with the one key. The key can be named anything, but the value should be of the form `"username:passwwrd"`.
+This allows you to use any username you want. If you want to use fsxadmin (the default admin for an FSx for ONTAP file system), then the value can be just that user's password.
+
+The following command can be used to create a secret:
+```
+aws secretsmanager create-secret --name <secret-name> --secret-string '{"<key-name>":"<username>:<password>"}'
+
+Where
+<secret-name> is the name you want to give the secret.
+<key-name> is the name of the key in the secret. It can be anything you want.
+<username> is the username you want to use to manage the FSx for ONTAP file system.
+<password> is the password for the username.
+```
+
+Once you have done the above steps you are ready to start using the examples in this repository.
 
 | File | Description |
 |------|-------------|

From 4c5f15c58afe20aa6864c6fa2c9644a2b3898387 Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Mon, 10 Feb 2025 14:51:05 -0600
Subject: [PATCH 4/6] Added instructions on how to create a secret.

---
 .../NetApp-FSxN-Custom-Resources-Samples/README.md          | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md
index 7cd5f79..684541d 100644
--- a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md
+++ b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md
@@ -99,14 +99,16 @@ This allows you to use any username you want. If you want to use fsxadmin (the d
 The following command can be used to create a secret:
 ```
 aws secretsmanager create-secret --name <secret-name> --secret-string '{"<key-name>":"<username>:<password>"}'
-
-Where
+```
+Where:
+```
 <secret-name> is the name you want to give the secret.
 <key-name> is the name of the key in the secret. It can be anything you want.
 <username> is the username you want to use to manage the FSx for ONTAP file system.
 <password> is the password for the username.
 ```
 
+## Sample CloudFormation Templates
 Once you have done the above steps you are ready to start using the examples in this repository.
 
 | File | Description |

From 79137dfbcee04f9283d3cf52054f51cf9377c2e4 Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Mon, 10 Feb 2025 14:57:49 -0600
Subject: [PATCH 5/6] Added reference to new samples that have been added.

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 85c8337..9e9fc5f 100644
--- a/README.md
+++ b/README.md
@@ -22,9 +22,12 @@ Have a great idea? We'd love to hear it! Please email us at [ng-fsxn-github-samp
     * [FSx ONTAP inventory report](/Ansible/fsx_inventory_report)
     * [SnapMirror report](/Ansible/snapmirror_report)
 * [CloudFormation](/CloudFormation)
+    * [NetApp-FSxN-Custom-Resources-Samples](/CloudFormation/NetApp-FSxN-Custom-Resources-Samples)
     * [deploy-fsx-ontap](/CloudFormation/deploy-fsx-ontap)
 * [EKS](/EKS)
+    * [Backup-EKS-Applications-with-Trident-Protect](/EKS/Backup-EKS-Applications-with-Trident-Protect)
     * [FSx for NetApp ONTAP as persistent storage for EKS](/EKS/FSxN-as-PVC-for-EKS)
+    * [PV-Migrate-with-Trident-Protect](/EKS/PV-Migrate-with-Trident-Protect)
 * [Management Utilities](/Management-Utilities)
     * [Auto Create SnapMirror Relationships](/Management-Utilities/auto_create_sm_relationships)
     * [Auto Set FSxN Auto Grow](/Management-Utilities/auto_set_fsxn_auto_grow)
@@ -36,6 +39,7 @@ Have a great idea? We'd love to hear it! Please email us at [ng-fsxn-github-samp
     * [CloudWatch Dashboard for FSx for ONTAP](/Monitoring/CloudWatch-FSx)
     * [Export LUN metrics from an FSx ONTAP to Amazon CloudWatch](/Monitoring/LUN-monitoring)
     * [Automatically Add CloudWatch Alarms for FSx Resources](/Monitoring/auto-add-cw-alarms)
+    * [Ingest NAS audit logs into CloudWatch](/Monitoring/ingest_nas_audit_logs_into_cloudwatch)
     * [Monitor ONTAP metrics from FSx ONTAP using python Lambda function](/Monitoring/monitor-ontap-services)
     * [Monitor FSx for ONTAP with Harvest on EKS](/Monitoring/monitor_fsxn_with_harvest_on_eks)
 * [Solutions](/Solutions)

From f50493a070e3f3a7d12730b4b97d1d02d80b30b4 Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Mon, 10 Feb 2025 15:06:32 -0600
Subject: [PATCH 6/6] Added instructions on how to create a secret.

---
 CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md
index 684541d..7c36978 100644
--- a/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md
+++ b/CloudFormation/NetApp-FSxN-Custom-Resources-Samples/README.md
@@ -93,7 +93,7 @@ No spaces between the security group IDs. Only one is required.
 
 ### Step 4: Create an AWS Secret Manager Secret
 All of the extensions use an AWS Secrets Manager secret to obtain the credentials needed to manage the FSx for ONTAP file system.
-The secret should be a JSON object with the one key. The key can be named anything, but the value should be of the form `"username:passwwrd"`.
+The secret should be a JSON object with the one key. The key can be named anything, but the value should be of the form `"username:password"`.
 This allows you to use any username you want. If you want to use fsxadmin (the default admin for an FSx for ONTAP file system), then the value can be just that user's password.
 
 The following command can be used to create a secret: