NetApp · nichollri · Feb 10, 2025 · Feb 6, 2025 · Feb 6, 2025 · Feb 10, 2025
@@ -56,7 +56,7 @@ Outputs:
 ```
 You can use the above template to create the role by running the following command:
 ```
-aws cloudformation create-stack --stack-name create_execution_role_for_NetApp_CF_extensions --template-body file://<path-to-template> --capabilities CAPABILITY_NAMED_IAM
+aws cloudformation create-stack --stack-name CreateExecutionRoleForNetAppCFextensions --template-body file://<path-to-template> --capabilities CAPABILITY_NAMED_IAM
 ```
 
 ### Step 2: Activate the Extensions
@@ -86,11 +86,30 @@ Where:
 - `<aws-region>` is the AWS region you want to activate the extensions in.
 - `<subnet-id>,<subnet-id>` are the subnet(s) you want to deploy the link in. No spaces between the subnet IDs.
 Only one is required, but is recommended to have at least two. These subnets must have access to the FSxN management endpoint.
-- `<security-group-id>,<security-group-id>` are the security group that will be attached to the Lambda Link function.
+- `<security-group-id>,<security-group-id>` are the security group(s) that will be attached to the Lambda Link function.
+The security groups must allow access to the FSxN management endpoint over port 443.
 No spaces between the security group IDs. Only one is required.
 - `<link_name>` is the name you want to give the link. It is also used as the name assigned to the link Lambda function.
 
-Once you have done this, you are ready to start using the examples in this repository.
+### Step 4: Create an AWS Secret Manager Secret
+All of the extensions use an AWS Secrets Manager secret to obtain the credentials needed to manage the FSx for ONTAP file system.
+The secret should be a JSON object with the one key. The key can be named anything, but the value should be of the form `"username:password"`.
+This allows you to use any username you want. If you want to use fsxadmin (the default admin for an FSx for ONTAP file system), then the value can be just that user's password.
+
+The following command can be used to create a secret:
+```
+aws secretsmanager create-secret --name <secret-name> --secret-string '{"<key-name>":"<username>:<password>"}'
+```
+Where:
+```
+<secret-name> is the name you want to give the secret.
+<key-name> is the name of the key in the secret. It can be anything you want.
+<username> is the username you want to use to manage the FSx for ONTAP file system.
+<password> is the password for the username.
+```
+
+## Sample CloudFormation Templates
+Once you have done the above steps you are ready to start using the examples in this repository.
 
 | File | Description |
 |------|-------------|

@@ -16,6 +16,24 @@ There are also a couple scripts that can be used to help enable the NetApp FSxN
 |deploy_link | This script will use CloudFormation to deploy a Workload Factory Link.|
 |createClone.py | This is a Python script that will create a clone of a volume using boto to deploy a CloudFormation stack that creates a clone.|
 
+## Usage
+To run these scripts you'll need to download them, change the permissions to be executable, and then run them. For example:
+```bash
+chmod +x create_volume
+./create_volme -r us-west-2 -l arn:aws:lambda:ca-central-1:759999999999:function:wf-link -s arn:aws:secretsmanager:us-east-1:759999999999:secret:fsnSecret-yyaL32 -f fs-02a89999999999999 -v prod -n vol1 -t ../create_volume.yaml
+```
+
+To see the required parameters for each script, you can run the script with the `-h` flag. For example:
+```bash
+./create_volume -h
+Usage: create_volume [-r region] -l link_ARN -s secret_ARN [-k secret_key] -f fsx_id -v svm_name -n volune_name [-z size_in_MB] [-a aggregate] -t template
+Notes:
+  The default region is the region configured in the AWS CLI.
+  The default secret key is 'credentials'.
+  The default aggregate is "aggr1".
+  The default size is 20MB.
+```
+
 ## Author Information
 
 This repository is maintained by the contributors listed on [GitHub](https://github.com/NetApp/FSx-ONTAP-samples-scripts/graphs/contributors).

@@ -12,12 +12,12 @@
 ################################################################################
 usage () {
 cat <<EOF
-Usage: $(basename $0) [--region region] --source-link-arn link_arn --source-secret-arn secret_arn [--source-secret-key password] --source-fsx fsx_id --source-svm svm_name  --source-vol vol_name \\
-                                          --dest-link-arn link_arn   --dest-secret-arn secret_arn   [--dest-sceret-key password]   --dest-fsx fsx_id   --dest-svm svm_name [--dest-vol vol_name_dp] \\
+Usage: $(basename $0) [--region region] --source-link-arn link_arn --source-secret-arn secret_arn [--source-secret-key key] --source-fsx fsx_id --source-svm svm_name  --source-vol vol_name \\
+                                          --dest-link-arn link_arn   --dest-secret-arn secret_arn   [--dest-sceret-key key]   --dest-fsx fsx_id   --dest-svm svm_name [--dest-vol vol_name_dp] \\
                                --template templete_filename [--dest-aggr aggregate1]
 Notes:
   The default region is whatever the default region is in the AWS CLI configuration.
-  The default secret key is 'password'.
+  The default secret key is 'credentials'.
   The default destination volume name is the source volume name with '_dp' appended.
   The default aggregate is 'aggr1'.
 EOF
@@ -26,13 +26,13 @@ EOF
 # Instead of passing a bunch of parameters, set the values of the variables here.
 sourceLinkArn=""
 sourceSecretArn=""
-sourceSecretKey="password"
+sourceSecretKey="credentials"
 sourceFsxId=""
 sourceSvmName=""
 sourceVolumeName=""
 destinationLinkArn=""
 destinationSecretArn=""
-destinationSecretKey="password"
+destinationSecretKey="credentials"
 destinationFsxId=""
 destinationSvmName=""
 destinationAggregate="aggr1"

@@ -12,15 +12,15 @@ cat <<EOF
 Usage: $(basename $0) [-r region] -l link_arn -s secret_arn [-k secretKey] -f fsx_id -v svm_name -p parent_volume_name [-c clone_volume_name] -t templete_filename
 Notes:
     The default region is whatever the default region is for the AWS CLI.
-    The default secretKey is 'password'.
+    The default secretKey is 'credentials'.
     The clone_volume_name defaults to the parent_volume_name with '_clone' appended.
 EOF
 }
 #
 # Set the default values.
 linkArn=""
 secretArn=""
-secretKey="password"
+secretKey="credentials"
 fsxId=""
 svmName=""
 parentVolumeName=""

@@ -11,17 +11,18 @@
 ################################################################################
 usage () {
 cat <<EOF
-Usage: $(basename $0) [-r region] -l link_ARN -s secret_ARN -k secret_key -f fsx_id -v svm_name -n policy_name [-p protocols] -c match_CIDR -t templete_filename
+Usage: $(basename $0) [-r region] -l link_ARN -s secret_ARN [-k secret_key] -f fsx_id -v svm_name -n policy_name [-p protocols] -c match_CIDR -t templete_filename
 Notes:
     The default region is whatever the default region is set in the AWS CLI.
     The default protocols is "any"
+    The default secret_key is "credentials"
 EOF
 }
 #
 # Set the default values.
 linkArn=""
 secretArn=""
-secretKey="password"
+secretKey="credentials"
 fsxId=""
 svmName=""
 policyName=""

@@ -13,14 +13,14 @@ cat <<EOF
 Usage: $(basename $0) [-r region] -l link_ARN -s secret_ARN [-k secret_key] -f fsx_id -v svm_name -n volume_name -p snapshot_name -t templete_filename
 Notes:
   The default region is the region configured in the AWS CLI.
-  The default secret key is 'password'.
+  The default secret key is 'credentials'.
 EOF
 }
 #
 # Set the default values.
 linkArn=""
 secretArn=""
-secretKey="password"
+secretKey="credentials"
 fsxId=""
 svmName=""
 volumeName=""

@@ -13,7 +13,7 @@ cat <<EOF
 Usage: $(basename $0) [-r region] -l link_ARN -s secret_ARN [-k secret_key] -f fsx_id -v svm_name -n volune_name [-z size_in_MB] [-a aggregate] -t template
 Notes:
   The default region is the region configured in the AWS CLI.
-  The default secret key is 'password'.
+  The default secret key is 'credentials'.
   The default aggregate is "aggr1".
   The default size is 20MB.
 EOF
@@ -22,7 +22,7 @@ EOF
 # Set the default values.
 linkArn=""
 secretArn=""
-secretKey="password"
+secretKey="credentials"
 fsxId=""
 volumeName=""
 svmName=""

@@ -13,6 +13,9 @@ Metadata:
           - ThroughputCapacity
           - PrimarySubnet
           - SecurityGroupIds
+          - BackupRetentionDays
+          - DailyAutomaticBackupStartTime
+          - WeeklyMaintenanceStartTime
       - Label:
           default: "Scale Out Only Parameters"
         Parameters:
@@ -59,6 +62,21 @@ Parameters:
   PrimarySubnet:
     Description: "The primary subnet."
     Type: "AWS::EC2::Subnet::Id"
+
+  BackupRetentionDays:
+    Description: "The number of days to retain backups for. The default is 30. If set to 0, backups are disabled."
+    Type: Number
+    Default: 30
+
+  DailyAutomaticBackupStartTime:
+    Description: "The preferred time, in UTC, to take daily automatic backups. The default is 00:00."
+    Type: String
+    Default: "00:00"
+
+  WeeklyMaintenanceStartTime:
+    Description: "The preferred time, in UTC, to perform weekly maintenance. The format d:hh:mm where Monday = 1 and Sunday = 7. The default is 7:00:00."
+    Type: String
+    Default: "7:00:00"
   #
   # Unfortunately, has to be set to type String since it is an optional parameter.
   SecondarySubnet:
@@ -97,6 +115,9 @@ Resources:
       SubnetIds: [!Ref PrimarySubnet, !If [ MultiAZ, !Ref SecondarySubnet, !Ref "AWS::NoValue" ]]
       SecurityGroupIds: !Ref SecurityGroupIds
       OntapConfiguration:
+        AutomaticBackupRetentionDays: !Ref BackupRetentionDays
+        DailyAutomaticBackupStartTime: !Ref DailyAutomaticBackupStartTime
+        WeeklyMaintenanceStartTime: !Ref WeeklyMaintenanceStartTime
         DeploymentType: !Ref DeploymentType
         ThroughputCapacityPerHAPair: !Ref ThroughputCapacity
         HAPairs: !If [ ScaleOut, !Ref HAPairs, 1 ]

@@ -22,9 +22,12 @@ Have a great idea? We'd love to hear it! Please email us at [ng-fsxn-github-samp
     * [FSx ONTAP inventory report](/Ansible/fsx_inventory_report)
     * [SnapMirror report](/Ansible/snapmirror_report)
 * [CloudFormation](/CloudFormation)
+    * [NetApp-FSxN-Custom-Resources-Samples](/CloudFormation/NetApp-FSxN-Custom-Resources-Samples)
     * [deploy-fsx-ontap](/CloudFormation/deploy-fsx-ontap)
 * [EKS](/EKS)
+    * [Backup-EKS-Applications-with-Trident-Protect](/EKS/Backup-EKS-Applications-with-Trident-Protect)
     * [FSx for NetApp ONTAP as persistent storage for EKS](/EKS/FSxN-as-PVC-for-EKS)
+    * [PV-Migrate-with-Trident-Protect](/EKS/PV-Migrate-with-Trident-Protect)
 * [Management Utilities](/Management-Utilities)
     * [Auto Create SnapMirror Relationships](/Management-Utilities/auto_create_sm_relationships)
     * [Auto Set FSxN Auto Grow](/Management-Utilities/auto_set_fsxn_auto_grow)
@@ -36,6 +39,7 @@ Have a great idea? We'd love to hear it! Please email us at [ng-fsxn-github-samp
     * [CloudWatch Dashboard for FSx for ONTAP](/Monitoring/CloudWatch-FSx)
     * [Export LUN metrics from an FSx ONTAP to Amazon CloudWatch](/Monitoring/LUN-monitoring)
     * [Automatically Add CloudWatch Alarms for FSx Resources](/Monitoring/auto-add-cw-alarms)
+    * [Ingest NAS audit logs into CloudWatch](/Monitoring/ingest_nas_audit_logs_into_cloudwatch)
     * [Monitor ONTAP metrics from FSx ONTAP using python Lambda function](/Monitoring/monitor-ontap-services)
     * [Monitor FSx for ONTAP with Harvest on EKS](/Monitoring/monitor_fsxn_with_harvest_on_eks)
 * [Solutions](/Solutions)