To mount an AWS FSx NetApp ONTAP file system, you will need the DNS name or IP address of the Storage Virtual Machine and the Volume endpoint (junction path). For example, if mounting the file system on EC2 instance, the mount command could be used.

sudo mount --type nfs <SVM DNS name or IP address>:/<volume endpoint> /example

A Storage Virtual Machine (SVM) is a logical grouping of volumes.

Let's say you have the following files on your Terraform server.

├── required_providers.tf
├── netapp (directory, child module)
│   ├── data.tf
│   ├── outputs.tf
│   ├── provider.tf
│   ├── resources.tf

required_providers.tf will almost always have this.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
    }
  }
}

provider.tf could have something like this.

provider "aws" {
  alias   = "default"
  profile = "default"
  region  = "default"
}

Let's say there are three Virtual Private Cloud (VPC) Subnets, each in a different availability zone.

data.tf could then have something like this.

data "aws_subnet" "us-east-1a-subnet" {
  filter {
    name = "tag:Name"
    values = ["us-east-1a-subnet"]
  }
}

data "aws_subnet" "us-east-1b-subnet" {
  filter {
    name = "tag:Name"
    values = ["us-east-1b-subnet"]
  }
}

And resources.tf could have something like this. In this example, the Virtual Private Cloud (VPC) subnet IDs are obtained from data.tf.

resource "aws_security_group" "aws_fsx_ontap_file_system_security_group" {
  name = "FSx ONTAP Security Group"
  description = "Security Group for FSx ONTAP File System"
  vpc_id = data.aws_vpc.my_vpc.id

  ingress {
    description = "Allow NFS (Network File System)"
    from_port = 2049
    to_port = 2049
    protocol = "tcp"
    cidr_blocks = ["10.0.1.0/24","10.0.2.0/24","10.0.3.0/24"]
  }

  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "FSx ONTAP Security Group"
  }
}

resource "aws_fsx_ontap_file_system" "my_aws_fsx_ontap_file_system" {

  # GB (e.g. 1024 GB)
  # must be a value between 1024 and 196608
  storage_capacity = 1024

  # MB/s (megabits per second)
  # valid values are: 128 256 512 1024 2048
  throughput_capacity = 128

  # MULTI_AZ_1 (multiple availability zones such as us-east-1 and us-east-2) or SINGLE_AZ_1 (a single availability zone such as us-east-1)
  deployment_type = "MULTI_AZ_1"

  # If deployment_type is SINGLE_AZ_1 then subnet_ids should have 1 subnet ID
  # If deployment_type is MULTI_AZ_1 then subnet_ids should have 2 subnet IDs. Only 2 subnet IDs maximum may be listed.
  subnet_ids = [data.aws_subnet.us-east-1a-subnet.id, data.aws_subnets.us-east-1b-subnet.id]

  # The preferred subnet ID must also be in subnet_ids
  preferred_subnet_id = data.aws_subnet.us-east-1a-subnet.id

  # Optional
  automatic_backup_retention_days = 14
  daily_automatic_backup_start_time = "01:00"

  # Optional - A dedicated Security Group for the NetApp FSx ONTAP file system
  security_group_ids = aws_security_group.aws_fsx_ontap_file_system_security_group.id
}

resource "aws_fsx_ontap_storage_virtual_machine" "my_aws_fsx_ontap_storage_virtual_machine" {
  file_system_id = aws_fsx_ontap_file_system.fsx_netapp_ontap_file_system.id
  name           = FSx-NetApp-ONTAP-SVM
}

resource "aws_fsx_ontap_volume" "my_aws_fsx_ontap_volume" {
  for_each = {
    "volume1" = "/vol1"
    "volume2" = "/vol2"
  }

  name                       = each.key
  junction_path              = each.value
  size_in_megabytes          = 1024
  storage_efficiency_enabled = true
  storage_virtual_machine_id = aws_fsx_ontap_storage_virtual_machine.my_fsx_netapp_ontap_storage_virtual_machine.id
}

You may need to reissue the terraform init command.

terraform init

The terraform plan command can be used to see what Terraform will try to do.

By default, the terraform.tfstate file should be found in your root module directory (/path/to/aws in this example).

• If the NetApp file system does not exist and the terraform.tfstate file does not contain the NetApp file system, Terraform will create the NetApp file system.
• If the NetApp file system exists and the terraform.tfstate file contains the NetApp file system and a difference is found between the netapp.tf file and the terraform.tfstate file, Terraform will update the NetApp File System.
• If the NetApp file system exists and the terraform.tfstate file contains the NetApp file system and the NetApp file system is removed from the netapp.tf file, Terraform will destroy (delete) the NetApp File System.

The terraform apply command can be used to create, update or delete the NetApp file system. Be aware that this will probably take a long time, probably because the minimum storage capacity is 1024 GB (1 TB).

netapp.aws_fsx_ontap_file_system.my-fsx-netapp-ontap-file-system: Creating...
netapp.aws_fsx_ontap_file_system.my-fsx-netapp-ontap-file-system: Creation complete after 5s [id=fs-056a3b9ea34bd8067 ]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

You should see something like this in the AWS Amazon FSx Console.

And you should also be able to get the DNS name and IP address that will be used to mount the NFS share.

And the volumes.

If you create the NetApp FSx ONTAP file system with security_group_ids, then you can control the inbound and outbound connection. For example, you could only allow inbound connections on NFS port 2049.

In this scenario, the following command could be used to mount the volume in an EC2 instance that is in the same Availability Zone as the FSx NetApp ONTAP file system.

AVOID TROUBLE

The EC2 instance should be in the same Virtual Private Cloud as the FSx NetApp ONTAP file system

The EC2 instance will need to be in the same subnet as the FSx NetApp ONTAP file system (e.g. 10.0.2.0/24)

sudo mount --type nfs 198.19.255.172:/vol1 /example