AWSStorageintermediate

AWS FSx Guide

Choose the right FSx variant: Lustre for HPC, Windows File Server, NetApp ONTAP, and OpenZFS.

CloudToolStack Team24 min readPublished Mar 14, 2026

Prerequisites

Basic understanding of file storage and NFS/SMB protocols
Familiarity with AWS networking (VPC, subnets, security groups)

Overview of Amazon FSx

Amazon FSx provides fully managed, high-performance file systems optimized for specific workloads. Unlike Amazon EFS, which offers a general-purpose NFS file system, FSx provides four specialized file system types, each built on a different technology and optimized for different use cases: FSx for Lustre (HPC and ML), FSx for Windows File Server (Windows workloads), FSx for NetApp ONTAP (enterprise NAS), and FSx for OpenZFS (Linux workloads requiring ZFS features).

Choosing the right FSx variant depends on your workload requirements: protocol support (NFS, SMB, or Lustre), performance characteristics (throughput, IOPS, latency), data management features (snapshots, replication, tiering), and integration needs (Active Directory, S3, on-premises). This guide covers all four FSx variants with architecture decisions, provisioning, configuration, and operational best practices.

When to Use FSx vs EFS vs EBS

Use EBS for block storage attached to a single EC2 instance. Use EFS for simple shared NFS storage across multiple EC2 instances or containers. Use FSx when you need specialized file system features: Lustre for HPC, Windows File Server for SMB/AD workloads, ONTAP for multi-protocol enterprise NAS, or OpenZFS for ZFS features like snapshots and compression.

FSx for Lustre

FSx for Lustre provides a high-performance parallel file system designed for compute-intensive workloads such as machine learning training, high-performance computing (HPC), financial modeling, and video rendering. Lustre can deliver hundreds of gigabytes per second of throughput and millions of IOPS with sub-millisecond latency.

A key feature of FSx for Lustre is its native integration with Amazon S3. You can link a Lustre file system to an S3 bucket, and the file system transparently presents S3 objects as files. When a compute job reads a file, Lustre lazily loads it from S3. When the job writes output, you can export the results back to S3. This makes Lustre ideal for processing large datasets stored in S3 without copying them first.

bash

# Create a persistent FSx for Lustre file system linked to S3
aws fsx create-file-system \
  --file-system-type LUSTRE \
  --storage-capacity 4800 \
  --storage-type SSD \
  --subnet-ids subnet-0abc123 \
  --security-group-ids sg-0abc123 \
  --lustre-configuration '{
    "DeploymentType": "PERSISTENT_2",
    "PerUnitStorageThroughput": 250,
    "DataCompressionType": "LZ4",
    "ImportPath": "s3://my-training-data/",
    "ExportPath": "s3://my-training-data/output/",
    "AutoImportPolicy": "NEW_CHANGED_DELETED"
  }' \
  --tags Key=Project,Value=ml-training Key=Environment,Value=production

# Mount Lustre on an EC2 instance
# sudo amazon-linux-extras install -y lustre
# sudo mount -t lustre fs-0abc123.fsx.us-east-1.amazonaws.com@tcp:/fsx /mnt/lustre

# Export data back to S3
aws fsx create-data-repository-task \
  --file-system-id fs-0abc123 \
  --type EXPORT_TO_REPOSITORY \
  --paths "/output/" \
  --report '{"Enabled": true, "Path": "s3://my-training-data/reports/", "Format": "REPORT_CSV_20191124", "Scope": "FAILED_FILES_ONLY"}'

Lustre Deployment Types

Type	Use Case	Durability	Throughput
Scratch	Temporary workloads, short-term processing	No replication (data not persisted if server fails)	200 MB/s per TiB
Persistent 1	Long-running workloads, data replicated in AZ	Replicated within AZ	50-200 MB/s per TiB
Persistent 2	Latency-sensitive workloads (latest generation)	Replicated within AZ, SSD only	125-1000 MB/s per TiB

FSx for Windows File Server

FSx for Windows File Server provides a fully managed Windows-native file system built on Windows Server. It supports the SMB protocol, NTFS, Active Directory integration, DFS namespaces, DFS replication, shadow copies, and all the features Windows applications expect. This makes it ideal for migrating Windows file shares, home directories, .NET applications, SQL Server databases, and Microsoft workloads to AWS.

bash

# Create an FSx for Windows File Server (joined to Active Directory)
aws fsx create-file-system \
  --file-system-type WINDOWS \
  --storage-capacity 1024 \
  --storage-type SSD \
  --subnet-ids subnet-0abc123 subnet-0def456 \
  --security-group-ids sg-0abc123 \
  --windows-configuration '{
    "ThroughputCapacity": 64,
    "ActiveDirectoryId": "d-0abc123456",
    "DeploymentType": "MULTI_AZ_1",
    "PreferredSubnetId": "subnet-0abc123",
    "AutomaticBackupRetentionDays": 30,
    "DailyAutomaticBackupStartTime": "02:00",
    "CopyTagsToBackups": true,
    "AuditLogConfiguration": {
      "FileAccessAuditLogLevel": "SUCCESS_AND_FAILURE",
      "FileShareAccessAuditLogLevel": "SUCCESS_AND_FAILURE",
      "AuditLogDestination": "arn:aws:logs:us-east-1:123456789012:log-group:/fsx/audit-logs"
    }
  }'

# Mount from a Windows EC2 instance (PowerShell):
# net use Z: \\amznfsxabc123.corp.company.com\share

# Mount from a Linux EC2 instance (CIFS):
# sudo mount -t cifs //amznfsxabc123.corp.company.com/share /mnt/fsx \
#   -o vers=3.0,sec=krb5,cruid=user@CORP.COMPANY.COM

FSx for NetApp ONTAP

FSx for NetApp ONTAP brings the full feature set of NetApp's enterprise storage platform to AWS as a managed service. It supports NFS, SMB, and iSCSI protocols simultaneously, making it the most versatile FSx option. Key features include thin provisioning, data deduplication, compression, SnapMirror replication, FlexClone volumes, and storage tiering between SSD and cheaper capacity pool storage.

bash

# Create an FSx for NetApp ONTAP file system
aws fsx create-file-system \
  --file-system-type ONTAP \
  --storage-capacity 2048 \
  --storage-type SSD \
  --subnet-ids subnet-0abc123 subnet-0def456 \
  --security-group-ids sg-0abc123 \
  --ontap-configuration '{
    "DeploymentType": "MULTI_AZ_1",
    "ThroughputCapacity": 512,
    "PreferredSubnetId": "subnet-0abc123",
    "AutomaticBackupRetentionDays": 30,
    "DiskIopsConfiguration": {
      "Mode": "AUTOMATIC"
    }
  }'

# Create a storage virtual machine (SVM)
aws fsx create-storage-virtual-machine \
  --file-system-id fs-0abc123 \
  --name "svm-prod" \
  --root-volume-security-style UNIX

# Create a volume
aws fsx create-volume \
  --volume-type ONTAP \
  --name "app-data" \
  --ontap-configuration '{
    "StorageVirtualMachineId": "svm-0abc123",
    "JunctionPath": "/app-data",
    "SizeInMegabytes": 102400,
    "StorageEfficiencyEnabled": true,
    "TieringPolicy": {
      "Name": "AUTO",
      "CoolingPeriod": 31
    },
    "SnapshotPolicy": "default"
  }'

Terraform ONTAP Configuration

hcl

resource "aws_fsx_ontap_file_system" "main" {
  storage_capacity    = 2048
  subnet_ids          = [aws_subnet.primary.id, aws_subnet.secondary.id]
  deployment_type     = "MULTI_AZ_1"
  throughput_capacity = 512
  preferred_subnet_id = aws_subnet.primary.id

  automatic_backup_retention_days = 30

  tags = {
    Name        = "prod-ontap"
    Environment = "production"
  }
}

resource "aws_fsx_ontap_storage_virtual_machine" "main" {
  file_system_id     = aws_fsx_ontap_file_system.main.id
  name               = "svm-prod"
  root_volume_security_style = "UNIX"
}

resource "aws_fsx_ontap_volume" "app_data" {
  name                       = "app_data"
  junction_path              = "/app-data"
  size_in_megabytes          = 102400
  storage_virtual_machine_id = aws_fsx_ontap_storage_virtual_machine.main.id
  storage_efficiency_enabled = true

  tiering_policy {
    name           = "AUTO"
    cooling_period = 31
  }
}

FSx for OpenZFS

FSx for OpenZFS provides a managed OpenZFS file system with NFS access. It is designed for Linux workloads that need ZFS features such as instant snapshots, cloning, data compression (LZ4 or ZSTD), and high IOPS. OpenZFS is a good choice for migrating on-premises ZFS or NFS workloads to AWS, DevOps environments needing fast clones, and databases requiring consistent snapshots.

bash

# Create an FSx for OpenZFS file system
aws fsx create-file-system \
  --file-system-type OPENZFS \
  --storage-capacity 512 \
  --storage-type SSD \
  --subnet-ids subnet-0abc123 \
  --security-group-ids sg-0abc123 \
  --open-zfs-configuration '{
    "DeploymentType": "SINGLE_AZ_2",
    "ThroughputCapacity": 320,
    "RootVolumeConfiguration": {
      "DataCompressionType": "LZ4",
      "NfsExports": [
        {
          "ClientConfigurations": [
            {
              "Clients": "10.0.0.0/8",
              "Options": ["rw", "crossmnt", "no_root_squash"]
            }
          ]
        }
      ]
    }
  }'

# Create a snapshot
aws fsx create-snapshot \
  --name "pre-upgrade-snapshot" \
  --volume-id fsvol-0abc123

# Create a volume clone from snapshot (instant, zero-copy)
aws fsx create-volume \
  --volume-type OPENZFS \
  --name "dev-clone" \
  --open-zfs-configuration '{
    "ParentVolumeId": "fsvol-0abc123",
    "OriginSnapshot": {
      "SnapshotARN": "arn:aws:fsx:us-east-1:123456789012:snapshot/fsvolsnap-0abc123",
      "CopyStrategy": "CLONE"
    },
    "DataCompressionType": "LZ4",
    "NfsExports": [
      {
        "ClientConfigurations": [
          {
            "Clients": "10.0.0.0/8",
            "Options": ["rw", "crossmnt"]
          }
        ]
      }
    ]
  }'

FSx Variant Comparison

Feature	Lustre	Windows	ONTAP	OpenZFS
Protocol	Lustre	SMB	NFS, SMB, iSCSI	NFS
OS Support	Linux	Windows, Linux (CIFS)	Linux, Windows, macOS	Linux
Max Throughput	Hundreds of GB/s	2 GB/s	4 GB/s	10 GB/s
S3 Integration	Native (data repository)	No	FabricPool tiering	No
Active Directory	No	Required	Optional	No
Multi-AZ	No	Yes	Yes	Yes (Multi-AZ)
Deduplication	No	Yes	Yes	No
Best For	HPC, ML training	Windows workloads	Enterprise NAS migration	ZFS workloads, dev clones

Performance Tuning and Monitoring

Each FSx variant publishes metrics to CloudWatch. Monitor these metrics to ensure your file system is properly sized and to detect performance bottlenecks before they affect workloads.

bash

# Monitor FSx for Lustre throughput
aws cloudwatch get-metric-statistics \
  --namespace "AWS/FSx" \
  --metric-name "DataReadBytes" \
  --dimensions Name=FileSystemId,Value=fs-0abc123 \
  --start-time "$(date -u -v-1H '+%Y-%m-%dT%H:%M:%S')" \
  --end-time "$(date -u '+%Y-%m-%dT%H:%M:%S')" \
  --period 60 \
  --statistics Sum \
  --output table

# Key metrics to monitor per variant:
# Lustre: DataReadBytes, DataWriteBytes, FreeStorageCapacity
# Windows: FreeStorageCapacity, NetworkThroughput, DiskReadOps
# ONTAP: StorageUsed, StorageCapacity, NetworkThroughput
# OpenZFS: DataReadBytes, DataWriteBytes, DiskIopsUtilization

# Create a CloudWatch alarm for low storage
aws cloudwatch put-metric-alarm \
  --alarm-name "fsx-low-storage" \
  --namespace "AWS/FSx" \
  --metric-name "FreeStorageCapacity" \
  --dimensions Name=FileSystemId,Value=fs-0abc123 \
  --statistic Average \
  --period 300 \
  --evaluation-periods 3 \
  --threshold 107374182400 \
  --comparison-operator LessThanThreshold \
  --alarm-actions "arn:aws:sns:us-east-1:123456789012:ops-alerts"

Backup, DR, and Data Protection

All FSx file systems support automatic daily backups with configurable retention. Backups are incremental and stored in S3. You can create on-demand backups before maintenance events or major changes. For cross-region disaster recovery, use backup copy or, for ONTAP, SnapMirror replication.

bash

# Create an on-demand backup
aws fsx create-backup \
  --file-system-id fs-0abc123 \
  --tags Key=Purpose,Value=pre-upgrade

# List backups
aws fsx describe-backups \
  --filters Name=file-system-id,Values=fs-0abc123 \
  --query 'Backups[].{Id:BackupId, Type:Type, Created:CreationTime, Status:Lifecycle}' \
  --output table

# Restore from backup (creates a new file system)
aws fsx create-file-system-from-backup \
  --backup-id backup-0abc123 \
  --subnet-ids subnet-0abc123 \
  --security-group-ids sg-0abc123

# Copy backup to another region (for DR)
aws fsx copy-backup \
  --source-backup-id backup-0abc123 \
  --source-region us-east-1 \
  --region us-west-2

ONTAP SnapMirror for Cross-Region DR

FSx for NetApp ONTAP supports SnapMirror replication between file systems in different regions. SnapMirror provides asynchronous replication with RPO as low as 5 minutes, making it ideal for disaster recovery. Unlike backup-based DR, SnapMirror maintains a hot standby that can be promoted in minutes during a failover event.

AWS Disaster Recovery Strategies EC2 Instance Types Guide

Key Takeaways

1FSx for Lustre provides sub-millisecond latency and native S3 integration for HPC/ML workloads.
2FSx for Windows requires Active Directory and supports SMB, DFS, and shadow copies.
3FSx for ONTAP supports NFS, SMB, and iSCSI simultaneously with deduplication and tiering.
4FSx for OpenZFS provides instant snapshots and zero-copy clones for dev/test workflows.

Frequently Asked Questions

When should I use FSx instead of EFS?

Use EFS for simple shared NFS storage across EC2/containers. Use FSx when you need specialized features: Lustre for HPC throughput, Windows File Server for SMB/AD workloads, ONTAP for multi-protocol enterprise NAS, or OpenZFS for ZFS snapshots and clones.

How does FSx for Lustre integrate with S3?

FSx for Lustre natively links to an S3 bucket. The file system presents S3 objects as files, lazily loading them on first access. Changes can be exported back to S3. This makes it ideal for processing large S3 datasets without manual data movement.

Written by CloudToolStack Team

Cloud engineers and architects with hands-on experience across AWS, Azure, and GCP. We write guides based on real-world production patterns, not just documentation rewrites.

Disclaimer: This guide is for educational purposes. Cloud services change frequently; always refer to official documentation for the latest information. AWS, Azure, and GCP are trademarks of their respective owners.