0

I have a number of Windows servers in EC2 on the same VPC. How can I get those machines to share folders with each other?

The closest answer I see is here: Unable to Share Data between Amazon EC2 Instances for Windows

But it's a pretty old post and I cannot get it to work by simply enabling TCP and UDP on ports 135-139 and 445.

I want to be able to say \\server1\shared_folder from my server2 machine.

Daniel Williams
  • 329
  • 1
  • 2
  • 13
  • Have you considered using EFS rather than sharing between the servers? Your use case is fine, I'm just suggesting another option. Make sure you have ingress and egress security groups open for the both instances, whether they're in the same or a different security group. – Tim Jan 28 '21 at 01:27
  • @Tim EFS is mainly targeted at Linux. Windows counterpart is [Amazon FSx](https://aws.amazon.com/fsx/) – MLu Jan 28 '21 at 01:46
  • @Tim, perhaps I'm not certain how those groups should be set. Should server A allow inboud UDP/TCP from server B's Private IPV4 address? and are you saying we also need server B to open the same ports to A? These are the details I'm missing. As for EFS/FSx, I looked into them and EFS for Linux, and FSx just seemed expensive compared to simply sharing folders. – Daniel Williams Jan 28 '21 at 02:24

2 Answers2

0

You can simply create a security group and then add an inbound rule to allow all traffic from it's own security group and then add these security group in both instances to share data with each other but there's an better approach for this is to use FSx in AWS.

enter image description here

asmath
  • 301
  • 1
  • 6
-2

Ok, here is what to set, and seems to be the only thing needed. Add a security group with one rule for each server, each allowing all traffic on all ports. So in the screenshot below I have 3 servers, and 3 rules. I give this security group to all three servers and now they can share files.
I could not get this to work just using the TCP/UDP 445, 135-139. So some protocol/port must have been missing.

Security Groups

Daniel Williams
  • 329
  • 1
  • 2
  • 13
  • 1
    You need to be very careful with all protocols / all port ranges, you may be exposing everything to the internet which will expose you to bots, DDOS, etc. Get your rules right rather than turning off your firewall. If you want more help edit your question to show two servers, the security groups they're in, and they security group rules you have in place. – Tim Jan 28 '21 at 03:12
  • If I could figure out a better solution I would do it. Seems I don't have the specific ports down, but if anyone provides an answer that I can reproduce I'll be happy to accept it. In the meantime you can keep voting this one down if you feel like contributing in that way. – Daniel Williams Jan 30 '21 at 19:41
  • Suggest you use a process of elimination. Keep the "all" open, then narrow the range until it stops working. That will give you an idea. I suspect it'll be ports below 1000, so start with those, ephemeral ports will take care of themselves with SGs (but not with NACLs). I suspect people are voting this down because while it may work it's not a good answer as it really compromises the security of your instances and really shouldn't be used. – Tim Jan 30 '21 at 21:08