Set Up a S3-Backed Windows EC2 File Server, Part 2: Configuration -- AWSInsider

Set Up a S3-Backed Windows EC2 File Server, Part 2: Configuration

Brien continues the discussion about seeking a cost-effective, scalable alternative to EFS or EBS with familiar Windows management by walking you through the configuration process.

By Brien Posey
07/16/2025

In the first article in this series, I explained that while not suitable for every organization, there can be a number of benefits to building a Windows file server on an EC2 instance and linking that file server to S3 storage. In this article, I want to continue the discussion by walking you through the configuration process. As I do, keep in mind that this article is intended primarily as a proof of concept and so in a production environment you would likely want to take additional steps to enhance the security of your server and the underlying storage.

Step 1: Create an S3 Bucket
The first step in the process is to create an S3 bucket. To do so, open the S3 console and click on Create Bucket. You will need to provide a name for the bucket that you are creating, but aside from that you can use the default settings if you like. Be sure to leave the Block All Public Access option enabled, as shown in Figure 1. Click Create Bucket to complete the process.

Figure 1: Leave the Block All Public Access Setting Enabled. — **[Click on image for larger view.]** *Figure 1:* Leave the Block All Public Access Setting Enabled.

Step 2: Create an EC2 Instance
The second step in the process is to launch an EC2 instance. For the most part, you really don't have to do anything special here. Since we are creating a Windows instance, you will need RDP access via a public IP address. Also, since we are configuring this instance to act as a Windows file server, you will need to configure the security group to allow SMB access over TCP port 445.

Step 3: Create an IAM Role and User
The third step in the process is to create an IAM role that will allow the Windows instance to access the S3 storage. To do so, open the IAM console and click Roles, followed by Create Role. Choose the AWS Service option and set the Service or Use Case option to EC2, as shown in Figure 2.

Figure 2: Set the Use Case to EC2. — **[Click on image for larger view.]** *Figure 2:* Set the Use Case to EC2.

Click Next and then attach the AmazonS3FullAccess policy to the role. Click Next, followed by Create Role to complete the process.

Now, go back to EC2 and click on the instance that you just created. Next, click on the Actions button and select the Security > Modify IAM Role options. Add the IAM role that you just created and click the Update IAM Role button.

Now that you have assigned the IAM role, you are going to need to create an IAM user. Go to the Users container and click Create User. Assign this user a name and then add the AmazonS3FullAccess policy.

After you create the user, click on the user and then click on the Create Access Key button. When prompted, choose the Other option (ignore the warning), click Next, and then click Create Access Key. Be sure to retrieve the access key and the secret access key right away, because you will not have another opportunity to do so.

Step 4: Connect to the S3 Storage
At this point in the process, you are going to need to RDP into your newly created Windows instance. Unfortunately, there is no native Windows tool that will allow you to use S3 storage as file server storage. However, there are a number of different third party tools. For the purposes of this article, I am going to use a free tool called RaiDrive. The big limitation associated with doing so however, is that the free version creates a read-only mapped Windows drive. Therefore, in a production environment, you will need to use the paid version to enable read/write file access, or you can use a competing product. My recommendation would be to evaluate multiple products, since each likely offers a different level of performance.

When you install RaiDrive, click on the Add button. When you do, you will be prompted to choose the type of drive that you want to create. Select the Enterprise tab and then choose the AWS S3 option, as shown in Figure 3.

Figure 3: Set the Use Case to EC2. — **[Click on image for larger view.]** *Figure 3:* Select the AWS S3 Option.

Now, enter your access key ID, secret access key, and the name of your S3 bucket. Take a moment to make sure that an appropriate drive letter is selected and then click Connect. You should now see that the selected drive letter has been mapped to S3 storage, as shown in Figure 4.

Figure 4:I Have a Windows Drive Letter Mapped to S3 Storage. — **[Click on image for larger view.]** *Figure 4:* I Have a Windows Drive Letter Mapped to S3 Storage.

When it comes to building a Windows file server, there is a lot that we could do at this point. We might for example, create a distributed file system. At a bare minimum however, you will need to create a file share through which your users can access the data that you place on S3 storage. At that point, you can begin adding data and configuring Windows access controls.

About the Author

Brien Posey is a 22-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.