{"id":1970,"date":"2022-03-15T19:54:49","date_gmt":"2022-03-15T19:54:49","guid":{"rendered":"https:\/\/salarydistribution.com\/machine-learning\/2022\/03\/15\/securely-search-unstructured-data-on-windows-file-systems-with-the-amazon-kendra-connector-for-amazon-fsx-for-windows-file-server\/"},"modified":"2022-03-15T19:54:49","modified_gmt":"2022-03-15T19:54:49","slug":"securely-search-unstructured-data-on-windows-file-systems-with-the-amazon-kendra-connector-for-amazon-fsx-for-windows-file-server","status":"publish","type":"post","link":"https:\/\/salarydistribution.com\/machine-learning\/2022\/03\/15\/securely-search-unstructured-data-on-windows-file-systems-with-the-amazon-kendra-connector-for-amazon-fsx-for-windows-file-server\/","title":{"rendered":"Securely search unstructured data on Windows file systems with the Amazon Kendra connector for Amazon FSx for Windows File Server"},"content":{"rendered":"
\n

Critical information can be scattered across multiple data sources in your organization, including sources such as Windows file systems stored on Amazon FSx for Windows File Server<\/a>. You can now use the Amazon Kendra connector for FSx for Windows File Server<\/a> to index documents (HTML, PDF, MS Word, MS PowerPoint, and plain text) stored in your Windows file system on FSx for Windows File Server and search for information across this content using intelligent search in Amazon Kendra<\/a>.<\/p>\n

Organizations store unstructured data in files on shared Windows file systems and secure it by using Windows Access Control Lists (ACLs) to ensure that users can read, write, and create files as per their access permissions configured in the enterprise Active Directory (AD) domain. Finding specific information from this data not only requires searching through the files, but also ensuring that the user is authorized to access it. The Amazon Kendra connector for FSx for Windows File Server indexes the files stored on FSx for Windows File Server and ingests the ACLs in the Amazon Kendra index, so that the response of a search query made by a user includes results only from those documents that the user is authorized to read.<\/p>\n

This post takes the example of a set of documents stored securely on a file system using ACLs on FSx for Windows File Server. These documents are ingested in an Amazon Kendra index by configuring and synchronizing this file system as a data source of the index using the connector for FSx for Windows File Server. Then we demonstrate that when a user makes a search query, the Amazon Kendra index uses the ACLs based on the user name and groups the user belongs to, and returns only those documents the user is authorized to access. We also include details of the configuration and screenshots at every stage so you can use this as a reference when configuring the Amazon Kendra connector for FSx for Windows File Server in your setup.<\/p>\n

Prerequisites<\/h2>\n

To try out the Amazon Kendra connector for FSx for Windows File Server, you need the following:<\/p>\n

Solution architecture<\/h2>\n

The following diagram illustrates the solution architecture:
\"\"<\/a><\/p>\n

The documents in this example are stored on a file system (3 in the diagram) on FSx for Windows File Server (4). The files are set up with ACLs based on the user and group configurations in the AD domain created using AWS Directory Service<\/a> (1) to which FSx for Windows File Server belongs. This file system on FSx for Windows File Server is configured as a data source for Amazon Kendra (5). AWS Single Sign On<\/a> (AWS SSO) is enabled with the AD as the identity source, and the Amazon Kendra index is set up to use AWS SSO (2) for user name and group lookup for the user context of the search queries from the customer search solution deployments (6). The FSx for Windows File Server file system, AWS Managed Microsoft AD server, the Amazon Virtual Private Cloud<\/a> (Amazon VPC) and subnets configured in this example are created using the Quick Start for FSx for Windows File Server<\/a>.<\/p>\n

FSx for Windows File Server configuration<\/h2>\n

The following screenshot shows the file system on FSx for Windows File Server configured as a part of an AWS Managed Microsoft AD domain that is used in our example, as seen on the Amazon FSx console.
\"\"<\/a><\/p>\n

AWS Managed Microsoft AD configuration<\/h2>\n

The AD to which FSx for Windows File Server belongs is configured as an AWS Managed Microsoft AD, as seen in the following screenshot of the Directory Service console.
\"\"<\/a><\/p>\n

Users, groups and ACL configuration for sample dataset<\/h2>\n

For this post, we used a dataset consisting of a few AWS publicly available whitepapers and stored them in directories based on their categories (Best_Practices<\/code>, Databases<\/code>, General<\/code>, Machine_Learning<\/code>, Security<\/code>, and Well_Architected<\/code>) on a file system on FSx for Windows File Server. The following screenshot shows the folders as seen from a Windows bastion host that is part of the AD domain to which the file system belongs.<\/p>\n

\"\"<\/a><\/p>\n

Users and groups are configured in the AD domain as follows:<\/p>\n