AWS fsx documentation change
Summary
Added section about SSD capacity decrease limitations with SnapLock volumes
Security assessment
Documents operational constraints to maintain SnapLock compliance requirements (6-month audit log retention). While related to data governance, there's no evidence this addresses an active security vulnerability.
Diff
diff --git a/fsx/latest/ONTAPGuide/how-snaplock-works.md b/fsx/latest/ONTAPGuide/how-snaplock-works.md index 0b5dceb13..6c5449ec6 100644 --- a//fsx/latest/ONTAPGuide/how-snaplock-works.md +++ b//fsx/latest/ONTAPGuide/how-snaplock-works.md @@ -5 +5 @@ -Retention modesSnapLock administratorSnapLock audit log volumesAccessing your data in a SnapLock volume +Retention modesSnapLock administratorSnapLock audit log volumesAccessing your data in a SnapLock volumeSnapLock and SSD capacity decrease operations @@ -125,0 +126,15 @@ You can also replicate SnapLock data with SnapMirror, but the source and destina +## SnapLock and SSD capacity decrease operations + +Consider these points about SSD decreases before creating a SnapLock volume: + + * Amazon FSx will reject SSD capacity decrease requests on file systems that contain SnapLock volumes. + + * You can't create SnapLock volumes during an SSD capacity decrease operation. + + + + +These limitations exist because ONTAP enforces a minimum retention period of 6 months for the SnapLock audit log volume, which would prevent file system deletion during that period if a SnapLock volume were moved as part of an SSD decrease operation. + +If you need to decrease SSD capacity on a file system with SnapLock volumes, you would need to migrate your data to a new file system with smaller SSD capacity. For more information about SSD capacity decrease operations, including limitations and considerations, see [Updating file system SSD storage and IOPS](./storage-capacity-and-IOPS.html#increase-primary-storage). +