:doc:`DataSync <../../datasync>` / Client / create_location_smb

*******************
create_location_smb
*******************



.. py:method:: DataSync.Client.create_location_smb(**kwargs)

  

  Creates a transfer *location* for a Server Message Block (SMB) file server. DataSync can use this location as a source or destination for transferring data.

   

  Before you begin, make sure that you understand how DataSync accesses SMB file servers. For more information, see `Providing DataSync access to SMB file servers <https://docs.aws.amazon.com/datasync/latest/userguide/create-smb-location.html#configuring-smb-permissions>`__.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/datasync-2018-11-09/CreateLocationSmb>`_  


  **Request Syntax**
  ::

    response = client.create_location_smb(
        Subdirectory='string',
        ServerHostname='string',
        User='string',
        Domain='string',
        Password='string',
        CmkSecretConfig={
            'SecretArn': 'string',
            'KmsKeyArn': 'string'
        },
        CustomSecretConfig={
            'SecretArn': 'string',
            'SecretAccessRoleArn': 'string'
        },
        AgentArns=[
            'string',
        ],
        MountOptions={
            'Version': 'AUTOMATIC'|'SMB2'|'SMB3'|'SMB1'|'SMB2_0'
        },
        Tags=[
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        AuthenticationType='NTLM'|'KERBEROS',
        DnsIpAddresses=[
            'string',
        ],
        KerberosPrincipal='string',
        KerberosKeytab=b'bytes',
        KerberosKrb5Conf=b'bytes'
    )
    
  :type Subdirectory: string
  :param Subdirectory: **[REQUIRED]** 

    Specifies the name of the share exported by your SMB file server where DataSync will read or write data. You can include a subdirectory in the share path (for example, ``/path/to/subdirectory``). Make sure that other SMB clients in your network can also mount this path.

     

    To copy all data in the subdirectory, DataSync must be able to mount the SMB share and access all of its data. For more information, see `Providing DataSync access to SMB file servers <https://docs.aws.amazon.com/datasync/latest/userguide/create-smb-location.html#configuring-smb-permissions>`__.

    

  
  :type ServerHostname: string
  :param ServerHostname: **[REQUIRED]** 

    Specifies the domain name or IP address (IPv4 or IPv6) of the SMB file server that your DataSync agent connects to.

     

    .. note::

      

      If you're using Kerberos authentication, you must specify a domain name.

      

    

  
  :type User: string
  :param User: 

    Specifies the user that can mount and access the files, folders, and file metadata in your SMB file server. This parameter applies only if ``AuthenticationType`` is set to ``NTLM``.

     

    For information about choosing a user with the right level of access for your transfer, see `Providing DataSync access to SMB file servers <https://docs.aws.amazon.com/datasync/latest/userguide/create-smb-location.html#configuring-smb-permissions>`__.

    

  
  :type Domain: string
  :param Domain: 

    Specifies the Windows domain name that your SMB file server belongs to. This parameter applies only if ``AuthenticationType`` is set to ``NTLM``.

     

    If you have multiple domains in your environment, configuring this parameter makes sure that DataSync connects to the right file server.

    

  
  :type Password: string
  :param Password: 

    Specifies the password of the user who can mount your SMB file server and has permission to access the files and folders involved in your transfer. This parameter applies only if ``AuthenticationType`` is set to ``NTLM``.

    

  
  :type CmkSecretConfig: dict
  :param CmkSecretConfig: 

    Specifies configuration information for a DataSync-managed secret, either a ``Password`` or ``KerberosKeytab`` (for ``NTLM`` (default) and ``KERBEROS`` authentication types, respectively) that DataSync uses to access a specific SMB storage location, with a customer-managed KMS key.

     

    When you include this parameter as part of a ``CreateLocationSmbRequest`` request, you provide only the KMS key ARN. DataSync uses this KMS key together with either the ``Password`` or ``KerberosKeytab`` you specify to create a DataSync-managed secret to store the location access credentials.

     

    Make sure that DataSync has permission to access the KMS key that you specify.

     

    .. note::

      

      You can use either ``CmkSecretConfig`` (with either ``Password`` or ``KerberosKeytab``) or ``CustomSecretConfig`` (without any ``Password`` and ``KerberosKeytab``) to provide credentials for a ``CreateLocationSmbRequest`` request. Do not provide both ``CmkSecretConfig`` and ``CustomSecretConfig`` parameters for the same request.

      

    

  
    - **SecretArn** *(string) --* 

      Specifies the ARN for the DataSync-managed Secrets Manager secret that that is used to access a specific storage location. This property is generated by DataSync and is read-only. DataSync encrypts this secret with the KMS key that you specify for ``KmsKeyArn``.

      

    
    - **KmsKeyArn** *(string) --* 

      Specifies the ARN for the customer-managed KMS key that DataSync uses to encrypt the DataSync-managed secret stored for ``SecretArn``. DataSync provides this key to Secrets Manager.

      

    
  
  :type CustomSecretConfig: dict
  :param CustomSecretConfig: 

    Specifies configuration information for a customer-managed Secrets Manager secret where the SMB storage location credentials is stored in Secrets Manager as plain text (for ``Password``) or binary (for ``KerberosKeytab``). This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.

     

    .. note::

      

      You can use either ``CmkSecretConfig`` (with ``SasConfiguration``) or ``CustomSecretConfig`` (without ``SasConfiguration``) to provide credentials for a ``CreateLocationSmbRequest`` request. Do not provide both parameters for the same request.

      

    

  
    - **SecretArn** *(string) --* 

      Specifies the ARN for an Secrets Manager secret.

      

    
    - **SecretAccessRoleArn** *(string) --* 

      Specifies the ARN for the Identity and Access Management role that DataSync uses to access the secret specified for ``SecretArn``.

      

    
  
  :type AgentArns: list
  :param AgentArns: **[REQUIRED]** 

    Specifies the DataSync agent (or agents) that can connect to your SMB file server. You specify an agent by using its Amazon Resource Name (ARN).

    

  
    - *(string) --* 

    

  :type MountOptions: dict
  :param MountOptions: 

    Specifies the version of the SMB protocol that DataSync uses to access your SMB file server.

    

  
    - **Version** *(string) --* 

      By default, DataSync automatically chooses an SMB protocol version based on negotiation with your SMB file server. You also can configure DataSync to use a specific SMB version, but we recommend doing this only if DataSync has trouble negotiating with the SMB file server automatically.

       

      These are the following options for configuring the SMB version:

       

      
      * ``AUTOMATIC`` (default): DataSync and the SMB file server negotiate the highest version of SMB that they mutually support between 2.1 and 3.1.1. This is the recommended option. If you instead choose a specific version that your file server doesn't support, you may get an ``Operation Not Supported`` error.
       
      * ``SMB3``: Restricts the protocol negotiation to only SMB version 3.0.2.
       
      * ``SMB2``: Restricts the protocol negotiation to only SMB version 2.1.
       
      * ``SMB2_0``: Restricts the protocol negotiation to only SMB version 2.0.
       
      * ``SMB1``: Restricts the protocol negotiation to only SMB version 1.0. 

      .. note::

        The ``SMB1`` option isn't available when `creating an Amazon FSx for NetApp ONTAP location <https://docs.aws.amazon.com/datasync/latest/userguide/API_CreateLocationFsxOntap.html>`__.

      
      

      

    
  
  :type Tags: list
  :param Tags: 

    Specifies labels that help you categorize, filter, and search for your Amazon Web Services resources. We recommend creating at least a name tag for your location.

    

  
    - *(dict) --* 

      A key-value pair representing a single tag that's been applied to an Amazon Web Services resource.

      

    
      - **Key** *(string) --* **[REQUIRED]** 

        The key for an Amazon Web Services resource tag.

        

      
      - **Value** *(string) --* 

        The value for an Amazon Web Services resource tag.

        

      
    

  :type AuthenticationType: string
  :param AuthenticationType: 

    Specifies the authentication protocol that DataSync uses to connect to your SMB file server. DataSync supports ``NTLM`` (default) and ``KERBEROS`` authentication.

     

    For more information, see `Providing DataSync access to SMB file servers <https://docs.aws.amazon.com/datasync/latest/userguide/create-smb-location.html#configuring-smb-permissions>`__.

    

  
  :type DnsIpAddresses: list
  :param DnsIpAddresses: 

    Specifies the IPv4 or IPv6 addresses for the DNS servers that your SMB file server belongs to. This parameter applies only if ``AuthenticationType`` is set to ``KERBEROS``.

     

    If you have multiple domains in your environment, configuring this parameter makes sure that DataSync connects to the right SMB file server.

    

  
    - *(string) --* 

    

  :type KerberosPrincipal: string
  :param KerberosPrincipal: 

    Specifies a Kerberos principal, which is an identity in your Kerberos realm that has permission to access the files, folders, and file metadata in your SMB file server.

     

    A Kerberos principal might look like ``HOST/kerberosuser@MYDOMAIN.ORG``.

     

    Principal names are case sensitive. Your DataSync task execution will fail if the principal that you specify for this parameter doesn’t exactly match the principal that you use to create the keytab file.

    

  
  :type KerberosKeytab: bytes
  :param KerberosKeytab: 

    Specifies your Kerberos key table (keytab) file, which includes mappings between your Kerberos principal and encryption keys.

     

    To avoid task execution errors, make sure that the Kerberos principal that you use to create the keytab file matches exactly what you specify for ``KerberosPrincipal``.

    

  
  :type KerberosKrb5Conf: bytes
  :param KerberosKrb5Conf: 

    Specifies a Kerberos configuration file ( ``krb5.conf``) that defines your Kerberos realm configuration.

     

    The file must be base64 encoded. If you're using the CLI, the encoding is done for you.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'LocationArn': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 

      CreateLocationSmbResponse

      
      

      - **LocationArn** *(string) --* 

        The ARN of the SMB location that you created.

        
  
  **Exceptions**
  
  *   :py:class:`DataSync.Client.exceptions.InvalidRequestException`

  
  *   :py:class:`DataSync.Client.exceptions.InternalException`

  