Storage Gateway — Concept
What it is
AWS Storage Gateway = hybrid storage service that lets on-prem applications use AWS storage (S3, S3 Glacier, EBS, FSx) through standard protocols (NFS, SMB, iSCSI). Runs as a VM (or hardware appliance) on-prem with local caching.
Why it exists
Many enterprises can't move all workloads to the cloud yet but want cloud-backed storage for backup, DR, archive, and capacity overflow — without rewriting applications that use file/block protocols.
Four gateway types
| Type | Protocol | Backed by | Use |
|---|---|---|---|
| S3 File Gateway | NFS / SMB | S3 (each file = one S3 object) | Lift-and-shift file shares to S3; data lake ingest |
| FSx File Gateway | SMB | FSx for Windows | Low-latency on-prem cache to FSx for Windows |
| Volume Gateway — Cached | iSCSI | S3 (point-in-time EBS snapshots) | Hot data cached locally, full dataset in cloud |
| Volume Gateway — Stored | iSCSI | EBS snapshots in S3 | Full dataset on-prem, async backup to S3 |
| Tape Gateway | iSCSI VTL | S3 + Glacier | Replace physical tape backups (Veeam, NetBackup, etc.) |
Common features
- Local cache on the appliance (SSD).
- Native AWS-side encryption (S3 / EBS / KMS).
- Bandwidth limits configurable.
- Connects through public endpoint, VPC endpoint (Interface), or PrivateLink.
- CloudWatch metrics, AWS Backup integration.
Differences (cheat-sheet level)
- File Gateway = files-as-objects. Use when apps want NFS/SMB.
- Volume Gateway = block-level iSCSI (looks like a disk). Use when apps want a SAN target.
- Tape Gateway = virtual tape library for legacy backup software.
When to use vs alternatives
| Use ... | Instead of ... | When ... |
|---|---|---|
| File Gateway | DataSync | App needs ongoing NFS/SMB share, not one-shot migration |
| DataSync | File Gateway | One-time / scheduled bulk migration of files |
| Snowball / Snowmobile | DataSync over network | Petabyte-scale offline transfer |
| Tape Gateway | Throw away tape stack | You still use NetBackup/Veeam but want to retire tape |
| Direct Connect + DataSync | File Gateway | High-speed direct migration once, not a permanent gateway |
Common exam scenarios
- "Replace LTO tapes with cloud while keeping existing backup software" → Tape Gateway.
- "On-prem app needs SMB shares but data should live in S3" → S3 File Gateway.
- "Hot dataset stays local with cloud as full backup, iSCSI" → Volume Gateway — Stored.
- "Limited on-prem storage, want to extend capacity to cloud with hot cache" → Volume Gateway — Cached.
- "Need ongoing low-latency file access to FSx for Windows from on-prem" → FSx File Gateway.
Exam tip
- File / Volume / Tape mapping = the trio you must memorize.
- "Replace physical tapes" → always Tape Gateway.
- "NFS/SMB share backed by S3" → S3 File Gateway.
- One-time migration is DataSync, not Storage Gateway.