Can we propagate Amazon S3 IAM policies to FSx for lustre file system?

Question

I want to create a FSx for lustre file system backed by an Amazon S3 bucket and want to mount that on EC2.

Now if I have created some IAM policies on Amazon S3 that who can do what with Amazon S3 buckets content. For example, not allowing write access to Amazon S3 bucket, will that be applicable in FSx for lustre file system also?

If not how can I manage access rights on an EC2 machine created by some user to FSx file system,what user can list,read or write contents of that Amazon S3 bucket.

And how to manage access about who can propagate changes back to Amazon S3 and who can not?

Answer 1

will that be applicable in FSx for lustre file system also?

FSx IAM policies are independent of S3 IAM policies

• Refer AWS FSx Luster FAQ

how can I manage access rights on ec2 machines ... to FSx ?

Using FSx IAM policy. You either attach FSX IAM policy to IAM role attached to EC2 instance or to the IAM user configured on EC2 instance

how to manage access about who can propagate changes back to S3 and who can not?

That should be handled by your FSx IAM role I guess?