Great question! The short answer is yes—you absolutely can get your AWS EC2-hosted applications talking to your on-premises storage, even though most AWS Storage Gateway documentation focuses on the reverse scenario (on-prem apps accessing cloud storage). Let me walk you through the most practical approaches to make this happen:

1. Repurpose AWS Storage Gateway for Reverse Access #

Don’t write off Storage Gateway just because the docs highlight cloud-to-on-prem flows—it works in reverse too:

• File Gateway: Deploy a File Gateway appliance on your local infrastructure. Instead of syncing AWS S3 buckets to local shares, configure the Gateway to expose your existing local storage as NFS or SMB shares. Then, using a private network link (like VPN or Direct Connect), your EC2 instances can mount these shares directly, just like they would with any cloud-based file storage. This is ideal if you want built-in features like caching or snapshotting for your local storage.
• Volume Gateway: For block storage use cases, deploy a Volume Gateway locally. You can create stored volumes that map directly to your on-prem block devices, then make those volumes available as iSCSI targets. Your EC2 instances can connect to these targets over your private network, giving them block-level access to your local storage. Cached volumes work here too if you want frequently accessed data cached in AWS to reduce latency.

2. Direct Private Network Connection (VPN/Direct Connect) #

If you don’t need the extra features of Storage Gateway, this is the most straightforward path:

• Set up an AWS Site-to-Site VPN or AWS Direct Connect to establish a secure, low-latency private link between your AWS VPC (where your EC2 instances run) and your on-premises network.
• Once the connection is active, configure your on-prem storage devices (NFS servers, SMB shares, iSCSI targets) to allow traffic from your VPC’s CIDR range. Then your EC2 instances can access the local storage using standard protocols, just like they would access another server on your local network.

3. AWS DataSync for Batch Data Transfers #

If you don’t need real-time access, but just need to move data between EC2 and on-prem storage, AWS DataSync is a solid choice. It’s optimized for fast, secure transfers between on-prem storage (NFS/SMB) and AWS services like S3, EFS, or FSx. You can sync data from your local storage to a cloud storage service that your EC2 app uses, or pull data from EC2 back to your on-prem environment.

Quick Key Notes #

• Latency Matters: For real-time access, prioritize Direct Connect over VPN if you need consistent low latency—VPN uses the public internet, which can have variable delays.
• Security First: Always use private connections (never expose your local storage to the public internet for EC2 access) and lock down access with security groups, NACLs, and on-prem firewalls to only allow authorized EC2 instances.
• Performance Tuning: If you’re using Storage Gateway, tweak cache settings based on your app’s access patterns to optimize speed. For direct connections, make sure your network has enough bandwidth to handle your storage traffic.

内容的提问来源于stack exchange，提问作者John Sheridan