pradeep-papnai 3:29 pm on July 19, 2018  

Active Directory deployment using cloud formation in AWS

Paste following code in notepad and save file with YML extension (eg. ActiveDirectory.yml).

AWSTemplateFormatVersion: 2010-09-09
Parameters:
 ADDomainName:
  Description: "Name the AD domain, eg. Mydomain.LOCAL"
  Type: String
 AdminPassword:
  NoEcho: true
  Description: "Type the password of default 'Admin', hint Pass@me123"
  Type: String
 MyVPC:
  Description: VPC to operate in
  Type: AWS::EC2::VPC::Id
 EditionType:
  Description: "Type of AD"
  Type: String
  Default: Enterprise
  AllowedValues:
    - Standard
    - Enterprise
 PrivateSubnet1ID:
   Description: 'ID of the private subnet 1 in Availability Zone 1 (e.g., subnet-a0246dcd)'
   Type: 'AWS::EC2::Subnet::Id'
 PrivateSubnet2ID:
   Description: 'ID of the private subnet 2 in Availability Zone 2 (e.g., subnet-a0246dcd)'
   Type: 'AWS::EC2::Subnet::Id'

Resources:
  MYDIR:
    Type: 'AWS::DirectoryService::MicrosoftAD'
    Properties:
        Name: !Ref ADDomainName
        Password: !Ref AdminPassword
        Edition: !Ref EditionType
        VpcSettings:
            SubnetIds:
                - !Ref PrivateSubnet1ID
                - !Ref PrivateSubnet2ID
            VpcId: !Ref MyVPC
Outputs:
  DomainName:
    Description: Newly Created Domain name is
    Value: !Ref ADDomainName
    Export:
      Name: DomainName
  DirectoryID:
    Description: ID of AD that will be used in EC2 & SQL servers
    Value: !Ref MYDIR
    Export:
     Name: Directory-ID
  DNS:
    Description: IP address of DNS servers.
    Value: !Join
          - ','
          - !GetAtt MYDIR.DnsIpAddresses
    Export:
     Name: DnsIpAddresses

 

Open AWS console. Go to Cloud formation service then create a New stack, browse and select the YML file created for above step.

SelectFile.jpg

 

Specify Stack name, parameters such as AD name, Admin password, Edition, VPC, Subnet.

Parameter.jpg

 

AWS will prepare resource in background, status will remain Create_in_progress.

Working.jpg

 

After completion, Status will turn to complete, Output tab will show columns as return result, the value in Export Name can be used for any future cloud formation deployment such as Windows EC2, AWS RDS.. ETC.

Final.jpg

Here are the details of Managed AD in AWS.
AWS Managed Microsoft AD
AD DS on AWS

Since this is my blog on AWS cloud formation, I will try improving above code and include few more use cases such as accessing managed AD, creating AWS RDS and joining EC2 in AWS.