AWS::DirectoryService::MicrosoftAD - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::DirectoryService::MicrosoftAD

The AWS::DirectoryService::MicrosoftAD resource specifies a Microsoft Active Directory in Amazon so that your directory users and groups can access the Amazon Web Services Management Console and Amazon applications using their existing credentials. For more information, see Amazon Managed Microsoft AD in the Amazon Directory Service Admin Guide.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::DirectoryService::MicrosoftAD", "Properties" : { "CreateAlias" : Boolean, "Edition" : String, "EnableSso" : Boolean, "Name" : String, "Password" : String, "ShortName" : String, "VpcSettings" : VpcSettings } }

YAML

Type: AWS::DirectoryService::MicrosoftAD Properties: CreateAlias: Boolean Edition: String EnableSso: Boolean Name: String Password: String ShortName: String VpcSettings: VpcSettings

Properties

CreateAlias

Specifies an alias for a directory and assigns the alias to the directory. The alias is used to construct the access URL for the directory, such as http://<alias>.awsapps.com. By default, Amazon CloudFormation does not create an alias.

Important

After an alias has been created, it cannot be deleted or reused, so this operation should only be used when absolutely necessary.

Required: No

Type: Boolean

Update requires: Replacement

Edition

Amazon Managed Microsoft AD is available in two editions: Standard and Enterprise. Enterprise is the default.

Required: No

Type: String

Allowed values: Enterprise | Standard

Update requires: Replacement

EnableSso

Whether to enable single sign-on for a Microsoft Active Directory in Amazon. Single sign-on allows users in your directory to access certain Amazon services from a computer joined to the directory without having to enter their credentials separately. If you don't specify a value, Amazon CloudFormation disables single sign-on by default.

Required: No

Type: Boolean

Update requires: No interruption

Name

The fully qualified domain name for the Amazon Managed Microsoft AD directory, such as corp.example.com. This name will resolve inside your VPC only. It does not need to be publicly resolvable.

Required: Yes

Type: String

Pattern: ^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+$

Update requires: Replacement

Password

The password for the default administrative user named Admin.

If you need to change the password for the administrator account, see the ResetUserPassword API call in the Amazon Directory Service API Reference.

Required: Yes

Type: String

Pattern: (?=^.{8,64}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9\s])(?=.*[a-z])|(?=.*[^A-Za-z0-9\s])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9\s]))^.*

Update requires: Replacement

ShortName

The NetBIOS name for your domain, such as CORP. If you don't specify a NetBIOS name, it will default to the first part of your directory DNS. For example, CORP for the directory DNS corp.example.com.

Required: No

Type: String

Pattern: ^[^\\/:*?"<>|.]+[^\\/:*?"<>|]*$

Update requires: Replacement

VpcSettings

Specifies the VPC settings of the Microsoft AD directory server in Amazon.

Required: Yes

Type: VpcSettings

Update requires: Replacement

Return values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource ID.

In the following sample, the Ref function returns the ID of the myDirectory directory, such as d-12345ab592.

{ "Ref": "myDirectory" }

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Alias

The alias for a directory. For example: d-12373a053a or alias4-mydirectory-12345abcgmzsk (if you have the CreateAlias property set to true).

DnsIpAddresses

The IP addresses of the DNS servers for the directory, such as [ "192.0.2.1", "192.0.2.2" ].

Examples

The following example creates a Microsoft Active Directory in Amazon, where the directory DNS name is corp.example.com:

Create an Amazon Managed Microsoft AD

JSON

"myDirectory" : { "Type" : "AWS::DirectoryService::MicrosoftAD", "Properties" : { "Name" : "corp.example.com", "Password" : { "Ref" : "MicrosoftADPW" }, "ShortName" : { "Ref" : "MicrosoftADShortName" }, "VpcSettings" : { "SubnetIds" : [ { "Ref" : "subnetID1" }, { "Ref" : "subnetID2" } ], "VpcId" : { "Ref" : "vpcID" } } } }

YAML

myDirectory: Type: AWS::DirectoryService::MicrosoftAD Properties: Name: "corp.example.com" Password: Ref: MicrosoftADPW ShortName: Ref: MicrosoftADShortName VpcSettings: SubnetIds: - Ref: subnetID1 - Ref: subnetID2 VpcId: Ref: vpcID

See also