AWS Directory Service
管理指南 (版本 1.0)
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 Amazon AWS 入门

无缝加入 Windows EC2 实例

此过程无缝地将 Windows EC2 实例联接到您的 AWS Managed Microsoft AD 目录。如果您需要跨多个 AWS 账户执行无缝域加入,可以选择启用目录共享。有关更多信息,请参阅教程:共享 AWS Managed Microsoft AD 目录以便无缝地加入 EC2 域

无缝地联接 Windows EC2 实例

  1. 登录 AWS 管理控制台并通过以下网址打开 Amazon EC2 控制台

  2. From the region selector in the navigation bar, choose the same region as the existing directory.

  3. From the Amazon EC2 console dashboard, choose Launch Instance.

  4. On the Step 1 page, choose Select for the appropriate AMI.

  5. On the Step 2 page, select the appropriate instance type, and then choose Next: Configure Instance Details.

  6. On the Step 3 page, do the following, and then choose Next :

    1. For Network, choose the VPC that your directory was created in.

    2. For Subnet, choose one of the public subnets in your VPC. The subnet that you choose must have all external traffic routed to an internet gateway. If this is not the case, you won't be able to connect to the instance remotely.

    3. For Auto-assign Public IP, choose Enable (if the subnet setting is not set to enable by default). For more information about public and private IP addressing, see Amazon EC2 Instance IP Addressing in the Amazon EC2 User Guide for Linux Instances.

    4. For Domain join directory, choose your domain from the Domain join directory list. To seamlessly join the instance, you also need an IAM role that has the AmazonEC2RoleforSSM managed policy attached to it. From the IAM role list, choose the IAM role that has this policy. If you choose this option, you do not have to manually join the instance to the domain as that will be done for you when the instance is launched.


      This option is only available for Windows instances. Linux instances must be manually joined to the directory as explained in 手动加入 Linux 实例.

    5. For IAM role, optionally choose the Create new IAM role link to create a new IAM role and attach the AmazonEC2RoleforSSM policy. Then on the Roles page, do the following:

      1. Choose Create role.

      2. Under AWS service, choose the EC2 link, and then click Next.

      3. Under Select your use case, choose EC2, and then choose Next.

      4. In the list of policies, select the AmazonEC2RoleforSSM policy, and then choose Next.

      5. For Role name, enter a name for your new role (such as EC2DomainJoin). For Role description, enter a description (optional). Then choose Create role.

  7. Go back to the Step 3 page. For IAM role, choose the refresh icon next to IAM role. Your new role should be visible in the menu. Choose it and leave the rest of the settings on this page with their default values. Then choose Next.

  8. Continue through the remaining pages in the wizard using your preferred settings.


    The security group that you select for the instance (on the Step 6 page) must allow remote access to the instance from your network.