Launch directory administration instance in your Amazon Managed Microsoft AD Active Directory - Amazon Directory Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Launch directory administration instance in your Amazon Managed Microsoft AD Active Directory

This procedure launches an Amazon EC2 directory administration Windows instance in the Amazon Web Services Management Console using Amazon Systems Manager Automation to manage your directories. You can also accomplish this by running the automation Amazon-CreateDSManagementInstance in the Amazon Systems Manager Automation console directly.

To launch a directory administration EC2 instance from the console, you must have the following permissions enabled in your account.

  • ds:DescribeDirectories

  • ec2:AuthorizeSecurityGroupIngress

  • ec2:CreateSecurityGroup

  • ec2:CreateTags

  • ec2:DeleteSecurityGroup

  • ec2:DescribeInstances

  • ec2:DescribeInstanceStatus

  • ec2:DescribeKeyPairs

  • ec2:DescribeSecurityGroups

  • ec2:DescribeVpcs

  • ec2:RunInstances

  • ec2:TerminateInstances

  • iam:AddRoleToInstanceProfile

  • iam:AttachRolePolicy

  • iam:CreateInstanceProfile

  • iam:CreateRole

  • iam:DeleteInstanceProfile

  • iam:DeleteRole

  • iam:DetachRolePolicy

  • iam:GetInstanceProfile

  • iam:GetRole

  • iam:ListAttachedRolePolicies

  • iam:ListInstanceProfiles

  • iam:ListInstanceProfilesForRole

  • iam:PassRole

  • iam:RemoveRoleFromInstanceProfile

  • iam:TagInstanceProfile

  • iam:TagRole

  • ssm:CreateDocument

  • ssm:DeleteDocument

  • ssm:DescribeInstanceInformation

  • ssm:GetAutomationExecution

  • ssm:GetParameters

  • ssm:ListCommandInvocations

  • ssm:ListCommands

  • ssm:ListDocuments

  • ssm:SendCommand

  • ssm:StartAutomationExecution

  • ssm:GetDocument

  1. Sign in to the Amazon Directory Service console.

  2. Under Active Directory, choose Directories.

  3. Choose the Directory ID of the directory where you want to launch a directory administration EC2 instance.

  4. On the directory page, in the top right corner, choose Actions.

  5. In the Actions dropdown list, choose Launch directory administration EC2 instance.

  6. On the Launch directory administration EC2 instance page, under Input parameters, complete the fields.

    1. (Optional) You can provide a key pair for the instance. From the Key Pair Name - optional dropdown list, select a key pair.

    2. (Optional) Choose View Amazon CLI command to see an example that you use in the Amazon CLI to run this automation.

  7. Choose Submit.

  8. You're taken back to the directory page. A green flashbar displays at the top of your screen to indicate that you successfully began the launch.

If you haven't launched any EC2 instances for a directory, a dash (-) displays under Directory administration EC2 instance.

  1. Under Active Directory, choose Directories and select the directory you want to view.

  2. Under Directory details, under Directory administration EC2 instance, choose one or all of your instances to view.

  3. When you choose an instance, you're routed to the EC2 Connect to instance page to connect a remote desktop to your instance.