Launch directory administration Amazon EC2 instance to your Amazon Managed Microsoft AD Active Directory - Amazon Directory Service
PrerequisitesTo launch an EC2 instance in the consoleTo view directory administration EC2 instances
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Launch directory administration Amazon EC2 instance to your Amazon Managed Microsoft AD Active Directory

This procedure launches an Amazon EC2 Windows instance in the console using Amazon Systems Manager Automation to manage your Amazon Managed Microsoft AD Active Directory. You can also accomplish this by running the automation Amazon-CreateDSManagementInstance in the Amazon Systems Manager Automation console directly.

Prerequisites

To launch a directory administration EC2 instance from the console, you must have the following permissions enabled in your account.

  • ds:DescribeDirectories

  • ec2:AuthorizeSecurityGroupIngress

  • ec2:CreateSecurityGroup

  • ec2:CreateTags

  • ec2:DeleteSecurityGroup

  • ec2:DescribeInstances

  • ec2:DescribeInstanceStatus

  • ec2:DescribeKeyPairs

  • ec2:DescribeSecurityGroups

  • ec2:DescribeVpcs

  • ec2:RunInstances

  • ec2:TerminateInstances

  • iam:AddRoleToInstanceProfile

  • iam:AttachRolePolicy

  • iam:CreateInstanceProfile

  • iam:CreateRole

  • iam:DeleteInstanceProfile

  • iam:DeleteRole

  • iam:DetachRolePolicy

  • iam:GetInstanceProfile

  • iam:GetRole

  • iam:ListAttachedRolePolicies

  • iam:ListInstanceProfiles

  • iam:ListInstanceProfilesForRole

  • iam:PassRole

  • iam:RemoveRoleFromInstanceProfile

  • iam:TagInstanceProfile

  • iam:TagRole

  • ssm:CreateDocument

  • ssm:DeleteDocument

  • ssm:DescribeInstanceInformation

  • ssm:GetAutomationExecution

  • ssm:GetParameters

  • ssm:ListCommandInvocations

  • ssm:ListCommands

  • ssm:ListDocuments

  • ssm:SendCommand

  • ssm:StartAutomationExecution

  • ssm:GetDocument

To launch an EC2 instance in the console

  1. Sign in to the Amazon Directory Service console.

  2. Under Active Directory, choose Directories.

  3. Choose the Directory ID of the directory where you want to launch an Active Directory management EC2 instance.

  4. On the directory page, in the top right corner, choose Actions.

  5. In the Actions dropdown, choose Launch directory administration EC2 instance.

  6. On the Launch directory administration EC2 instance page, under Input parameters, complete the fields.

  7. (Optional) Choose View Amazon CLI command to see an example that you use in the Amazon CLI to run this automation.

  8. Choose Submit.

  9. You're taken back to the directory page. A green flashbar displays at the top of your screen to indicate that you successfully began the launch.

To view directory administration EC2 instances

If you haven't launched any EC2 instances for a directory, a dash (-) displays under Directory administration EC2 instance.

  1. Under Active Directory, choose Directories and select the directory you want to view.

  2. Under Directory details, under Directory administration EC2 instance, choose one or all of your instances to view.

  3. When you choose an instance, you're routed to the EC2 Connect to instance page to connect a remote desktop to your instance.