Tutorial: Creating a trust from Amazon Managed Microsoft AD to a self-managed Active Directory installation on Amazon EC2 - Amazon Directory Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Tutorial: Creating a trust from Amazon Managed Microsoft AD to a self-managed Active Directory installation on Amazon EC2

In this tutorial, you learn how to create a trust between the Amazon Directory Service for Microsoft Active Directory forest that you created in the Base tutorial. You also learn to create a new native Active Directory forest on a Windows Server in Amazon EC2. As shown in the following illustration, the lab that you create from this tutorial is the second building block necessary when setting up a complete Amazon Managed Microsoft AD test lab. You can use the test lab to test your pure cloud or hybrid cloud–based Amazon solutions.

You should only need to create this tutorial once. After that you can add optional tutorials when necessary for more experience.

Steps to create a trust from a Microsoft Active Directory to a self-managed Active Directory: Set up your environment, create your Microsoft Active Directory, Deploy an Amazon EC2 instance, and test the lab.
Step 1: Set up your environment for trusts

Before you can establish trusts between a new Active Directory forest and the Amazon Managed Microsoft AD forest that you created in the Base tutorial, you need to prepare your Amazon EC2 environment. To do that, you first create a Windows Server 2019 server, promote that server to a domain controller, and then configure your VPC accordingly.

Step 2: Create the trusts

In this step, you create a two-way forest trust relationship between your newly created Active Directory forest hosted in Amazon EC2 and your Amazon Managed Microsoft AD forest in Amazon.

Step 3: Verify the trust

Finally, as an administrator, you use the Amazon Directory Service console to verify that the new trusts are operational.