Integrating Active Directory - Amazon ParallelCluster
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Integrating Active Directory

In this tutorial, you create a multiple user environment. This environment includes an Amazon ParallelCluster that's integrated with an Amazon Managed Microsoft AD (Active Directory) at corp.example.com. You configure an Admin user to manage the directory, a ReadOnly user to read the directory, and a user000 user to log into the cluster. You can use either the automated path or the manual path to create the networking resources, an Active Directory (AD), and the Amazon EC2 instance that you use to configure the AD. Regardless of the path, the infrastructure that you create is pre-configured to integrate Amazon ParallelCluster using one of the following methods:

  • LDAPS with certificate verification (recommended as the most secure option)

  • LDAPS without certificate verification

  • LDAP

LDAP by itself doesn't provide encryption. To ensure secure transmission of potentially sensitive information, we strongly recommend that you use LDAPS (LDAP over TLS/SSL) for clusters integrated with ADs. For more information, see Enable server-side LDAPS using Amazon Managed Microsoft AD in the Amazon Directory Service Administration Guide.

After you create these resources, proceed to configure and create your cluster integrated with your Active Directory (AD). After the cluster is created, log in as the user you created. For more information about the configuration that you create in this tutorial, see Multiple user access to clusters and the DirectoryService configuration section.

This tutorial covers how to create an environment that supports multiple user access to clusters. This tutorial doesn't cover how you create and use an Amazon Directory Service AD. The steps that you take to set up an Amazon Managed Microsoft AD in this tutorial are provided for testing purposes only. They aren't provided to replace the official documentation and best practices you can find at Amazon Managed Microsoft AD and Simple AD in the Amazon Directory Service Administration Guide.

Note

Directory user passwords expire according to the directory password policy property definitions. To reset directory passwords with Amazon ParallelCluster, see How to reset a user password and expired passwords.

Note

The directory domain controller IP addresses can change due to domain controller changes and directory maintenance. If you chose the automated quick create method to create the directory infrastructure, you must manually align the load balancer in front of the directory controllers when the directory IP addresses change. If you use the quick create method, the directory IP addresses aren't automatically aligned with the load balancers.

When using the Amazon ParallelCluster command line interface (CLI) or API, you only pay for the Amazon resources that are created when you create or update Amazon ParallelCluster images and clusters. For more information, see Amazon services used by Amazon ParallelCluster.

Prerequisites

As you go through the tutorial, replace inputs highlighted in red, such as region-id and d-abcdef01234567890, with your own names and IDs. Replace 0123456789012 with your Amazon Web Services account number.