Creating a connector for Active Directory - Amazon Private Certificate Authority
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Creating a connector for Active Directory

Use the following procedures to create a connector using the console, command line, or API for Amazon Private CA Connector for Active Directory.

Console
To create a connector using the console

Sign in to your Amazon account and open the Amazon Private CA Connector for Active Directory console at https://console.amazonaws.cn/pca-connector-ad/home.

  1. On the first-time service landing page or the Connectors for Active Directory page, choose Create connector.

  2. On the Create Private CA Connector for Active Directory page, provide information in the Active Directory section.

    • Under Select your Active Directory type, choose one of the two available types:

      • Amazon Directory Service for Microsoft Active Directory – Specifies an Active Directory managed by Amazon Directory Service.

      • On-premises Active Directory with Amazon AD Connector– Uses AD Connector to access an Active Directory that you host on-premises.

    • Under Select your directory, choose your directory from the list.

      Alternatively, you can choose Create directory, which opens the Amazon Directory Service console in a new window. When you finish creating a new directory, return to the Amazon Private CA Connector for Active Directory console and refresh the list of directories. Your new directory should be available for selection.

      Note

      When creating a directory, note that Connector for AD supports only the following directory types offered in the Amazon Directory Service console:

      • Amazon Managed Microsoft AD

      • AD Connector

    • Under Select security groups for VPC endpoint, choose a security group from the list.

      Alternatively, you can choose Create security group, which opens the Amazon EC2 console to the Create security group page in a new window. When you finish creating a security group, return to the Amazon Private CA Connector for Active Directory console and refresh the list of security groups. Your new security group should be available for selection.

  3. In the Private certificate authority section, choose a private CA from the list.

    Alternatively, you can choose Create Private CA, which opens the Amazon Private CA console to the Private certificate authorities page in a new window. When you finish creating a CA, return to the Amazon Private CA Connector for Active Directory console and refresh the list of CAs. Your new CA should be available for selection.

  4. In the Tags – optional pane, you can apply and remove metadata on your AD resource. Tags are key-value string pairs where the key must be unique to the resource and the value is optional. The pane displays any existing tags for the resource in a table. The following actions are supported.

    • Choose Manage tags to open the Manage tags page.

    • Choose Add new tag to create a tag. Fill in the Key field and, optionally, the Value field. Choose Save changes to apply the tag.

    • Choose the Remove button next to a tag to mark it for deletion, and choose Save changes to confirm.

  5. After providing the required information and reviewing your choices, choose Create connector. This opens the Connectors for Active Directory details page where can view the progress of your connector as it is created.

    After the process of creating a connector completes, assign it a service principal name.

API

To create a connector using the API

To create a connector for Active Directory with the API, use the CreateConnector action in the Amazon Private CA Connector for Active Directory API.

CLI

To create a connector using the Amazon CLI

To create a connector for Active Directory with the CLI, use the create-connector command in the Amazon Private CA Connector for Active Directory section of the Amazon CLI.