Creating a connector
Use the following procedures to create a connector using the console, command line, or API for Amazon Private CA Connector for Active Directory.
Creating a connector (console)
Complete the following procedures to create and a configure a connector using the Amazon console.
Tasks
Open console
Sign in to your Amazon account and open the Amazon Private CA Connector for Active Directory console at
https://console.amazonaws.cn/pca-connector-ad/home.
Open Create connector
On the first-time service landing page or the Connectors for Active Directory page, choose Create connector.
Choose or create a directory
On the Create Private CA Connector for Active Directory page, provide information in the Active Directory section.
-
Under Select your Active Directory type, choose one of the two available types:
-
Amazon Directory Service for Microsoft Active Directory – Specifies an Active Directory managed by Amazon Directory Service.
-
On-premises Active Directory with Amazon AD Connector– Uses AD Connector to access an Active Directory that you host on-premises.
-
-
Under Select your directory, choose your directory from the list.
Alternatively, you can choose Create directory, which opens the Amazon Directory Service console in a new window. When you finish creating a new directory, return to the Amazon Private CA Connector for Active Directory console and refresh the list of directories. Your new directory should be available for selection.
Note
When creating a directory, note that Connector for AD supports only the following directory types offered in the Amazon Directory Service console:
-
Amazon Managed Microsoft AD
-
AD Connector
-
-
Under Select security groups for VPC endpoint, choose a security group from the list.
Alternatively, you can choose Create security group, which opens the Amazon EC2 console to the Create security group page in a new window. When you finish creating a security group, return to the Amazon Private CA Connector for Active Directory console and refresh the list of security groups. Your new security group should be available for selection.
Choose a private CA
In the Private certificate authority section, choose a private CA from the list.
Alternatively, you can choose Create Private CA, which opens the Amazon Private CA console to the Private certificate authorities page in a new window. When you finish creating a CA, return to the Amazon Private CA Connector for Active Directory console and refresh the list of CAs. Your new CA should be available for selection.
Configure tagging
In the Tags – optional pane, you can apply and remove metadata on your AD resource. Tags are key-value string pairs where the key must be unique to the resource and the value is optional. The pane displays any existing tags for the resource in a table. The following actions are supported.
-
Choose Manage tags to open the Manage tags page.
-
Choose Add new tag to create a tag. Fill in the Key field and, optionally, the Value field. Choose Save changes to apply the tag.
-
Choose the Remove button next to a tag to mark it for deletion, and choose Save changes to confirm.
Review and create
After providing the required information and reviewing your choices, choose Create connector. This opens the Connectors for Active Directory details page where can view the progress of your connector as it is created.
After the process of creating a connector completes, assign it a service principal name.
Create a connector for Active Directory (Amazon CLI)
To create a connector for Active Directory with the CLI, use the create-connector command in the Amazon Private CA Connector for Active Directory section of the Amazon CLI.
Create a connector for Active Directory (API)
To create a connector for Active Directory with the API, use the CreateConnector action in the Amazon Private CA Connector for Active Directory API.