Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::DirectoryService::MicrosoftAD

The AWS::DirectoryService::MicrosoftAD resource creates a Microsoft Active Directory in AWS so that your directory users and groups can access the AWS Management Console and AWS applications using their existing credentials. For more information, see What Is AWS Directory Service? in the AWS Directory Service Administration Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

Copy
{ "Type" : "AWS::DirectoryService::MicrosoftAD", "Properties" : { "CreateAlias" : Boolean, "EnableSso" : Boolean, "Name" : String, "Password" : String, "ShortName" : String, "VpcSettings" : VpcSettings } }

YAML

Copy
Type: "AWS::DirectoryService::MicrosoftAD" Properties: CreateAlias: Boolean EnableSso: Boolean Name: String Password: String ShortName: String VpcSettings: VpcSettings

Properties

CreateAlias

A unique alias to assign to the Microsoft Active Directory in AWS. AWS Directory Service uses the alias to construct the access URL for the directory, such as http://alias.awsapps.com. By default, AWS CloudFormation does not create an alias.

Required: No

Type: Boolean

Update requires: Replacement

EnableSso

Whether to enable single sign-on for a Microsoft Active Directory in AWS. Single sign-on allows users in your directory to access certain AWS services from a computer joined to the directory without having to enter their credentials separately. If you don't specify a value, AWS CloudFormation disables single sign-on by default.

Required: No

Type: Boolean

Update requires: No interruption

Name

The fully qualified name for the Microsoft Active Directory in AWS, such as corp.example.com. The name doesn't need to be publicly resolvable; it will resolve inside your VPC only.

Required: Yes

Type: String

Update requires: Replacement

Password

The password for the default administrative user, Admin.

Required: Yes

Type: String

Update requires: Replacement

ShortName

The NetBIOS name for your domain, such as CORP. If you don't specify a value, AWS Directory Service uses the first part of your directory DNS server name. For example, if your directory DNS server name is corp.example.com, AWS Directory Service specifies CORP for the NetBIOS name.

Required: No

Type: String

Update requires: Replacement

VpcSettings

Specifies the VPC settings of the Microsoft Active Directory server in AWS.

Required: Yes

Type: AWS Directory Service MicrosoftAD VpcSettings

Update requires: Replacement

Return Values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource ID.

In the following sample, the Ref function returns the ID of the myDirectory directory, such as d-12345ab592.

Copy
{ "Ref": "myDirectory" }

For more information about using the Ref function, see Ref.

Fn::GetAtt

Fn::GetAtt returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

Alias

The alias for a directory. For example: d-12373a053a or alias4-mydirectory-12345abcgmzsk (if you have the CreateAlias property set to true).

DnsIpAddresses

The IP addresses of the DNS servers for the directory, such as [ "192.0.2.1", "192.0.2.2" ].

For more information about using Fn::GetAtt, see Fn::GetAtt.

Example

The following example creates a Microsoft Active Directory in AWS, where the directory DNS name is corp.example.com:

JSON

Copy
"myDirectory" : { "Type" : "AWS::DirectoryService::MicrosoftAD", "Properties" : { "Name" : "corp.example.com", "Password" : { "Ref" : "MicrosoftADPW" }, "ShortName" : { "Ref" : "MicrosoftADShortName" }, "VpcSettings" : { "SubnetIds" : [ { "Ref" : "subnetID1" }, { "Ref" : "subnetID2" } ], "VpcId" : { "Ref" : "vpcID" } } } }

YAML

Copy
myDirectory: Type: "AWS::DirectoryService::MicrosoftAD" Properties: Name: "corp.example.com" Password: Ref: MicrosoftADPW ShortName: Ref: MicrosoftADShortName VpcSettings: SubnetIds: - Ref: subnetID1 - Ref: subnetID2 VpcId: Ref: vpcID