Menu
Active Directory Domain Services on AWS
Quick Start Reference Deployment Guide

Scenario 3: Deploy AD DS with AWS Directory Service on the AWS Cloud

This scenario is similar to scenario 1, except that it includes AWS Directory Service to provision and manage AD DS on the AWS Cloud. Instead of fully managing AD DS yourself, you rely on AWS Directory Service for tasks such as building a highly available directory topology, monitoring domain controllers, and configuring backups and snapshots.

AWS Directory Service deploys AD DS across multiple Availability Zones, and automatically detects and replaces domain controllers that fail. AWS Directory Service also handles time-consuming tasks such as patch management, software updates, data replication, snapshot backups, replication monitoring, and point-in-time restores. For more information about AWS Directory Service, see product details and the AWS documentation.

The AWS CloudFormation templates that automate this deployment perform these tasks:

  • Sets up the VPC, including private and public subnets in two Availability Zones.*

  • Configures two NAT gateways in the public subnets.*

  • Configures private and public routes.*

  • Enables ingress traffic into the Amazon VPC for administrative access to Remote Desktop Gateway.*

  • Configures security groups and rules for traffic between instances.

  • Sets up AWS Directory Service to provision and manage AD DS in the private subnets.

* The template that deploys the Quick Start into an existing VPC skips the tasks marked by asterisks.

The architecture for this scenario is illustrated in Figure 3.


				Quick Start architecture for deploying AD DS with AWS Directory Service

Figure 3: Quick Start architecture for deploying AD DS with AWS Directory Service