AWS::DirectoryService::MicrosoftAD
The AWS::DirectoryService::MicrosoftAD resource creates a Microsoft Active
Directory in AWS so that your directory users and groups can access the AWS Management
Console and AWS
applications using their existing credentials. For more information, see What Is AWS Directory Service? in the
AWS Directory Service Administration Guide.
Topics
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::DirectoryService::MicrosoftAD", "Properties" : { "CreateAlias" :Boolean, "EnableSso" :Boolean, "Name" :String, "Password" :String, "ShortName" :String, "VpcSettings" :VpcSettings} }
YAML
Type: "AWS::DirectoryService::MicrosoftAD" Properties:CreateAlias:BooleanEnableSso:BooleanName:StringPassword:StringShortName:StringVpcSettings:VpcSettings
Properties
CreateAlias-
A unique alias to assign to the Microsoft Active Directory in AWS. AWS Directory Service uses the alias to construct the access URL for the directory, such as
http://. By default, AWS CloudFormation does not create an alias.alias.awsapps.comRequired: No
Type: Boolean
Update requires: Replacement
EnableSso-
Whether to enable single sign-on for a Microsoft Active Directory in AWS. Single sign-on allows users in your directory to access certain AWS services from a computer joined to the directory without having to enter their credentials separately. If you don't specify a value, AWS CloudFormation disables single sign-on by default.
Required: No
Type: Boolean
Update requires: No interruption
Name-
The fully qualified name for the Microsoft Active Directory in AWS, such as
corp.example.com. The name doesn't need to be publicly resolvable; it will resolve inside your VPC only.Required: Yes
Type: String
Update requires: Replacement
Password-
The password for the default administrative user,
Admin.Required: Yes
Type: String
Update requires: Replacement
ShortName-
The NetBIOS name for your domain, such as
CORP. If you don't specify a value, AWS Directory Service uses the first part of your directory DNS server name. For example, if your directory DNS server name iscorp.example.com, AWS Directory Service specifiesCORPfor the NetBIOS name.Required: No
Type: String
Update requires: Replacement
VpcSettings-
Specifies the VPC settings of the Microsoft Active Directory server in AWS.
Required: Yes
Type: AWS Directory Service MicrosoftAD VpcSettings
Update requires: Replacement
Return Values
Ref
When the logical ID of this resource is provided to the Ref
intrinsic function, Ref returns the resource ID.
In the following sample, the Ref function returns the ID of the
myDirectory directory, such as d-12345ab592.
{ "Ref": "myDirectory" }
For more information about using the Ref function, see Ref.
Fn::GetAtt
Fn::GetAtt returns a value for a specified attribute of this type.
The following are the available attributes and sample return values.
Alias-
The alias for a directory. For example:
d-12373a053aoralias4-mydirectory-12345abcgmzsk(if you have theCreateAliasproperty set to true). DnsIpAddresses-
The IP addresses of the DNS servers for the directory, such as
[ "192.0.2.1", "192.0.2.2" ].
For more information about using Fn::GetAtt, see Fn::GetAtt.
Example
The following example creates a Microsoft Active Directory in AWS, where the directory
DNS name is corp.example.com:
JSON
"myDirectory" : { "Type" : "AWS::DirectoryService::MicrosoftAD", "Properties" : { "Name" : "corp.example.com", "Password" : { "Ref" : "MicrosoftADPW" }, "ShortName" : { "Ref" : "MicrosoftADShortName" }, "VpcSettings" : { "SubnetIds" : [ { "Ref" : "subnetID1" }, { "Ref" : "subnetID2" } ], "VpcId" : { "Ref" : "vpcID" } } } }
YAML
myDirectory: Type: "AWS::DirectoryService::MicrosoftAD" Properties: Name: "corp.example.com" Password: Ref: MicrosoftADPW ShortName: Ref: MicrosoftADShortName VpcSettings: SubnetIds: - Ref: subnetID1 - Ref: subnetID2 VpcId: Ref: vpcID
