AWS::DirectoryService::MicrosoftAD
The AWS::DirectoryService::MicrosoftAD
resource creates a Microsoft Active
Directory in AWS so that your directory users and groups can access the AWS Management
Console and AWS
applications using their existing credentials. For more information, see What Is AWS Directory Service? in the
AWS Directory Service Administration Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::DirectoryService::MicrosoftAD", "Properties" : { "CreateAlias" :
Boolean
, "Edition" :String
, "EnableSso" :Boolean
, "Name" :String
, "Password" :String
, "ShortName" :String
, "VpcSettings" :VpcSettings
} }
YAML
Type: AWS::DirectoryService::MicrosoftAD Properties: CreateAlias:
Boolean
Edition:String
EnableSso:Boolean
Name:String
Password:String
ShortName:String
VpcSettings:VpcSettings
Properties
CreateAlias
-
A unique alias to assign to the Microsoft Active Directory in AWS. AWS Directory Service uses the alias to construct the access URL for the directory, such as
http://
. By default, AWS CloudFormation does not create an alias.alias
.awsapps.comRequired: No
Type: Boolean
Update requires: Replacement
Edition
-
The AWS Microsoft AD edition. Valid values include
Standard
andEnterprise
. The default isEnterprise
.Required: No
Type: String
Update requires: Replacement
EnableSso
-
Whether to enable single sign-on for a Microsoft Active Directory in AWS. Single sign-on allows users in your directory to access certain AWS services from a computer joined to the directory without having to enter their credentials separately. If you don't specify a value, AWS CloudFormation disables single sign-on by default.
Required: No
Type: Boolean
Update requires: No interruption
Name
-
The fully qualified name for the Microsoft Active Directory in AWS, such as
corp.example.com
. The name doesn't need to be publicly resolvable; it will resolve inside your VPC only.Required: Yes
Type: String
Update requires: Replacement
Password
-
The password for the default administrative user,
Admin
.Required: Yes
Type: String
Update requires: Replacement
ShortName
-
The NetBIOS name for your domain, such as
CORP
. If you don't specify a value, AWS Directory Service uses the first part of your directory DNS server name. For example, if your directory DNS server name iscorp.example.com
, AWS Directory Service specifiesCORP
for the NetBIOS name.Required: No
Type: String
Update requires: Replacement
VpcSettings
-
Specifies the VPC settings of the Microsoft Active Directory server in AWS.
Required: Yes
Type: AWS Directory Service MicrosoftAD VpcSettings
Update requires: Replacement
Return Values
Ref
When the logical ID of this resource is provided to the Ref
intrinsic function, Ref
returns the resource ID.
In the following sample, the Ref
function returns the ID of the
myDirectory
directory, such as d-12345ab592
.
{ "Ref": "myDirectory" }
For more information about using the Ref
function, see Ref.
Fn::GetAtt
Fn::GetAtt
returns a value for a specified attribute of this type.
The following are the available attributes and sample return values.
Alias
-
The alias for a directory. For example:
d-12373a053a
oralias4-mydirectory-12345abcgmzsk
(if you have theCreateAlias
property set to true). DnsIpAddresses
-
The IP addresses of the DNS servers for the directory, such as
[ "192.0.2.1", "192.0.2.2" ]
.
For more information about using Fn::GetAtt
, see Fn::GetAtt.
Example
The following example creates a Microsoft Active Directory in AWS, where the directory
DNS name is corp.example.com
:
JSON
"myDirectory" : { "Type" : "AWS::DirectoryService::MicrosoftAD", "Properties" : { "Name" : "corp.example.com", "Password" : { "Ref" : "MicrosoftADPW" }, "ShortName" : { "Ref" : "MicrosoftADShortName" }, "VpcSettings" : { "SubnetIds" : [ { "Ref" : "subnetID1" }, { "Ref" : "subnetID2" } ], "VpcId" : { "Ref" : "vpcID" } } } }
YAML
myDirectory: Type: AWS::DirectoryService::MicrosoftAD Properties: Name: "corp.example.com" Password: Ref: MicrosoftADPW ShortName: Ref: MicrosoftADShortName VpcSettings: SubnetIds: - Ref: subnetID1 - Ref: subnetID2 VpcId: Ref: vpcID