AWS CloudFormation
User Guide (Version )

AWS::DirectoryService::MicrosoftAD

The AWS::DirectoryService::MicrosoftAD resource specifies a Microsoft Active Directory in AWS so that your directory users and groups can access the AWS Management Console and AWS applications using their existing credentials. For more information, see AWS Managed Microsoft AD in the AWS Directory Service Admin Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::DirectoryService::MicrosoftAD", "Properties" : { "CreateAlias" : Boolean, "Edition" : String, "EnableSso" : Boolean, "Name" : String, "Password" : String, "ShortName" : String, "VpcSettings" : VpcSettings } }

YAML

Type: AWS::DirectoryService::MicrosoftAD Properties: CreateAlias: Boolean Edition: String EnableSso: Boolean Name: String Password: String ShortName: String VpcSettings: VpcSettings

Properties

CreateAlias

Specifies an alias for a directory and assigns the alias to the directory. The alias is used to construct the access URL for the directory, such as http://<alias>.awsapps.com. By default, AWS CloudFormation does not create an alias.

Important

After an alias has been created, it cannot be deleted or reused, so this operation should only be used when absolutely necessary.

Required: No

Type: Boolean

Update requires: Replacement

Edition

AWS Managed Microsoft AD is available in two editions: Standard and Enterprise. Enterprise is the default.

Required: No

Type: String

Allowed Values: Enterprise | Standard

Update requires: Replacement

EnableSso

Whether to enable single sign-on for a Microsoft Active Directory in AWS. Single sign-on allows users in your directory to access certain AWS services from a computer joined to the directory without having to enter their credentials separately. If you don't specify a value, AWS CloudFormation disables single sign-on by default.

Required: No

Type: Boolean

Update requires: No interruption

Name

The fully qualified domain name for the AWS Managed Microsoft AD directory, such as corp.example.com. This name will resolve inside your VPC only. It does not need to be publicly resolvable.

Required: Yes

Type: String

Pattern: ^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+$

Update requires: Replacement

Password

The password for the default administrative user named Admin.

If you need to change the password for the administrator account, see the ResetUserPassword API call in the AWS Directory Service API Reference.

Required: Yes

Type: String

Pattern: (?=^.{8,64}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9\s])(?=.*[a-z])|(?=.*[^A-Za-z0-9\s])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9\s]))^.*

Update requires: Replacement

ShortName

The NetBIOS name for your domain, such as CORP. If you don't specify a NetBIOS name, it will default to the first part of your directory DNS. For example, CORP for the directory DNS corp.example.com.

Required: No

Type: String

Pattern: ^[^\\/:*?\"\<\>|.]+[^\\/:*?\"<>|]*$

Update requires: Replacement

VpcSettings

Specifies the VPC settings of the Microsoft AD directory server in AWS.

Required: Yes

Type: VpcSettings

Update requires: Replacement

Return Values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource ID.

In the following sample, the Ref function returns the ID of the myDirectory directory, such as d-12345ab592.

{ "Ref": "myDirectory" }

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Alias

The alias for a directory. For example: d-12373a053a or alias4-mydirectory-12345abcgmzsk (if you have the CreateAlias property set to true).

DnsIpAddresses

The IP addresses of the DNS servers for the directory, such as [ "192.0.2.1", "192.0.2.2" ].

Examples

The following example creates a Microsoft Active Directory in AWS, where the directory DNS name is corp.example.com:

Create an AWS Managed Microsoft Directory

JSON

"myDirectory" : { "Type" : "AWS::DirectoryService::MicrosoftAD", "Properties" : { "Name" : "corp.example.com", "Password" : { "Ref" : "MicrosoftADPW" }, "ShortName" : { "Ref" : "MicrosoftADShortName" }, "VpcSettings" : { "SubnetIds" : [ { "Ref" : "subnetID1" }, { "Ref" : "subnetID2" } ], "VpcId" : { "Ref" : "vpcID" } } } }

YAML

myDirectory: Type: AWS::DirectoryService::MicrosoftAD Properties: Name: "corp.example.com" Password: Ref: MicrosoftADPW ShortName: Ref: MicrosoftADShortName VpcSettings: SubnetIds: - Ref: subnetID1 - Ref: subnetID2 VpcId: Ref: vpcID

See Also