CreateDirectoryConfig - Amazon AppStream 2.0


Creates a Directory Config object in AppStream 2.0. This object includes the configuration information required to join fleets and image builders to Microsoft Active Directory domains.

Request Syntax

{ "CertificateBasedAuthProperties": { "CertificateAuthorityArn": "string", "Status": "string" }, "DirectoryName": "string", "OrganizationalUnitDistinguishedNames": [ "string" ], "ServiceAccountCredentials": { "AccountName": "string", "AccountPassword": "string" } }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


The certificate-based authentication properties used to authenticate SAML 2.0 Identity Provider (IdP) user identities to Active Directory domain-joined streaming instances. Fallback is turned on by default when certificate-based authentication is Enabled . Fallback allows users to log in using their AD domain password if certificate-based authentication is unsuccessful, or to unlock a desktop lock screen. Enabled_no_directory_login_fallback enables certificate-based authentication, but does not allow users to log in using their AD domain password. Users will be disconnected to re-authenticate using certificates.

Type: CertificateBasedAuthProperties object

Required: No


The fully qualified name of the directory (for example,

Type: String

Required: Yes


The distinguished names of the organizational units for computer accounts.

Type: Array of strings

Length Constraints: Maximum length of 2000.

Required: Yes


The credentials for the service account used by the fleet or image builder to connect to the directory.

Type: ServiceAccountCredentials object

Required: No

Response Syntax

{ "DirectoryConfig": { "CertificateBasedAuthProperties": { "CertificateAuthorityArn": "string", "Status": "string" }, "CreatedTime": number, "DirectoryName": "string", "OrganizationalUnitDistinguishedNames": [ "string" ], "ServiceAccountCredentials": { "AccountName": "string", "AccountPassword": "string" } } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


Information about the directory configuration.

Type: DirectoryConfig object


For information about the errors that are common to all actions, see Common Errors.


The resource cannot be created because your AWS account is suspended. For assistance, contact AWS Support.

HTTP Status Code: 400


The specified role is invalid.

HTTP Status Code: 400


The requested limit exceeds the permitted limit for an account.

HTTP Status Code: 400


The attempted operation is not permitted.

HTTP Status Code: 400


The specified resource already exists.

HTTP Status Code: 400


The specified resource was not found.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: