AddIpRoutes - AWS Directory Service

AddIpRoutes

If the DNS server for your self-managed domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services. AddIpRoutes adds this address block. You can also use AddIpRoutes to facilitate routing traffic that uses public IP ranges from your Microsoft AD on AWS to a peer VPC.

Before you call AddIpRoutes, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the AddIpRoutes operation, see AWS Directory Service API Permissions: Actions, Resources, and Conditions Reference.

Request Syntax

{ "DirectoryId": "string", "IpRoutes": [ { "CidrIp": "string", "Description": "string" } ], "UpdateSecurityGroupForDirectoryControllers": boolean }

Request Parameters

The request accepts the following data in JSON format.

DirectoryId

Identifier (ID) of the directory to which to add the address block.

Type: String

Pattern: ^d-[0-9a-f]{10}$

Required: Yes

IpRoutes

IP address blocks, using CIDR format, of the traffic to route. This is often the IP address block of the DNS server used for your self-managed domain.

Type: Array of IpRoute objects

Required: Yes

UpdateSecurityGroupForDirectoryControllers

If set to true, updates the inbound and outbound rules of the security group that has the description: "AWS created security group for directory ID directory controllers." Following are the new rules:

Inbound:

  • Type: Custom UDP Rule, Protocol: UDP, Range: 88, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom UDP Rule, Protocol: UDP, Range: 123, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom UDP Rule, Protocol: UDP, Range: 138, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom UDP Rule, Protocol: UDP, Range: 389, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom UDP Rule, Protocol: UDP, Range: 464, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom UDP Rule, Protocol: UDP, Range: 445, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom TCP Rule, Protocol: TCP, Range: 88, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom TCP Rule, Protocol: TCP, Range: 135, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom TCP Rule, Protocol: TCP, Range: 445, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom TCP Rule, Protocol: TCP, Range: 464, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom TCP Rule, Protocol: TCP, Range: 636, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom TCP Rule, Protocol: TCP, Range: 1024-65535, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom TCP Rule, Protocol: TCP, Range: 3268-33269, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: DNS (UDP), Protocol: UDP, Range: 53, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: DNS (TCP), Protocol: TCP, Range: 53, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: LDAP, Protocol: TCP, Range: 389, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: All ICMP, Protocol: All, Range: N/A, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

Outbound:

  • Type: All traffic, Protocol: All, Range: All, Destination: 0.0.0.0/0

These security rules impact an internal network interface that is not exposed publicly.

Type: Boolean

Required: No

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

ClientException

A client exception has occurred.

HTTP Status Code: 400

DirectoryUnavailableException

The specified directory is unavailable.

HTTP Status Code: 400

EntityAlreadyExistsException

The specified entity already exists.

HTTP Status Code: 400

EntityDoesNotExistException

The specified entity could not be found.

HTTP Status Code: 400

InvalidParameterException

One or more parameters are not valid.

HTTP Status Code: 400

IpRouteLimitExceededException

The maximum allowed number of IP addresses was exceeded. The default limit is 100 IP address blocks.

HTTP Status Code: 400

ServiceException

An exception has occurred in AWS Directory Service.

HTTP Status Code: 500

Examples

The following examples are formatted for legibility.

Example Request

This example illustrates one usage of AddIpRoutes.

POST / HTTP/1.1 Host: ds.us-west-2.amazonaws.com Accept-Encoding: identity Content-Length: 98 X-Amz-Target: DirectoryService_20150416.AddIpRoutes X-Amz-Date: 20161212T212029Z User-Agent: aws-cli/1.11.24 Python/2.7.9 Windows/7 botocore/1.4.81 Content-Type: application/x-amz-json-1.1 Authorization: AWS4-HMAC-SHA256 Credential=AKIAI7E3BYXS3example/20161212/us-west-2/ds/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=477f3a2802dcc303f69499723eb2e29a455fe3d1b646df0dacfd7c005a3a9509 { "DirectoryId":"d-926example", "IpRoutes":[ { "Description":"my IpRoute", "CidrIp":"12.12.12.12/32" } ] }

Example Response

This example illustrates one usage of AddIpRoutes.

HTTP/1.1 200 OK x-amzn-RequestId: cfc1cbc8-c0b0-11e6-aa44-41d91ee57463 Content-Type: application/x-amz-json-1.1 Content-Length: 2 Date: Mon, 12 Dec 2016 21:20:31 GMT { }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: