High availability and security best practices for AWS Launch Wizard for Active Directory
The domain controller architecture created by AWS Launch Wizard supports AWS best practices for high availability and security as promoted by the AWS Well-Architected Framework.
High availability
With Amazon EC2, you can set the location of instances in multiple locations composed of AWS Regions and Availability Zones. Regions are dispersed and located in separate geographic areas. Availability Zones are distinct locations within a Region that are engineered to be isolated from failures in other Availability Zones. Availability Zones provide inexpensive, low-latency network connectivity to other Availability Zones in the same Region.
When you launch your instances in different Regions, you can set your domain controllers to be closer to specific customers, or to meet legal or other requirements. When you launch your instances in different Availability Zones, you can protect your domain controllers from the failure of a single location.
Security in Launch Wizard for Active Directory
Launch Wizard creates a number of security groups and rules for you. When your directory resources are launched, they must be associated with a security group, which acts as a stateful firewall. You have complete control over the network traffic entering or leaving the security group. You can also build granular rules that are scoped by protocol, port number, and source or destination IP address or subnet. By default, all outbound traffic from a security group is permitted. Inbound traffic, on the other hand, permits traffic from the VPC used for the deployment and resources that Launch Wizard deploys. You might require additional configuration to allow appropriate traffic to reach your resources.
The Securing the Microsoft Platform on Amazon Web Services
