Using Amazon FSx with AWS Managed Microsoft AD in a different VPC or account - Amazon FSx for Windows File Server

Using Amazon FSx with AWS Managed Microsoft AD in a different VPC or account

You can join your FSx for Windows File Server file system to an AWS Managed Microsoft AD directory that's in a different VPC within the same account by using VPC peering. You can also join your file system to an AWS Managed Microsoft AD directory that's in a different AWS account by using directory sharing.

Note

You can only select an AWS Managed Microsoft AD within the same AWS Region as your file system. If you want to use a cross-Region VPC peering setup, you should use a self-managed Microsoft Active Directory. For more information, see Using Amazon FSx with your self-managed Microsoft Active Directory.

The workflow for joining your file system to an AWS Managed Microsoft AD that's in a different VPC involves the following steps:

  1. Set up your networking environment.

  2. Share your directory.

  3. Join your file system to the shared directory.

For more information, see Share your directory in the AWS Directory Service Administration Guide.

To set up your networking environment you can use AWS Transit Gateway or Amazon VPC and create a VPC peering connection. In addition, make sure that network traffic is allowed between the two VPCs.

A transit gateway is a network transit hub that you can use to interconnect your VPCs and on-premises networks. For more information about using VPC transit gateways, see Getting Started with Transit Gateways in the Amazon VPC Transit Gateways Guide.

A VPC peering connection is a networking connection between two VPCs. This connection enables you to route traffic between them using private Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6) addresses. You can use VPC peering to connect VPCs within the same AWS Region or between AWS Regions. For more information on VPC peering, see What is VPC Peering? in the Amazon VPC Peering Guide.

There is another prerequisite when you join your file system to an AWS Managed Microsoft AD directory in a different account than that of your file system. You also need to share your Microsoft Active Directory with the other account. To do this, you can use AWS Managed Microsoft Active Directory's directory sharing feature. To learn more, see Share your directory in the AWS Directory Service Administration Guide.