You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::DirectoryService::Client

Inherits:
Seahorse::Client::Base show all
Defined in:
(unknown)

Overview

An API client for AWS Directory Service. To construct a client, you need to configure a :region and :credentials.

directoryservice = Aws::DirectoryService::Client.new(
  region: region_name,
  credentials: credentials,
  # ...
)

See #initialize for a full list of supported configuration options.

Region

You can configure a default region in the following locations:

  • ENV['AWS_REGION']
  • Aws.config[:region]

Go here for a list of supported regions.

Credentials

Default credentials are loaded automatically from the following locations:

  • ENV['AWS_ACCESS_KEY_ID'] and ENV['AWS_SECRET_ACCESS_KEY']
  • Aws.config[:credentials]
  • The shared credentials ini file at ~/.aws/credentials (more information)
  • From an instance profile when running on EC2

You can also construct a credentials object from one of the following classes:

Alternatively, you configure credentials with :access_key_id and :secret_access_key:

# load credentials from disk
creds = YAML.load(File.read('/path/to/secrets'))

Aws::DirectoryService::Client.new(
  access_key_id: creds['access_key_id'],
  secret_access_key: creds['secret_access_key']
)

Always load your credentials from outside your application. Avoid configuring credentials statically and never commit them to source control.

Instance Attribute Summary

Attributes inherited from Seahorse::Client::Base

#config, #handlers

Constructor collapse

API Operations collapse

Instance Method Summary collapse

Methods inherited from Seahorse::Client::Base

add_plugin, api, #build_request, clear_plugins, define, new, #operation, #operation_names, plugins, remove_plugin, set_api, set_plugins

Methods included from Seahorse::Client::HandlerBuilder

#handle, #handle_request, #handle_response

Constructor Details

#initialize(options = {}) ⇒ Aws::DirectoryService::Client

Constructs an API client.

Options Hash (options):

  • :access_key_id (String)

    Used to set credentials statically. See Plugins::RequestSigner for more details.

  • :active_endpoint_cache (Boolean)

    When set to true, a thread polling for endpoints will be running in the background every 60 secs (default). Defaults to false. See Plugins::EndpointDiscovery for more details.

  • :convert_params (Boolean) — default: true

    When true, an attempt is made to coerce request parameters into the required types. See Plugins::ParamConverter for more details.

  • :credentials (required, Credentials)

    Your AWS credentials. The following locations will be searched in order for credentials:

    • :access_key_id, :secret_access_key, and :session_token options
    • ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
    • HOME/.aws/credentials shared credentials file
    • EC2 instance profile credentials See Plugins::RequestSigner for more details.
  • :disable_host_prefix_injection (Boolean)

    Set to true to disable SDK automatically adding host prefix to default service endpoint when available. See Plugins::EndpointPattern for more details.

  • :endpoint (String)

    A default endpoint is constructed from the :region. See Plugins::RegionalEndpoint for more details.

  • :endpoint_cache_max_entries (Integer)

    Used for the maximum size limit of the LRU cache storing endpoints data for endpoint discovery enabled operations. Defaults to 1000. See Plugins::EndpointDiscovery for more details.

  • :endpoint_cache_max_threads (Integer)

    Used for the maximum threads in use for polling endpoints to be cached, defaults to 10. See Plugins::EndpointDiscovery for more details.

  • :endpoint_cache_poll_interval (Integer)

    When :endpoint_discovery and :active_endpoint_cache is enabled, Use this option to config the time interval in seconds for making requests fetching endpoints information. Defaults to 60 sec. See Plugins::EndpointDiscovery for more details.

  • :endpoint_discovery (Boolean)

    When set to true, endpoint discovery will be enabled for operations when available. Defaults to false. See Plugins::EndpointDiscovery for more details.

  • :http_continue_timeout (Float) — default: 1

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :http_idle_timeout (Integer) — default: 5

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :http_open_timeout (Integer) — default: 15

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :http_proxy (String)

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :http_read_timeout (Integer) — default: 60

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :http_wire_trace (Boolean) — default: false

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :log_level (Symbol) — default: :info

    The log level to send messages to the logger at. See Plugins::Logging for more details.

  • :log_formatter (Logging::LogFormatter)

    The log formatter. Defaults to Seahorse::Client::Logging::Formatter.default. See Plugins::Logging for more details.

  • :logger (Logger) — default: nil

    The Logger instance to send log messages to. If this option is not set, logging will be disabled. See Plugins::Logging for more details.

  • :profile (String)

    Used when loading credentials from the shared credentials file at HOME/.aws/credentials. When not specified, 'default' is used. See Plugins::RequestSigner for more details.

  • :raise_response_errors (Boolean) — default: true

    When true, response errors are raised. See Seahorse::Client::Plugins::RaiseResponseErrors for more details.

  • :region (required, String)

    The AWS region to connect to. The region is used to construct the client endpoint. Defaults to ENV['AWS_REGION']. Also checks AMAZON_REGION and AWS_DEFAULT_REGION. See Plugins::RegionalEndpoint for more details.

  • :retry_limit (Integer) — default: 3

    The maximum number of times to retry failed requests. Only ~ 500 level server errors and certain ~ 400 level client errors are retried. Generally, these are throttling errors, data checksum errors, networking errors, timeout errors and auth errors from expired credentials. See Plugins::RetryErrors for more details.

  • :secret_access_key (String)

    Used to set credentials statically. See Plugins::RequestSigner for more details.

  • :session_token (String)

    Used to set credentials statically. See Plugins::RequestSigner for more details.

  • :simple_json (Boolean) — default: false

    Disables request parameter conversion, validation, and formatting. Also disable response data type conversions. This option is useful when you want to ensure the highest level of performance by avoiding overhead of walking request parameters and response data structures.

    When :simple_json is enabled, the request parameters hash must be formatted exactly as the DynamoDB API expects. See Plugins::Protocols::JsonRpc for more details.

  • :ssl_ca_bundle (String)

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :ssl_ca_directory (String)

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :ssl_ca_store (String)

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :ssl_verify_peer (Boolean) — default: true

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :stub_responses (Boolean) — default: false

    Causes the client to return stubbed responses. By default fake responses are generated and returned. You can specify the response data to return or errors to raise by calling ClientStubs#stub_responses. See ClientStubs for more information.

    Please note When response stubbing is enabled, no HTTP requests are made, and retries are disabled. See Plugins::StubResponses for more details.

  • :validate_params (Boolean) — default: true

    When true, request parameters are validated before sending the request. See Plugins::ParamValidator for more details.

Instance Method Details

#accept_shared_directory(options = {}) ⇒ Types::AcceptSharedDirectoryResult

Accepts a directory sharing request that was sent from the directory owner account.

Examples:

Request syntax with placeholder values


resp = client.accept_shared_directory({
  shared_directory_id: "DirectoryId", # required
})

Response structure


resp.shared_directory. #=> String
resp.shared_directory.owner_directory_id #=> String
resp.shared_directory.share_method #=> String, one of "ORGANIZATIONS", "HANDSHAKE"
resp.shared_directory. #=> String
resp.shared_directory.shared_directory_id #=> String
resp.shared_directory.share_status #=> String, one of "Shared", "PendingAcceptance", "Rejected", "Rejecting", "RejectFailed", "Sharing", "ShareFailed", "Deleted", "Deleting"
resp.shared_directory.share_notes #=> String
resp.shared_directory.created_date_time #=> Time
resp.shared_directory.last_updated_date_time #=> Time

Options Hash (options):

  • :shared_directory_id (required, String)

    Identifier of the shared directory in the directory consumer account. This identifier is different for each directory owner account.

Returns:

See Also:

#add_ip_routes(options = {}) ⇒ Struct

If the DNS server for your on-premises domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services. AddIpRoutes adds this address block. You can also use AddIpRoutes to facilitate routing traffic that uses public IP ranges from your Microsoft AD on AWS to a peer VPC.

Before you call AddIpRoutes, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the AddIpRoutes operation, see AWS Directory Service API Permissions: Actions, Resources, and Conditions Reference.

Examples:

Request syntax with placeholder values


resp = client.add_ip_routes({
  directory_id: "DirectoryId", # required
  ip_routes: [ # required
    {
      cidr_ip: "CidrIp",
      description: "Description",
    },
  ],
  update_security_group_for_directory_controllers: false,
})

Options Hash (options):

  • :directory_id (required, String)

    Identifier (ID) of the directory to which to add the address block.

  • :ip_routes (required, Array<Types::IpRoute>)

    IP address blocks, using CIDR format, of the traffic to route. This is often the IP address block of the DNS server used for your on-premises domain.

  • :update_security_group_for_directory_controllers (Boolean)

    If set to true, updates the inbound and outbound rules of the security group that has the description: \"AWS created security group for directory ID directory controllers.\" Following are the new rules:

    Inbound:

    • Type: Custom UDP Rule, Protocol: UDP, Range: 88, Source: 0.0.0.0/0

    • Type: Custom UDP Rule, Protocol: UDP, Range: 123, Source: 0.0.0.0/0

    • Type: Custom UDP Rule, Protocol: UDP, Range: 138, Source: 0.0.0.0/0

    • Type: Custom UDP Rule, Protocol: UDP, Range: 389, Source: 0.0.0.0/0

    • Type: Custom UDP Rule, Protocol: UDP, Range: 464, Source: 0.0.0.0/0

    • Type: Custom UDP Rule, Protocol: UDP, Range: 445, Source: 0.0.0.0/0

    • Type: Custom TCP Rule, Protocol: TCP, Range: 88, Source: 0.0.0.0/0

    • Type: Custom TCP Rule, Protocol: TCP, Range: 135, Source: 0.0.0.0/0

    • Type: Custom TCP Rule, Protocol: TCP, Range: 445, Source: 0.0.0.0/0

    • Type: Custom TCP Rule, Protocol: TCP, Range: 464, Source: 0.0.0.0/0

    • Type: Custom TCP Rule, Protocol: TCP, Range: 636, Source: 0.0.0.0/0

    • Type: Custom TCP Rule, Protocol: TCP, Range: 1024-65535, Source: 0.0.0.0/0

    • Type: Custom TCP Rule, Protocol: TCP, Range: 3268-33269, Source: 0.0.0.0/0

    • Type: DNS (UDP), Protocol: UDP, Range: 53, Source: 0.0.0.0/0

    • Type: DNS (TCP), Protocol: TCP, Range: 53, Source: 0.0.0.0/0

    • Type: LDAP, Protocol: TCP, Range: 389, Source: 0.0.0.0/0

    • Type: All ICMP, Protocol: All, Range: N/A, Source: 0.0.0.0/0

    Outbound:

    • Type: All traffic, Protocol: All, Range: All, Destination: 0.0.0.0/0

    ^

    These security rules impact an internal network interface that is not exposed publicly.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#add_region(options = {}) ⇒ Struct

Adds two domain controllers in the specified Region for the specified directory.

Examples:

Request syntax with placeholder values


resp = client.add_region({
  directory_id: "DirectoryId", # required
  region_name: "RegionName", # required
  vpc_settings: { # required
    vpc_id: "VpcId", # required
    subnet_ids: ["SubnetId"], # required
  },
})

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory to which you want to add Region replication.

  • :region_name (required, String)

    The name of the Region where you want to add domain controllers for replication. For example, us-east-1.

  • :vpc_settings (required, Types::DirectoryVpcSettings)

    Contains VPC information for the CreateDirectory or CreateMicrosoftAD operation.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#add_tags_to_resource(options = {}) ⇒ Struct

Adds or overwrites one or more tags for the specified directory. Each directory can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique to each resource.

Examples:

Request syntax with placeholder values


resp = client.add_tags_to_resource({
  resource_id: "ResourceId", # required
  tags: [ # required
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
})

Options Hash (options):

  • :resource_id (required, String)

    Identifier (ID) for the directory to which to add the tag.

  • :tags (required, Array<Types::Tag>)

    The tags to be assigned to the directory.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#cancel_schema_extension(options = {}) ⇒ Struct

Cancels an in-progress schema extension to a Microsoft AD directory. Once a schema extension has started replicating to all domain controllers, the task can no longer be canceled. A schema extension can be canceled during any of the following states; Initializing, CreatingSnapshot, and UpdatingSchema.

Examples:

Request syntax with placeholder values


resp = client.cancel_schema_extension({
  directory_id: "DirectoryId", # required
  schema_extension_id: "SchemaExtensionId", # required
})

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory whose schema extension will be canceled.

  • :schema_extension_id (required, String)

    The identifier of the schema extension that will be canceled.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#connect_directory(options = {}) ⇒ Types::ConnectDirectoryResult

Creates an AD Connector to connect to an on-premises directory.

Before you call ConnectDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the ConnectDirectory operation, see AWS Directory Service API Permissions: Actions, Resources, and Conditions Reference.

Examples:

Request syntax with placeholder values


resp = client.connect_directory({
  name: "DirectoryName", # required
  short_name: "DirectoryShortName",
  password: "ConnectPassword", # required
  description: "Description",
  size: "Small", # required, accepts Small, Large
  connect_settings: { # required
    vpc_id: "VpcId", # required
    subnet_ids: ["SubnetId"], # required
    customer_dns_ips: ["IpAddr"], # required
    customer_user_name: "UserName", # required
  },
  tags: [
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
})

Response structure


resp.directory_id #=> String

Options Hash (options):

  • :name (required, String)

    The fully qualified name of the on-premises directory, such as corp.example.com.

  • :short_name (String)

    The NetBIOS name of the on-premises directory, such as CORP.

  • :password (required, String)

    The password for the on-premises user account.

  • :description (String)

    A description for the directory.

  • :size (required, String)

    The size of the directory.

  • :connect_settings (required, Types::DirectoryConnectSettings)

    A DirectoryConnectSettings object that contains additional information for the operation.

  • :tags (Array<Types::Tag>)

    The tags to be assigned to AD Connector.

Returns:

See Also:

#create_alias(options = {}) ⇒ Types::CreateAliasResult

Creates an alias for a directory and assigns the alias to the directory. The alias is used to construct the access URL for the directory, such as http://<alias>.awsapps.com.

After an alias has been created, it cannot be deleted or reused, so this operation should only be used when absolutely necessary.

Examples:

Request syntax with placeholder values


resp = client.create_alias({
  directory_id: "DirectoryId", # required
  alias: "AliasName", # required
})

Response structure


resp.directory_id #=> String
resp.alias #=> String

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory for which to create the alias.

  • :alias (required, String)

    The requested alias.

    The alias must be unique amongst all aliases in AWS. This operation throws an EntityAlreadyExistsException error if the alias already exists.

Returns:

See Also:

#create_computer(options = {}) ⇒ Types::CreateComputerResult

Creates an Active Directory computer object in the specified directory.

Examples:

Request syntax with placeholder values


resp = client.create_computer({
  directory_id: "DirectoryId", # required
  computer_name: "ComputerName", # required
  password: "ComputerPassword", # required
  organizational_unit_distinguished_name: "OrganizationalUnitDN",
  computer_attributes: [
    {
      name: "AttributeName",
      value: "AttributeValue",
    },
  ],
})

Response structure


resp.computer.computer_id #=> String
resp.computer.computer_name #=> String
resp.computer.computer_attributes #=> Array
resp.computer.computer_attributes[0].name #=> String
resp.computer.computer_attributes[0].value #=> <Hash,Array,String,Numeric,Boolean,IO,Set,nil>

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory in which to create the computer account.

  • :computer_name (required, String)

    The name of the computer account.

  • :password (required, String)

    A one-time password that is used to join the computer to the directory. You should generate a random, strong password to use for this parameter.

  • :organizational_unit_distinguished_name (String)

    The fully-qualified distinguished name of the organizational unit to place the computer account in.

  • :computer_attributes (Array<Types::Attribute>)

    An array of Attribute objects that contain any LDAP attributes to apply to the computer account.

Returns:

See Also:

#create_conditional_forwarder(options = {}) ⇒ Struct

Creates a conditional forwarder associated with your AWS directory. Conditional forwarders are required in order to set up a trust relationship with another domain. The conditional forwarder points to the trusted domain.

Examples:

Request syntax with placeholder values


resp = client.create_conditional_forwarder({
  directory_id: "DirectoryId", # required
  remote_domain_name: "RemoteDomainName", # required
  dns_ip_addrs: ["IpAddr"], # required
})

Options Hash (options):

  • :directory_id (required, String)

    The directory ID of the AWS directory for which you are creating the conditional forwarder.

  • :remote_domain_name (required, String)

    The fully qualified domain name (FQDN) of the remote domain with which you will set up a trust relationship.

  • :dns_ip_addrs (required, Array<String>)

    The IP addresses of the remote DNS server associated with RemoteDomainName.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#create_directory(options = {}) ⇒ Types::CreateDirectoryResult

Creates a Simple AD directory. For more information, see Simple Active Directory in the AWS Directory Service Admin Guide.

Before you call CreateDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the CreateDirectory operation, see AWS Directory Service API Permissions: Actions, Resources, and Conditions Reference.

Examples:

Request syntax with placeholder values


resp = client.create_directory({
  name: "DirectoryName", # required
  short_name: "DirectoryShortName",
  password: "Password", # required
  description: "Description",
  size: "Small", # required, accepts Small, Large
  vpc_settings: {
    vpc_id: "VpcId", # required
    subnet_ids: ["SubnetId"], # required
  },
  tags: [
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
})

Response structure


resp.directory_id #=> String

Options Hash (options):

  • :name (required, String)

    The fully qualified name for the directory, such as corp.example.com.

  • :short_name (String)

    The NetBIOS name of the directory, such as CORP.

  • :password (required, String)

    The password for the directory administrator. The directory creation process creates a directory administrator account with the user name Administrator and this password.

    If you need to change the password for the administrator account, you can use the ResetUserPassword API call.

    The regex pattern for this string is made up of the following conditions:

    • Length (?=^.`8,64`$) – Must be between 8 and 64 characters

    ^

    AND any 3 of the following password complexity rules required by Active Directory:

    • Numbers and upper case and lowercase (?=.*\d)(?=.*[A-Z])(?=.*[a-z])

    • Numbers and special characters and lower case (?=.*\d)(?=.*[^A-Za-z0-9\s])(?=.*[a-z])

    • Special characters and upper case and lower case (?=.*[^A-Za-z0-9\s])(?=.*[A-Z])(?=.*[a-z])

    • Numbers and upper case and special characters (?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9\s])

    For additional information about how Active Directory passwords are enforced, see Password must meet complexity requirements on the Microsoft website.

  • :description (String)

    A description for the directory.

  • :size (required, String)

    The size of the directory.

  • :vpc_settings (Types::DirectoryVpcSettings)

    A DirectoryVpcSettings object that contains additional information for the operation.

  • :tags (Array<Types::Tag>)

    The tags to be assigned to the Simple AD directory.

Returns:

See Also:

#create_log_subscription(options = {}) ⇒ Struct

Creates a subscription to forward real-time Directory Service domain controller security logs to the specified Amazon CloudWatch log group in your AWS account.

Examples:

Request syntax with placeholder values


resp = client.create_log_subscription({
  directory_id: "DirectoryId", # required
  log_group_name: "LogGroupName", # required
})

Options Hash (options):

  • :directory_id (required, String)

    Identifier of the directory to which you want to subscribe and receive real-time logs to your specified CloudWatch log group.

  • :log_group_name (required, String)

    The name of the CloudWatch log group where the real-time domain controller logs are forwarded.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#create_microsoft_ad(options = {}) ⇒ Types::CreateMicrosoftADResult

Creates a Microsoft AD directory in the AWS Cloud. For more information, see AWS Managed Microsoft AD in the AWS Directory Service Admin Guide.

Before you call CreateMicrosoftAD, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the CreateMicrosoftAD operation, see AWS Directory Service API Permissions: Actions, Resources, and Conditions Reference.

Examples:

Request syntax with placeholder values


resp = client.create_microsoft_ad({
  name: "DirectoryName", # required
  short_name: "DirectoryShortName",
  password: "Password", # required
  description: "Description",
  vpc_settings: { # required
    vpc_id: "VpcId", # required
    subnet_ids: ["SubnetId"], # required
  },
  edition: "Enterprise", # accepts Enterprise, Standard
  tags: [
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
})

Response structure


resp.directory_id #=> String

Options Hash (options):

  • :name (required, String)

    The fully qualified domain name for the AWS Managed Microsoft AD directory, such as corp.example.com. This name will resolve inside your VPC only. It does not need to be publicly resolvable.

  • :short_name (String)

    The NetBIOS name for your domain, such as CORP. If you don\'t specify a NetBIOS name, it will default to the first part of your directory DNS. For example, CORP for the directory DNS corp.example.com.

  • :password (required, String)

    The password for the default administrative user named Admin.

    If you need to change the password for the administrator account, you can use the ResetUserPassword API call.

  • :description (String)

    A description for the directory. This label will appear on the AWS console Directory Details page after the directory is created.

  • :vpc_settings (required, Types::DirectoryVpcSettings)

    Contains VPC information for the CreateDirectory or CreateMicrosoftAD operation.

  • :edition (String)

    AWS Managed Microsoft AD is available in two editions: Standard and Enterprise. Enterprise is the default.

  • :tags (Array<Types::Tag>)

    The tags to be assigned to the AWS Managed Microsoft AD directory.

Returns:

See Also:

#create_snapshot(options = {}) ⇒ Types::CreateSnapshotResult

Creates a snapshot of a Simple AD or Microsoft AD directory in the AWS cloud.

You cannot take snapshots of AD Connector directories.

Examples:

Request syntax with placeholder values


resp = client.create_snapshot({
  directory_id: "DirectoryId", # required
  name: "SnapshotName",
})

Response structure


resp.snapshot_id #=> String

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory of which to take a snapshot.

  • :name (String)

    The descriptive name to apply to the snapshot.

Returns:

See Also:

#create_trust(options = {}) ⇒ Types::CreateTrustResult

AWS Directory Service for Microsoft Active Directory allows you to configure trust relationships. For example, you can establish a trust between your AWS Managed Microsoft AD directory, and your existing on-premises Microsoft Active Directory. This would allow you to provide users and groups access to resources in either domain, with a single set of credentials.

This action initiates the creation of the AWS side of a trust relationship between an AWS Managed Microsoft AD directory and an external domain. You can create either a forest trust or an external trust.

Examples:

Request syntax with placeholder values


resp = client.create_trust({
  directory_id: "DirectoryId", # required
  remote_domain_name: "RemoteDomainName", # required
  trust_password: "TrustPassword", # required
  trust_direction: "One-Way: Outgoing", # required, accepts One-Way: Outgoing, One-Way: Incoming, Two-Way
  trust_type: "Forest", # accepts Forest, External
  conditional_forwarder_ip_addrs: ["IpAddr"],
  selective_auth: "Enabled", # accepts Enabled, Disabled
})

Response structure


resp.trust_id #=> String

Options Hash (options):

  • :directory_id (required, String)

    The Directory ID of the AWS Managed Microsoft AD directory for which to establish the trust relationship.

  • :remote_domain_name (required, String)

    The Fully Qualified Domain Name (FQDN) of the external domain for which to create the trust relationship.

  • :trust_password (required, String)

    The trust password. The must be the same password that was used when creating the trust relationship on the external domain.

  • :trust_direction (required, String)

    The direction of the trust relationship.

  • :trust_type (String)

    The trust relationship type. Forest is the default.

  • :conditional_forwarder_ip_addrs (Array<String>)

    The IP addresses of the remote DNS server associated with RemoteDomainName.

  • :selective_auth (String)

    Optional parameter to enable selective authentication for the trust.

Returns:

See Also:

#delete_conditional_forwarder(options = {}) ⇒ Struct

Deletes a conditional forwarder that has been set up for your AWS directory.

Examples:

Request syntax with placeholder values


resp = client.delete_conditional_forwarder({
  directory_id: "DirectoryId", # required
  remote_domain_name: "RemoteDomainName", # required
})

Options Hash (options):

  • :directory_id (required, String)

    The directory ID for which you are deleting the conditional forwarder.

  • :remote_domain_name (required, String)

    The fully qualified domain name (FQDN) of the remote domain with which you are deleting the conditional forwarder.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#delete_directory(options = {}) ⇒ Types::DeleteDirectoryResult

Deletes an AWS Directory Service directory.

Before you call DeleteDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the DeleteDirectory operation, see AWS Directory Service API Permissions: Actions, Resources, and Conditions Reference.

Examples:

Request syntax with placeholder values


resp = client.delete_directory({
  directory_id: "DirectoryId", # required
})

Response structure


resp.directory_id #=> String

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory to delete.

Returns:

See Also:

#delete_log_subscription(options = {}) ⇒ Struct

Deletes the specified log subscription.

Examples:

Request syntax with placeholder values


resp = client.delete_log_subscription({
  directory_id: "DirectoryId", # required
})

Options Hash (options):

  • :directory_id (required, String)

    Identifier of the directory whose log subscription you want to delete.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#delete_snapshot(options = {}) ⇒ Types::DeleteSnapshotResult

Deletes a directory snapshot.

Examples:

Request syntax with placeholder values


resp = client.delete_snapshot({
  snapshot_id: "SnapshotId", # required
})

Response structure


resp.snapshot_id #=> String

Options Hash (options):

  • :snapshot_id (required, String)

    The identifier of the directory snapshot to be deleted.

Returns:

See Also:

#delete_trust(options = {}) ⇒ Types::DeleteTrustResult

Deletes an existing trust relationship between your AWS Managed Microsoft AD directory and an external domain.

Examples:

Request syntax with placeholder values


resp = client.delete_trust({
  trust_id: "TrustId", # required
  delete_associated_conditional_forwarder: false,
})

Response structure


resp.trust_id #=> String

Options Hash (options):

  • :trust_id (required, String)

    The Trust ID of the trust relationship to be deleted.

  • :delete_associated_conditional_forwarder (Boolean)

    Delete a conditional forwarder as part of a DeleteTrustRequest.

Returns:

See Also:

#deregister_certificate(options = {}) ⇒ Struct

Deletes from the system the certificate that was registered for a secured LDAP connection.

Examples:

Request syntax with placeholder values


resp = client.deregister_certificate({
  directory_id: "DirectoryId", # required
  certificate_id: "CertificateId", # required
})

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory.

  • :certificate_id (required, String)

    The identifier of the certificate.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#deregister_event_topic(options = {}) ⇒ Struct

Removes the specified directory as a publisher to the specified SNS topic.

Examples:

Request syntax with placeholder values


resp = client.deregister_event_topic({
  directory_id: "DirectoryId", # required
  topic_name: "TopicName", # required
})

Options Hash (options):

  • :directory_id (required, String)

    The Directory ID to remove as a publisher. This directory will no longer send messages to the specified SNS topic.

  • :topic_name (required, String)

    The name of the SNS topic from which to remove the directory as a publisher.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#describe_certificate(options = {}) ⇒ Types::DescribeCertificateResult

Displays information about the certificate registered for a secured LDAP connection.

Examples:

Request syntax with placeholder values


resp = client.describe_certificate({
  directory_id: "DirectoryId", # required
  certificate_id: "CertificateId", # required
})

Response structure


resp.certificate.certificate_id #=> String
resp.certificate.state #=> String, one of "Registering", "Registered", "RegisterFailed", "Deregistering", "Deregistered", "DeregisterFailed"
resp.certificate.state_reason #=> String
resp.certificate.common_name #=> String
resp.certificate.registered_date_time #=> Time
resp.certificate.expiry_date_time #=> Time

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory.

  • :certificate_id (required, String)

    The identifier of the certificate.

Returns:

See Also:

#describe_conditional_forwarders(options = {}) ⇒ Types::DescribeConditionalForwardersResult

Obtains information about the conditional forwarders for this account.

If no input parameters are provided for RemoteDomainNames, this request describes all conditional forwarders for the specified directory ID.

Examples:

Request syntax with placeholder values


resp = client.describe_conditional_forwarders({
  directory_id: "DirectoryId", # required
  remote_domain_names: ["RemoteDomainName"],
})

Response structure


resp.conditional_forwarders #=> Array
resp.conditional_forwarders[0].remote_domain_name #=> String
resp.conditional_forwarders[0].dns_ip_addrs #=> Array
resp.conditional_forwarders[0].dns_ip_addrs[0] #=> String
resp.conditional_forwarders[0].replication_scope #=> String, one of "Domain"

Options Hash (options):

  • :directory_id (required, String)

    The directory ID for which to get the list of associated conditional forwarders.

  • :remote_domain_names (Array<String>)

    The fully qualified domain names (FQDN) of the remote domains for which to get the list of associated conditional forwarders. If this member is null, all conditional forwarders are returned.

Returns:

See Also:

#describe_directories(options = {}) ⇒ Types::DescribeDirectoriesResult

Obtains information about the directories that belong to this account.

You can retrieve information about specific directories by passing the directory identifiers in the DirectoryIds parameter. Otherwise, all directories that belong to the current account are returned.

This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the DescribeDirectoriesResult.NextToken member contains a token that you pass in the next call to DescribeDirectories to retrieve the next set of items.

You can also specify a maximum number of return results with the Limit parameter.

Examples:

Request syntax with placeholder values


resp = client.describe_directories({
  directory_ids: ["DirectoryId"],
  next_token: "NextToken",
  limit: 1,
})

Response structure


resp.directory_descriptions #=> Array
resp.directory_descriptions[0].directory_id #=> String
resp.directory_descriptions[0].name #=> String
resp.directory_descriptions[0].short_name #=> String
resp.directory_descriptions[0].size #=> String, one of "Small", "Large"
resp.directory_descriptions[0].edition #=> String, one of "Enterprise", "Standard"
resp.directory_descriptions[0].alias #=> String
resp.directory_descriptions[0].access_url #=> String
resp.directory_descriptions[0].description #=> String
resp.directory_descriptions[0].dns_ip_addrs #=> Array
resp.directory_descriptions[0].dns_ip_addrs[0] #=> String
resp.directory_descriptions[0].stage #=> String, one of "Requested", "Creating", "Created", "Active", "Inoperable", "Impaired", "Restoring", "RestoreFailed", "Deleting", "Deleted", "Failed"
resp.directory_descriptions[0].share_status #=> String, one of "Shared", "PendingAcceptance", "Rejected", "Rejecting", "RejectFailed", "Sharing", "ShareFailed", "Deleted", "Deleting"
resp.directory_descriptions[0].share_method #=> String, one of "ORGANIZATIONS", "HANDSHAKE"
resp.directory_descriptions[0].share_notes #=> String
resp.directory_descriptions[0].launch_time #=> Time
resp.directory_descriptions[0].stage_last_updated_date_time #=> Time
resp.directory_descriptions[0].type #=> String, one of "SimpleAD", "ADConnector", "MicrosoftAD", "SharedMicrosoftAD"
resp.directory_descriptions[0].vpc_settings.vpc_id #=> String
resp.directory_descriptions[0].vpc_settings.subnet_ids #=> Array
resp.directory_descriptions[0].vpc_settings.subnet_ids[0] #=> String
resp.directory_descriptions[0].vpc_settings.security_group_id #=> String
resp.directory_descriptions[0].vpc_settings.availability_zones #=> Array
resp.directory_descriptions[0].vpc_settings.availability_zones[0] #=> String
resp.directory_descriptions[0].connect_settings.vpc_id #=> String
resp.directory_descriptions[0].connect_settings.subnet_ids #=> Array
resp.directory_descriptions[0].connect_settings.subnet_ids[0] #=> String
resp.directory_descriptions[0].connect_settings.customer_user_name #=> String
resp.directory_descriptions[0].connect_settings.security_group_id #=> String
resp.directory_descriptions[0].connect_settings.availability_zones #=> Array
resp.directory_descriptions[0].connect_settings.availability_zones[0] #=> String
resp.directory_descriptions[0].connect_settings.connect_ips #=> Array
resp.directory_descriptions[0].connect_settings.connect_ips[0] #=> String
resp.directory_descriptions[0].radius_settings.radius_servers #=> Array
resp.directory_descriptions[0].radius_settings.radius_servers[0] #=> String
resp.directory_descriptions[0].radius_settings.radius_port #=> Integer
resp.directory_descriptions[0].radius_settings.radius_timeout #=> Integer
resp.directory_descriptions[0].radius_settings.radius_retries #=> Integer
resp.directory_descriptions[0].radius_settings.shared_secret #=> String
resp.directory_descriptions[0].radius_settings.authentication_protocol #=> String, one of "PAP", "CHAP", "MS-CHAPv1", "MS-CHAPv2"
resp.directory_descriptions[0].radius_settings.display_label #=> String
resp.directory_descriptions[0].radius_settings.use_same_username #=> true/false
resp.directory_descriptions[0].radius_status #=> String, one of "Creating", "Completed", "Failed"
resp.directory_descriptions[0].stage_reason #=> String
resp.directory_descriptions[0].sso_enabled #=> true/false
resp.directory_descriptions[0].desired_number_of_domain_controllers #=> Integer
resp.directory_descriptions[0].owner_directory_description.directory_id #=> String
resp.directory_descriptions[0].owner_directory_description. #=> String
resp.directory_descriptions[0].owner_directory_description.dns_ip_addrs #=> Array
resp.directory_descriptions[0].owner_directory_description.dns_ip_addrs[0] #=> String
resp.directory_descriptions[0].owner_directory_description.vpc_settings.vpc_id #=> String
resp.directory_descriptions[0].owner_directory_description.vpc_settings.subnet_ids #=> Array
resp.directory_descriptions[0].owner_directory_description.vpc_settings.subnet_ids[0] #=> String
resp.directory_descriptions[0].owner_directory_description.vpc_settings.security_group_id #=> String
resp.directory_descriptions[0].owner_directory_description.vpc_settings.availability_zones #=> Array
resp.directory_descriptions[0].owner_directory_description.vpc_settings.availability_zones[0] #=> String
resp.directory_descriptions[0].owner_directory_description.radius_settings.radius_servers #=> Array
resp.directory_descriptions[0].owner_directory_description.radius_settings.radius_servers[0] #=> String
resp.directory_descriptions[0].owner_directory_description.radius_settings.radius_port #=> Integer
resp.directory_descriptions[0].owner_directory_description.radius_settings.radius_timeout #=> Integer
resp.directory_descriptions[0].owner_directory_description.radius_settings.radius_retries #=> Integer
resp.directory_descriptions[0].owner_directory_description.radius_settings.shared_secret #=> String
resp.directory_descriptions[0].owner_directory_description.radius_settings.authentication_protocol #=> String, one of "PAP", "CHAP", "MS-CHAPv1", "MS-CHAPv2"
resp.directory_descriptions[0].owner_directory_description.radius_settings.display_label #=> String
resp.directory_descriptions[0].owner_directory_description.radius_settings.use_same_username #=> true/false
resp.directory_descriptions[0].owner_directory_description.radius_status #=> String, one of "Creating", "Completed", "Failed"
resp.directory_descriptions[0].regions_info.primary_region #=> String
resp.directory_descriptions[0].regions_info.additional_regions #=> Array
resp.directory_descriptions[0].regions_info.additional_regions[0] #=> String
resp.next_token #=> String

Options Hash (options):

  • :directory_ids (Array<String>)

    A list of identifiers of the directories for which to obtain the information. If this member is null, all directories that belong to the current account are returned.

    An empty list results in an InvalidParameterException being thrown.

  • :next_token (String)

    The DescribeDirectoriesResult.NextToken value from a previous call to DescribeDirectories. Pass null if this is the first call.

  • :limit (Integer)

    The maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation.

Returns:

See Also:

#describe_domain_controllers(options = {}) ⇒ Types::DescribeDomainControllersResult

Provides information about any domain controllers in your directory.

Examples:

Request syntax with placeholder values


resp = client.describe_domain_controllers({
  directory_id: "DirectoryId", # required
  domain_controller_ids: ["DomainControllerId"],
  next_token: "NextToken",
  limit: 1,
})

Response structure


resp.domain_controllers #=> Array
resp.domain_controllers[0].directory_id #=> String
resp.domain_controllers[0].domain_controller_id #=> String
resp.domain_controllers[0].dns_ip_addr #=> String
resp.domain_controllers[0].vpc_id #=> String
resp.domain_controllers[0].subnet_id #=> String
resp.domain_controllers[0].availability_zone #=> String
resp.domain_controllers[0].status #=> String, one of "Creating", "Active", "Impaired", "Restoring", "Deleting", "Deleted", "Failed"
resp.domain_controllers[0].status_reason #=> String
resp.domain_controllers[0].launch_time #=> Time
resp.domain_controllers[0].status_last_updated_date_time #=> Time
resp.next_token #=> String

Options Hash (options):

  • :directory_id (required, String)

    Identifier of the directory for which to retrieve the domain controller information.

  • :domain_controller_ids (Array<String>)

    A list of identifiers for the domain controllers whose information will be provided.

  • :next_token (String)

    The DescribeDomainControllers.NextToken value from a previous call to DescribeDomainControllers. Pass null if this is the first call.

  • :limit (Integer)

    The maximum number of items to return.

Returns:

See Also:

#describe_event_topics(options = {}) ⇒ Types::DescribeEventTopicsResult

Obtains information about which SNS topics receive status messages from the specified directory.

If no input parameters are provided, such as DirectoryId or TopicName, this request describes all of the associations in the account.

Examples:

Request syntax with placeholder values


resp = client.describe_event_topics({
  directory_id: "DirectoryId",
  topic_names: ["TopicName"],
})

Response structure


resp.event_topics #=> Array
resp.event_topics[0].directory_id #=> String
resp.event_topics[0].topic_name #=> String
resp.event_topics[0].topic_arn #=> String
resp.event_topics[0].created_date_time #=> Time
resp.event_topics[0].status #=> String, one of "Registered", "Topic not found", "Failed", "Deleted"

Options Hash (options):

  • :directory_id (String)

    The Directory ID for which to get the list of associated SNS topics. If this member is null, associations for all Directory IDs are returned.

  • :topic_names (Array<String>)

    A list of SNS topic names for which to obtain the information. If this member is null, all associations for the specified Directory ID are returned.

    An empty list results in an InvalidParameterException being thrown.

Returns:

See Also:

#describe_ldaps_settings(options = {}) ⇒ Types::DescribeLDAPSSettingsResult

Describes the status of LDAP security for the specified directory.

Examples:

Request syntax with placeholder values


resp = client.describe_ldaps_settings({
  directory_id: "DirectoryId", # required
  type: "Client", # accepts Client
  next_token: "NextToken",
  limit: 1,
})

Response structure


resp.ldaps_settings_info #=> Array
resp.ldaps_settings_info[0].ldaps_status #=> String, one of "Enabling", "Enabled", "EnableFailed", "Disabled"
resp.ldaps_settings_info[0].ldaps_status_reason #=> String
resp.ldaps_settings_info[0].last_updated_date_time #=> Time
resp.next_token #=> String

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory.

  • :type (String)

    The type of LDAP security to enable. Currently only the value Client is supported.

  • :next_token (String)

    The type of next token used for pagination.

  • :limit (Integer)

    Specifies the number of items that should be displayed on one page.

Returns:

See Also:

#describe_regions(options = {}) ⇒ Types::DescribeRegionsResult

Provides information about the Regions that are configured for multi-Region replication.

Examples:

Request syntax with placeholder values


resp = client.describe_regions({
  directory_id: "DirectoryId", # required
  region_name: "RegionName",
  next_token: "NextToken",
})

Response structure


resp.regions_description #=> Array
resp.regions_description[0].directory_id #=> String
resp.regions_description[0].region_name #=> String
resp.regions_description[0].region_type #=> String, one of "Primary", "Additional"
resp.regions_description[0].status #=> String, one of "Requested", "Creating", "Created", "Active", "Inoperable", "Impaired", "Restoring", "RestoreFailed", "Deleting", "Deleted", "Failed"
resp.regions_description[0].vpc_settings.vpc_id #=> String
resp.regions_description[0].vpc_settings.subnet_ids #=> Array
resp.regions_description[0].vpc_settings.subnet_ids[0] #=> String
resp.regions_description[0].desired_number_of_domain_controllers #=> Integer
resp.regions_description[0].launch_time #=> Time
resp.regions_description[0].status_last_updated_date_time #=> Time
resp.regions_description[0].last_updated_date_time #=> Time
resp.next_token #=> String

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory.

  • :region_name (String)

    The name of the Region. For example, us-east-1.

  • :next_token (String)

    The DescribeRegionsResult.NextToken value from a previous call to DescribeRegions. Pass null if this is the first call.

Returns:

See Also:

#describe_shared_directories(options = {}) ⇒ Types::DescribeSharedDirectoriesResult

Returns the shared directories in your account.

Examples:

Request syntax with placeholder values


resp = client.describe_shared_directories({
  owner_directory_id: "DirectoryId", # required
  shared_directory_ids: ["DirectoryId"],
  next_token: "NextToken",
  limit: 1,
})

Response structure


resp.shared_directories #=> Array
resp.shared_directories[0]. #=> String
resp.shared_directories[0].owner_directory_id #=> String
resp.shared_directories[0].share_method #=> String, one of "ORGANIZATIONS", "HANDSHAKE"
resp.shared_directories[0]. #=> String
resp.shared_directories[0].shared_directory_id #=> String
resp.shared_directories[0].share_status #=> String, one of "Shared", "PendingAcceptance", "Rejected", "Rejecting", "RejectFailed", "Sharing", "ShareFailed", "Deleted", "Deleting"
resp.shared_directories[0].share_notes #=> String
resp.shared_directories[0].created_date_time #=> Time
resp.shared_directories[0].last_updated_date_time #=> Time
resp.next_token #=> String

Options Hash (options):

  • :owner_directory_id (required, String)

    Returns the identifier of the directory in the directory owner account.

  • :shared_directory_ids (Array<String>)

    A list of identifiers of all shared directories in your account.

  • :next_token (String)

    The DescribeSharedDirectoriesResult.NextToken value from a previous call to DescribeSharedDirectories. Pass null if this is the first call.

  • :limit (Integer)

    The number of shared directories to return in the response object.

Returns:

See Also:

#describe_snapshots(options = {}) ⇒ Types::DescribeSnapshotsResult

Obtains information about the directory snapshots that belong to this account.

This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the DescribeSnapshots.NextToken member contains a token that you pass in the next call to DescribeSnapshots to retrieve the next set of items.

You can also specify a maximum number of return results with the Limit parameter.

Examples:

Request syntax with placeholder values


resp = client.describe_snapshots({
  directory_id: "DirectoryId",
  snapshot_ids: ["SnapshotId"],
  next_token: "NextToken",
  limit: 1,
})

Response structure


resp.snapshots #=> Array
resp.snapshots[0].directory_id #=> String
resp.snapshots[0].snapshot_id #=> String
resp.snapshots[0].type #=> String, one of "Auto", "Manual"
resp.snapshots[0].name #=> String
resp.snapshots[0].status #=> String, one of "Creating", "Completed", "Failed"
resp.snapshots[0].start_time #=> Time
resp.next_token #=> String

Options Hash (options):

  • :directory_id (String)

    The identifier of the directory for which to retrieve snapshot information.

  • :snapshot_ids (Array<String>)

    A list of identifiers of the snapshots to obtain the information for. If this member is null or empty, all snapshots are returned using the Limit and NextToken members.

  • :next_token (String)

    The DescribeSnapshotsResult.NextToken value from a previous call to DescribeSnapshots. Pass null if this is the first call.

  • :limit (Integer)

    The maximum number of objects to return.

Returns:

See Also:

#describe_trusts(options = {}) ⇒ Types::DescribeTrustsResult

Obtains information about the trust relationships for this account.

If no input parameters are provided, such as DirectoryId or TrustIds, this request describes all the trust relationships belonging to the account.

Examples:

Request syntax with placeholder values


resp = client.describe_trusts({
  directory_id: "DirectoryId",
  trust_ids: ["TrustId"],
  next_token: "NextToken",
  limit: 1,
})

Response structure


resp.trusts #=> Array
resp.trusts[0].directory_id #=> String
resp.trusts[0].trust_id #=> String
resp.trusts[0].remote_domain_name #=> String
resp.trusts[0].trust_type #=> String, one of "Forest", "External"
resp.trusts[0].trust_direction #=> String, one of "One-Way: Outgoing", "One-Way: Incoming", "Two-Way"
resp.trusts[0].trust_state #=> String, one of "Creating", "Created", "Verifying", "VerifyFailed", "Verified", "Updating", "UpdateFailed", "Updated", "Deleting", "Deleted", "Failed"
resp.trusts[0].created_date_time #=> Time
resp.trusts[0].last_updated_date_time #=> Time
resp.trusts[0].state_last_updated_date_time #=> Time
resp.trusts[0].trust_state_reason #=> String
resp.trusts[0].selective_auth #=> String, one of "Enabled", "Disabled"
resp.next_token #=> String

Options Hash (options):

  • :directory_id (String)

    The Directory ID of the AWS directory that is a part of the requested trust relationship.

  • :trust_ids (Array<String>)

    A list of identifiers of the trust relationships for which to obtain the information. If this member is null, all trust relationships that belong to the current account are returned.

    An empty list results in an InvalidParameterException being thrown.

  • :next_token (String)

    The DescribeTrustsResult.NextToken value from a previous call to DescribeTrusts. Pass null if this is the first call.

  • :limit (Integer)

    The maximum number of objects to return.

Returns:

See Also:

#disable_ldaps(options = {}) ⇒ Struct

Deactivates LDAP secure calls for the specified directory.

Examples:

Request syntax with placeholder values


resp = client.disable_ldaps({
  directory_id: "DirectoryId", # required
  type: "Client", # required, accepts Client
})

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory.

  • :type (required, String)

    The type of LDAP security to enable. Currently only the value Client is supported.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#disable_radius(options = {}) ⇒ Struct

Disables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory.

Examples:

Request syntax with placeholder values


resp = client.disable_radius({
  directory_id: "DirectoryId", # required
})

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory for which to disable MFA.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#disable_sso(options = {}) ⇒ Struct

Disables single-sign on for a directory.

Examples:

Request syntax with placeholder values


resp = client.disable_sso({
  directory_id: "DirectoryId", # required
  user_name: "UserName",
  password: "ConnectPassword",
})

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory for which to disable single-sign on.

  • :user_name (String)

    The username of an alternate account to use to disable single-sign on. This is only used for AD Connector directories. This account must have privileges to remove a service principal name.

    If the AD Connector service account does not have privileges to remove a service principal name, you can specify an alternate account with the UserName and Password parameters. These credentials are only used to disable single sign-on and are not stored by the service. The AD Connector service account is not changed.

  • :password (String)

    The password of an alternate account to use to disable single-sign on. This is only used for AD Connector directories. For more information, see the UserName parameter.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#enable_ldaps(options = {}) ⇒ Struct

Activates the switch for the specific directory to always use LDAP secure calls.

Examples:

Request syntax with placeholder values


resp = client.enable_ldaps({
  directory_id: "DirectoryId", # required
  type: "Client", # required, accepts Client
})

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory.

  • :type (required, String)

    The type of LDAP security to enable. Currently only the value Client is supported.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#enable_radius(options = {}) ⇒ Struct

Enables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory.

Examples:

Request syntax with placeholder values


resp = client.enable_radius({
  directory_id: "DirectoryId", # required
  radius_settings: { # required
    radius_servers: ["Server"],
    radius_port: 1,
    radius_timeout: 1,
    radius_retries: 1,
    shared_secret: "RadiusSharedSecret",
    authentication_protocol: "PAP", # accepts PAP, CHAP, MS-CHAPv1, MS-CHAPv2
    display_label: "RadiusDisplayLabel",
    use_same_username: false,
  },
})

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory for which to enable MFA.

  • :radius_settings (required, Types::RadiusSettings)

    A RadiusSettings object that contains information about the RADIUS server.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#enable_sso(options = {}) ⇒ Struct

Enables single sign-on for a directory. Single sign-on allows users in your directory to access certain AWS services from a computer joined to the directory without having to enter their credentials separately.

Examples:

Request syntax with placeholder values


resp = client.enable_sso({
  directory_id: "DirectoryId", # required
  user_name: "UserName",
  password: "ConnectPassword",
})

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory for which to enable single-sign on.

  • :user_name (String)

    The username of an alternate account to use to enable single-sign on. This is only used for AD Connector directories. This account must have privileges to add a service principal name.

    If the AD Connector service account does not have privileges to add a service principal name, you can specify an alternate account with the UserName and Password parameters. These credentials are only used to enable single sign-on and are not stored by the service. The AD Connector service account is not changed.

  • :password (String)

    The password of an alternate account to use to enable single-sign on. This is only used for AD Connector directories. For more information, see the UserName parameter.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#get_directory_limits(options = {}) ⇒ Types::GetDirectoryLimitsResult

Obtains directory limit information for the current Region.

Examples:

Request syntax with placeholder values


resp = client.get_directory_limits()

Response structure


resp.directory_limits.cloud_only_directories_limit #=> Integer
resp.directory_limits.cloud_only_directories_current_count #=> Integer
resp.directory_limits.cloud_only_directories_limit_reached #=> true/false
resp.directory_limits.cloud_only_microsoft_ad_limit #=> Integer
resp.directory_limits.cloud_only_microsoft_ad_current_count #=> Integer
resp.directory_limits.cloud_only_microsoft_ad_limit_reached #=> true/false
resp.directory_limits.connected_directories_limit #=> Integer
resp.directory_limits.connected_directories_current_count #=> Integer
resp.directory_limits.connected_directories_limit_reached #=> true/false

Returns:

See Also:

#get_snapshot_limits(options = {}) ⇒ Types::GetSnapshotLimitsResult

Obtains the manual snapshot limits for a directory.

Examples:

Request syntax with placeholder values


resp = client.get_snapshot_limits({
  directory_id: "DirectoryId", # required
})

Response structure


resp.snapshot_limits.manual_snapshots_limit #=> Integer
resp.snapshot_limits.manual_snapshots_current_count #=> Integer
resp.snapshot_limits.manual_snapshots_limit_reached #=> true/false

Options Hash (options):

  • :directory_id (required, String)

    Contains the identifier of the directory to obtain the limits for.

Returns:

See Also:

#list_certificates(options = {}) ⇒ Types::ListCertificatesResult

For the specified directory, lists all the certificates registered for a secured LDAP connection.

Examples:

Request syntax with placeholder values


resp = client.list_certificates({
  directory_id: "DirectoryId", # required
  next_token: "NextToken",
  limit: 1,
})

Response structure


resp.next_token #=> String
resp.certificates_info #=> Array
resp.certificates_info[0].certificate_id #=> String
resp.certificates_info[0].common_name #=> String
resp.certificates_info[0].state #=> String, one of "Registering", "Registered", "RegisterFailed", "Deregistering", "Deregistered", "DeregisterFailed"
resp.certificates_info[0].expiry_date_time #=> Time

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory.

  • :next_token (String)

    A token for requesting another page of certificates if the NextToken response element indicates that more certificates are available. Use the value of the returned NextToken element in your request until the token comes back as null. Pass null if this is the first call.

  • :limit (Integer)

    The number of items that should show up on one page

Returns:

See Also:

#list_ip_routes(options = {}) ⇒ Types::ListIpRoutesResult

Lists the address blocks that you have added to a directory.

Examples:

Request syntax with placeholder values


resp = client.list_ip_routes({
  directory_id: "DirectoryId", # required
  next_token: "NextToken",
  limit: 1,
})

Response structure


resp.ip_routes_info #=> Array
resp.ip_routes_info[0].directory_id #=> String
resp.ip_routes_info[0].cidr_ip #=> String
resp.ip_routes_info[0].ip_route_status_msg #=> String, one of "Adding", "Added", "Removing", "Removed", "AddFailed", "RemoveFailed"
resp.ip_routes_info[0].added_date_time #=> Time
resp.ip_routes_info[0].ip_route_status_reason #=> String
resp.ip_routes_info[0].description #=> String
resp.next_token #=> String

Options Hash (options):

  • :directory_id (required, String)

    Identifier (ID) of the directory for which you want to retrieve the IP addresses.

  • :next_token (String)

    The ListIpRoutes.NextToken value from a previous call to ListIpRoutes. Pass null if this is the first call.

  • :limit (Integer)

    Maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation.

Returns:

See Also:

#list_log_subscriptions(options = {}) ⇒ Types::ListLogSubscriptionsResult

Lists the active log subscriptions for the AWS account.

Examples:

Request syntax with placeholder values


resp = client.list_log_subscriptions({
  directory_id: "DirectoryId",
  next_token: "NextToken",
  limit: 1,
})

Response structure


resp.log_subscriptions #=> Array
resp.log_subscriptions[0].directory_id #=> String
resp.log_subscriptions[0].log_group_name #=> String
resp.log_subscriptions[0].subscription_created_date_time #=> Time
resp.next_token #=> String

Options Hash (options):

  • :directory_id (String)

    If a DirectoryID is provided, lists only the log subscription associated with that directory. If no DirectoryId is provided, lists all log subscriptions associated with your AWS account. If there are no log subscriptions for the AWS account or the directory, an empty list will be returned.

  • :next_token (String)

    The token for the next set of items to return.

  • :limit (Integer)

    The maximum number of items returned.

Returns:

See Also:

#list_schema_extensions(options = {}) ⇒ Types::ListSchemaExtensionsResult

Lists all schema extensions applied to a Microsoft AD Directory.

Examples:

Request syntax with placeholder values


resp = client.list_schema_extensions({
  directory_id: "DirectoryId", # required
  next_token: "NextToken",
  limit: 1,
})

Response structure


resp.schema_extensions_info #=> Array
resp.schema_extensions_info[0].directory_id #=> String
resp.schema_extensions_info[0].schema_extension_id #=> String
resp.schema_extensions_info[0].description #=> String
resp.schema_extensions_info[0].schema_extension_status #=> String, one of "Initializing", "CreatingSnapshot", "UpdatingSchema", "Replicating", "CancelInProgress", "RollbackInProgress", "Cancelled", "Failed", "Completed"
resp.schema_extensions_info[0].schema_extension_status_reason #=> String
resp.schema_extensions_info[0].start_date_time #=> Time
resp.schema_extensions_info[0].end_date_time #=> Time
resp.next_token #=> String

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory from which to retrieve the schema extension information.

  • :next_token (String)

    The ListSchemaExtensions.NextToken value from a previous call to ListSchemaExtensions. Pass null if this is the first call.

  • :limit (Integer)

    The maximum number of items to return.

Returns:

See Also:

#list_tags_for_resource(options = {}) ⇒ Types::ListTagsForResourceResult

Lists all tags on a directory.

Examples:

Request syntax with placeholder values


resp = client.list_tags_for_resource({
  resource_id: "ResourceId", # required
  next_token: "NextToken",
  limit: 1,
})

Response structure


resp.tags #=> Array
resp.tags[0].key #=> String
resp.tags[0].value #=> String
resp.next_token #=> String

Options Hash (options):

  • :resource_id (required, String)

    Identifier (ID) of the directory for which you want to retrieve tags.

  • :next_token (String)

    Reserved for future use.

  • :limit (Integer)

    Reserved for future use.

Returns:

See Also:

#register_certificate(options = {}) ⇒ Types::RegisterCertificateResult

Registers a certificate for secured LDAP connection.

Examples:

Request syntax with placeholder values


resp = client.register_certificate({
  directory_id: "DirectoryId", # required
  certificate_data: "CertificateData", # required
})

Response structure


resp.certificate_id #=> String

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory.

  • :certificate_data (required, String)

    The certificate PEM string that needs to be registered.

Returns:

See Also:

#register_event_topic(options = {}) ⇒ Struct

Associates a directory with an SNS topic. This establishes the directory as a publisher to the specified SNS topic. You can then receive email or text (SMS) messages when the status of your directory changes. You get notified if your directory goes from an Active status to an Impaired or Inoperable status. You also receive a notification when the directory returns to an Active status.

Examples:

Request syntax with placeholder values


resp = client.register_event_topic({
  directory_id: "DirectoryId", # required
  topic_name: "TopicName", # required
})

Options Hash (options):

  • :directory_id (required, String)

    The Directory ID that will publish status messages to the SNS topic.

  • :topic_name (required, String)

    The SNS topic name to which the directory will publish status messages. This SNS topic must be in the same region as the specified Directory ID.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#reject_shared_directory(options = {}) ⇒ Types::RejectSharedDirectoryResult

Rejects a directory sharing request that was sent from the directory owner account.

Examples:

Request syntax with placeholder values


resp = client.reject_shared_directory({
  shared_directory_id: "DirectoryId", # required
})

Response structure


resp.shared_directory_id #=> String

Options Hash (options):

  • :shared_directory_id (required, String)

    Identifier of the shared directory in the directory consumer account. This identifier is different for each directory owner account.

Returns:

See Also:

#remove_ip_routes(options = {}) ⇒ Struct

Removes IP address blocks from a directory.

Examples:

Request syntax with placeholder values


resp = client.remove_ip_routes({
  directory_id: "DirectoryId", # required
  cidr_ips: ["CidrIp"], # required
})

Options Hash (options):

  • :directory_id (required, String)

    Identifier (ID) of the directory from which you want to remove the IP addresses.

  • :cidr_ips (required, Array<String>)

    IP address blocks that you want to remove.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#remove_region(options = {}) ⇒ Struct

Stops all replication and removes the domain controllers from the specified Region. You cannot remove the primary Region with this operation. Instead, use the DeleteDirectory API.

Examples:

Request syntax with placeholder values


resp = client.remove_region({
  directory_id: "DirectoryId", # required
})

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory for which you want to remove Region replication.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#remove_tags_from_resource(options = {}) ⇒ Struct

Removes tags from a directory.

Examples:

Request syntax with placeholder values


resp = client.remove_tags_from_resource({
  resource_id: "ResourceId", # required
  tag_keys: ["TagKey"], # required
})

Options Hash (options):

  • :resource_id (required, String)

    Identifier (ID) of the directory from which to remove the tag.

  • :tag_keys (required, Array<String>)

    The tag key (name) of the tag to be removed.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#reset_user_password(options = {}) ⇒ Struct

Resets the password for any user in your AWS Managed Microsoft AD or Simple AD directory.

You can reset the password for any user in your directory with the following exceptions:

  • For Simple AD, you cannot reset the password for any user that is a member of either the Domain Admins or Enterprise Admins group except for the administrator user.

  • For AWS Managed Microsoft AD, you can only reset the password for a user that is in an OU based off of the NetBIOS name that you typed when you created your directory. For example, you cannot reset the password for a user in the AWS Reserved OU. For more information about the OU structure for an AWS Managed Microsoft AD directory, see What Gets Created in the AWS Directory Service Administration Guide.

Examples:

Request syntax with placeholder values


resp = client.reset_user_password({
  directory_id: "DirectoryId", # required
  user_name: "CustomerUserName", # required
  new_password: "UserPassword", # required
})

Options Hash (options):

  • :directory_id (required, String)

    Identifier of the AWS Managed Microsoft AD or Simple AD directory in which the user resides.

  • :user_name (required, String)

    The user name of the user whose password will be reset.

  • :new_password (required, String)

    The new password that will be reset.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#restore_from_snapshot(options = {}) ⇒ Struct

Restores a directory using an existing directory snapshot.

When you restore a directory from a snapshot, any changes made to the directory after the snapshot date are overwritten.

This action returns as soon as the restore operation is initiated. You can monitor the progress of the restore operation by calling the DescribeDirectories operation with the directory identifier. When the DirectoryDescription.Stage value changes to Active, the restore operation is complete.

Examples:

Request syntax with placeholder values


resp = client.restore_from_snapshot({
  snapshot_id: "SnapshotId", # required
})

Options Hash (options):

  • :snapshot_id (required, String)

    The identifier of the snapshot to restore from.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#share_directory(options = {}) ⇒ Types::ShareDirectoryResult

Shares a specified directory (DirectoryId) in your AWS account (directory owner) with another AWS account (directory consumer). With this operation you can use your directory from any AWS account and from any Amazon VPC within an AWS Region.

When you share your AWS Managed Microsoft AD directory, AWS Directory Service creates a shared directory in the directory consumer account. This shared directory contains the metadata to provide access to the directory within the directory owner account. The shared directory is visible in all VPCs in the directory consumer account.

The ShareMethod parameter determines whether the specified directory can be shared between AWS accounts inside the same AWS organization (ORGANIZATIONS). It also determines whether you can share the directory with any other AWS account either inside or outside of the organization (HANDSHAKE).

The ShareNotes parameter is only used when HANDSHAKE is called, which sends a directory sharing request to the directory consumer.

Examples:

Request syntax with placeholder values


resp = client.share_directory({
  directory_id: "DirectoryId", # required
  share_notes: "Notes",
  share_target: { # required
    id: "TargetId", # required
    type: "ACCOUNT", # required, accepts ACCOUNT
  },
  share_method: "ORGANIZATIONS", # required, accepts ORGANIZATIONS, HANDSHAKE
})

Response structure


resp.shared_directory_id #=> String

Options Hash (options):

  • :directory_id (required, String)

    Identifier of the AWS Managed Microsoft AD directory that you want to share with other AWS accounts.

  • :share_notes (String)

    A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation.

  • :share_target (required, Types::ShareTarget)

    Identifier for the directory consumer account with whom the directory is to be shared.

  • :share_method (required, String)

    The method used when sharing a directory to determine whether the directory should be shared within your AWS organization (ORGANIZATIONS) or with any AWS account by sending a directory sharing request (HANDSHAKE).

Returns:

See Also:

#start_schema_extension(options = {}) ⇒ Types::StartSchemaExtensionResult

Applies a schema extension to a Microsoft AD directory.

Examples:

Request syntax with placeholder values


resp = client.start_schema_extension({
  directory_id: "DirectoryId", # required
  create_snapshot_before_schema_extension: false, # required
  ldif_content: "LdifContent", # required
  description: "Description", # required
})

Response structure


resp.schema_extension_id #=> String

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory for which the schema extension will be applied to.

  • :create_snapshot_before_schema_extension (required, Boolean)

    If true, creates a snapshot of the directory before applying the schema extension.

  • :ldif_content (required, String)

    The LDIF file represented as a string. To construct the LdifContent string, precede each line as it would be formatted in an ldif file with \n. See the example request below for more details. The file size can be no larger than 1MB.

  • :description (required, String)

    A description of the schema extension.

Returns:

See Also:

#unshare_directory(options = {}) ⇒ Types::UnshareDirectoryResult

Stops the directory sharing between the directory owner and consumer accounts.

Examples:

Request syntax with placeholder values


resp = client.unshare_directory({
  directory_id: "DirectoryId", # required
  unshare_target: { # required
    id: "TargetId", # required
    type: "ACCOUNT", # required, accepts ACCOUNT
  },
})

Response structure


resp.shared_directory_id #=> String

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the AWS Managed Microsoft AD directory that you want to stop sharing.

  • :unshare_target (required, Types::UnshareTarget)

    Identifier for the directory consumer account with whom the directory has to be unshared.

Returns:

See Also:

#update_conditional_forwarder(options = {}) ⇒ Struct

Updates a conditional forwarder that has been set up for your AWS directory.

Examples:

Request syntax with placeholder values


resp = client.update_conditional_forwarder({
  directory_id: "DirectoryId", # required
  remote_domain_name: "RemoteDomainName", # required
  dns_ip_addrs: ["IpAddr"], # required
})

Options Hash (options):

  • :directory_id (required, String)

    The directory ID of the AWS directory for which to update the conditional forwarder.

  • :remote_domain_name (required, String)

    The fully qualified domain name (FQDN) of the remote domain with which you will set up a trust relationship.

  • :dns_ip_addrs (required, Array<String>)

    The updated IP addresses of the remote DNS server associated with the conditional forwarder.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#update_number_of_domain_controllers(options = {}) ⇒ Struct

Adds or removes domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request.

Examples:

Request syntax with placeholder values


resp = client.update_number_of_domain_controllers({
  directory_id: "DirectoryId", # required
  desired_number: 1, # required
})

Options Hash (options):

  • :directory_id (required, String)

    Identifier of the directory to which the domain controllers will be added or removed.

  • :desired_number (required, Integer)

    The number of domain controllers desired in the directory.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#update_radius(options = {}) ⇒ Struct

Updates the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector or Microsoft AD directory.

Examples:

Request syntax with placeholder values


resp = client.update_radius({
  directory_id: "DirectoryId", # required
  radius_settings: { # required
    radius_servers: ["Server"],
    radius_port: 1,
    radius_timeout: 1,
    radius_retries: 1,
    shared_secret: "RadiusSharedSecret",
    authentication_protocol: "PAP", # accepts PAP, CHAP, MS-CHAPv1, MS-CHAPv2
    display_label: "RadiusDisplayLabel",
    use_same_username: false,
  },
})

Options Hash (options):

  • :directory_id (required, String)

    The identifier of the directory for which to update the RADIUS server information.

  • :radius_settings (required, Types::RadiusSettings)

    A RadiusSettings object that contains information about the RADIUS server.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#update_trust(options = {}) ⇒ Types::UpdateTrustResult

Updates the trust that has been set up between your AWS Managed Microsoft AD directory and an on-premises Active Directory.

Examples:

Request syntax with placeholder values


resp = client.update_trust({
  trust_id: "TrustId", # required
  selective_auth: "Enabled", # accepts Enabled, Disabled
})

Response structure


resp.request_id #=> String
resp.trust_id #=> String

Options Hash (options):

  • :trust_id (required, String)

    Identifier of the trust relationship.

  • :selective_auth (String)

    Updates selective authentication for the trust.

Returns:

See Also:

#verify_trust(options = {}) ⇒ Types::VerifyTrustResult

AWS Directory Service for Microsoft Active Directory allows you to configure and verify trust relationships.

This action verifies a trust relationship between your AWS Managed Microsoft AD directory and an external domain.

Examples:

Request syntax with placeholder values


resp = client.verify_trust({
  trust_id: "TrustId", # required
})

Response structure


resp.trust_id #=> String

Options Hash (options):

  • :trust_id (required, String)

    The unique Trust ID of the trust relationship to verify.

Returns:

See Also:

#wait_until(waiter_name, params = {}) {|waiter| ... } ⇒ Boolean

Waiters polls an API operation until a resource enters a desired state.

Basic Usage

Waiters will poll until they are succesful, they fail by entering a terminal state, or until a maximum number of attempts are made.

# polls in a loop, sleeping between attempts client.waiter_until(waiter_name, params)

Configuration

You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. You configure waiters by passing a block to #wait_until:

# poll for ~25 seconds
client.wait_until(...) do |w|
  w.max_attempts = 5
  w.delay = 5
end

Callbacks

You can be notified before each polling attempt and before each delay. If you throw :success or :failure from these callbacks, it will terminate the waiter.

started_at = Time.now
client.wait_until(...) do |w|

  # disable max attempts
  w.max_attempts = nil

  # poll for 1 hour, instead of a number of attempts
  w.before_wait do |attempts, response|
    throw :failure if Time.now - started_at > 3600
  end

end

Handling Errors

When a waiter is successful, it returns true. When a waiter fails, it raises an error. All errors raised extend from Waiters::Errors::WaiterFailed.

begin
  client.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
  # resource did not enter the desired state in time
end

Parameters:

  • waiter_name (Symbol)

    The name of the waiter. See #waiter_names for a full list of supported waiters.

  • params (Hash) (defaults to: {})

    Additional request parameters. See the #waiter_names for a list of supported waiters and what request they call. The called request determines the list of accepted parameters.

Yield Parameters:

Returns:

  • (Boolean)

    Returns true if the waiter was successful.

Raises:

  • (Errors::FailureStateError)

    Raised when the waiter terminates because the waiter has entered a state that it will not transition out of, preventing success.

  • (Errors::TooManyAttemptsError)

    Raised when the configured maximum number of attempts have been made, and the waiter is not yet successful.

  • (Errors::UnexpectedError)

    Raised when an error is encounted while polling for a resource that is not expected.

  • (Errors::NoSuchWaiterError)

    Raised when you request to wait for an unknown state.

#waiter_namesArray<Symbol>

Returns the list of supported waiters. The following table lists the supported waiters and the client method they call:

Waiter NameClient MethodDefault Delay:Default Max Attempts:

Returns:

  • (Array<Symbol>)

    the list of supported waiters.