Requirements - AWS Launch Wizard


Your account must be configured as specified in the following table to deploy self-managed domain controllers using Launch Wizard.

To add domain controllers to an existing infrastructure, you must create a VPC peering connection between the two VPCs for an existing Active Directory in AWS. If you are using an existing Active Directory on premises, you must use AWS Direct Connect. To ensure that instances in the VPCs can communicate with each other, you can use either Direct Connect or VPC Private Link. For more information about VPC connectivity, see VPN connections.

Resource Minimum number of resources required for deployment

Virtual private clouds (VPCs)


VPC security groups 3
AWS Identity and Access Management (IAM) roles 2
General purpose EC2 instances Existing VPC: 1
New Active Directory infrastructure: 2
AWS Secrets Manager secrets 2

If you have an existing environment that uses these resources and you think that deploying domain controllers in this environment using Launch Wizard may exceed your default quotas, you can request service quota increases for these resources. For default quotas, see AWS service quotas.

For additional prerequisites to deploy domain controllers using Launch Wizard, see Set up for AWS Launch Wizard for Active Directory.