Integrating Active Directory
In this tutorial, you create a multiple user environment. This environment includes an AWS ParallelCluster that's integrated with an AWS Managed Microsoft AD
(Active Directory) at corp.example.com
. You configure an Admin
user to manage the directory, a ReadOnly
user to read the directory, and a user000
user to log into the cluster. You can use either the automated path or the manual path to
create the networking resources, an Active Directory (AD), and the Amazon EC2 instance that you use to configure the AD. Regardless of the path, the
infrastructure that you create is pre-configured to integrate AWS ParallelCluster using one of the following methods:
-
LDAPS with certificate verification (recommended as the most secure option)
-
LDAPS without certificate verification
-
LDAP
LDAP by itself doesn't provide encryption. To ensure secure transmission of potentially sensitive information, we strongly recommend that you use LDAPS (LDAP over TLS/SSL) for clusters integrated with ADs. For more information, see Enable server-side LDAPS using AWS Managed Microsoft AD in the AWS Directory Service Administration Guide.
After you create these resources, proceed to configure and create your cluster integrated with your Active Directory (AD). After the cluster is created, log in as the user you created. For more information about the configuration that you create in this tutorial, see Multiple user access to clusters and the DirectoryService configuration section.
This tutorial covers how to create an environment that supports multiple user access to clusters. This tutorial doesn't cover how you create and use an AWS Directory Service AD. The steps that you take to set up an AWS Managed Microsoft AD in this tutorial are provided for testing purposes only. They aren't provided to replace the official documentation and best practices you can find at AWS Managed Microsoft AD and Simple AD in the AWS Directory Service Administration Guide.
Note
Directory user passwords expire according to the directory password policy property definitions. For more information see Supported policy settings. To reset directory passwords with AWS ParallelCluster, see How to reset a user password and expired passwords.
Note
The directory domain controller IP addresses can change due to domain controller changes and directory maintenance. If you chose the automated quick create method to create the directory infrastructure, you must manually align the load balancer in front of the directory controllers when the directory IP addresses change. If you use the quick create method, the directory IP addresses aren't automatically aligned with the load balancers.
When using the AWS ParallelCluster command line interface (CLI) or API, you only pay for the AWS resources that are created when you create or update AWS ParallelCluster images and clusters. For more information, see AWS services used by AWS ParallelCluster.
The PCUI is built on a serverless architecture and you can use it within the AWS Free Tier category for most cases. For more information, see PCUI costs.
Prerequisites
-
AWS ParallelCluster is installed.
-
The AWS CLI is installed and configured.
-
You have an Amazon EC2 key pair.
-
You have an IAM role with the permissions required to run the pcluster CLI.
As you go through the tutorial, replace
, such as
inputs highlighted in red
and region-id
, with your own names and IDs.
Replace d-abcdef01234567890
with your AWS account number.0123456789012