Active Directory Domain Services on AWS
Active Directory DS Quick Start



Amazon Web Services (AWS) provides a comprehensive set of services and tools for deploying Microsoft Windows-based workloads on its reliable and secure cloud infrastructure. Active Directory Domain Services (AD DS) and Domain Name Server (DNS) are core Windows services that provide the foundation for many enterprise class Microsoft-based solutions, including Microsoft SharePoint, Microsoft Exchange, and .NET applications.

This Quick Start is for organizations running workloads in the AWS Cloud that require secure, low-latency connectivity to AD DS and DNS services. After reading this guide, IT infrastructure personnel should have a good understanding of how to design and deploy a solution to launch AD DS in the AWS Cloud, or extend their on-premises AD DS into the AWS Cloud.

This Quick Start assumes that you’re already familiar with Active Directory and DNS. For details, please consult the Microsoft product documentation.

This guide focuses on infrastructure configuration topics that require careful consideration when you are planning and deploying AD DS, domain controller instances, and DNS services in the AWS Cloud. We don't cover general Windows Server installation and software configuration tasks. For general software configuration guidance and best practices, consult the Microsoft product documentation.

Cost and Licenses

You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start. For cost estimates, see the pricing pages for each AWS service you will be using in this Quick Start.

This Quick Start launches the Amazon Machine Image (AMI) for Microsoft Windows Server 2016 and includes the license for the Windows Server operating system. The AMI is updated on a regular basis with the latest service pack for the operating system, so you don’t have to install any updates. The Windows Server AMI doesn’t require Client Access Licenses (CALs) and includes two Microsoft Remote Desktop Services licenses. For details, see Microsoft Licensing on AWS.

AWS Services

The core AWS components used by this Quick Start include the following AWS services. (If you are new to AWS, see Getting Started with AWS.)

  • Amazon VPC – The Amazon Virtual Private Cloud (Amazon VPC) service lets you provision a private, isolated section of the AWS Cloud where you can launch AWS services and other resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.

  • Amazon EC2 – The Amazon Elastic Compute Cloud (Amazon EC2) service enables you to launch virtual machine instances with a variety of operating systems. You can choose from existing Amazon Machine Images (AMIs) or import your own virtual machine images.

  • NAT Gateway – NAT gateways are network address translation (NAT) devices, which provide outbound internet access to instances in a private subnets, but prevent the internet from accessing those instances. NAT gateways provide better availability and bandwidth than NAT instances. The NAT Gateway service is a managed service that takes care of administering NAT gateways for you.

  • AWS Direct Connect – The AWS Direct Connect service enables you to establish a private connection between AWS and your on-premises data center. With this connection in place, you can create virtual interfaces to establish private connectivity to multiple VPCs, bypassing internet service providers in your network path.

  • AWS Directory Service – The AWS Directory Service makes it easy to set up and operate a new directory in the AWS Cloud. This Quick Start supports AWS Directory Service for Microsoft Active Directory (Enterprise Edition), which provides most of the features offered by Microsoft Active Directory plus integration with AWS applications.