Skip to content

API for AWS Directory Service Data

ABAP Package /AWS1/API_DSD_IMPL
ABAP SDK "TLA" DSD
ABAP Interface /AWS1/IF_DSD

The "TLA" is a Three Letter Abbreviation that appears in ABAP class names, data dictionary objects and other ABAP objects throughout the AWS SDK for SAP ABAP. The TLA for AWS Directory Service Data is DSD. This TLA helps squeeze ABAP objects into the 30-character length limit of the ABAP data dictionary.

Installation

To install the AWS SDK for SAP ABAP, import the Core transport, along with the transport for the Directory Service Data module and other API modules you are interested in. A few modules are included in the Core transport itself. For more information, see the Developer Guide guide.

About The Service

Amazon Web Services Directory Service Data is an extension of Directory Service. This API reference provides detailed information about Directory Service Data operations and object types.

With Directory Service Data, you can create, read, update, and delete users, groups, and memberships from your Managed Microsoft AD without additional costs and without deploying dedicated management instances. You can also perform built-in object management tasks across directories without direct network connectivity, which simplifies provisioning and access management to achieve fully automated deployments. Directory Service Data supports user and group write operations, such as CreateUser and CreateGroup, within the organizational unit (OU) of your Managed Microsoft AD. Directory Service Data supports read operations, such as ListUsers and ListGroups, on all users, groups, and group memberships within your Managed Microsoft AD and across trusted realms. Directory Service Data supports adding and removing group members in your OU and the Amazon Web Services Delegated Groups OU, so you can grant and deny access to specific roles and permissions. For more information, see Manage users and groups in the Directory Service Administration Guide.

Directory management operations and configuration changes made against the Directory Service API will also reflect in Directory Service Data API with eventual consistency. You can expect a short delay between management changes, such as adding a new directory trust and calling the Directory Service Data API for the newly created trusted realm.

Directory Service Data connects to your Managed Microsoft AD domain controllers and performs operations on underlying directory objects. When you create your Managed Microsoft AD, you choose subnets for domain controllers that Directory Service creates on your behalf. If a domain controller is unavailable, Directory Service Data uses an available domain controller. As a result, you might notice eventual consistency while objects replicate from one domain controller to another domain controller. For more information, see What gets created in the Directory Service Administration Guide. Directory limits vary by Managed Microsoft AD edition:

  • Standard edition – Supports 8 transactions per second (TPS) for read operations and 4 TPS for write operations per directory. There's a concurrency limit of 10 concurrent requests.

  • Enterprise edition – Supports 16 transactions per second (TPS) for read operations and 8 TPS for write operations per directory. There's a concurrency limit of 10 concurrent requests.

  • Amazon Web Services Account - Supports a total of 100 TPS for Directory Service Data operations across all directories.

Directory Service Data only supports the Managed Microsoft AD directory type and is only available in the primary Amazon Web Services Region. For more information, see Managed Microsoft AD and Primary vs additional Regions in the Directory Service Administration Guide.

Using the SDK

In your code, create a client using the SDK module for AWS Directory Service Data, which is created with factory method /AWS1/CL_DSD_FACTORY=>create(). In this example we will assume you have configured an SDK profile in transaction /AWS1/IMG called ZFINANCE.

DATA(go_session)   = /aws1/cl_rt_session_aws=>create( 'ZFINANCE' ).
DATA(go_dsd)       = /aws1/cl_dsd_factory=>create( go_session ).

Your variable go_dsd is an instance of /AWS1/IF_DSD, and all of the operations in the AWS Directory Service Data service are accessed by calling methods in /AWS1/IF_DSD.

API Operations

For an overview of ABAP method calls corresponding to API operations in AWS Directory Service Data, see the Operation List.

Factory Method

/AWS1/CL_DSD_FACTORY=>create( )

Creates an object of type /AWS1/IF_DSD.

IMPORTING

Optional arguments:

IV_PROTOCOL TYPE /AWS1/RT_PROTOCOL /AWS1/RT_PROTOCOL

IO_SESSION TYPE REF TO /AWS1/CL_RT_SESSION_BASE /AWS1/CL_RT_SESSION_BASE

IV_REGION TYPE /AWS1/RT_REGION_ID /AWS1/RT_REGION_ID

IV_CUSTOM_ENDPOINT TYPE /AWS1/RT_ENDPOINT /AWS1/RT_ENDPOINT

RETURNING

OO_CLIENT TYPE REF TO /AWS1/IF_DSD /AWS1/IF_DSD

/AWS1/IF_DSD represents the ABAP client for the Directory Service Data service, representing each operation as a method call. For more information see the API Page page.

Configuring Programmatically

DATA(lo_config) = DATA(go_dsd)->get_config( ).

lo_config is a variable of type /AWS1/CL_DSD_CONFIG. See the documentation for /AWS1/CL_DSD_CONFIG for details on the settings that can be configured.

Paginators

Paginators for AWS Directory Service Data can be created via get_paginator() which returns a paginator object of type /AWS1/IF_DSD_PAGINATOR. The operation method that is being paginated is called using the paginator object, which accepts any necessary parameters to provide to the underlying API operation. This returns an iterator object which can be used to iterate over paginated results using has_next() and get_next() methods.

Details about the paginator methods available for service AWS Directory Service Data can be found in interface /AWS1/IF_DSD_PAGINATOR.