The aws:directoryservice/directory:Directory resource, part of the Pulumi AWS provider, provisions AWS Directory Service directories: SimpleAD for basic authentication, MicrosoftAD for enterprise features, or ADConnector for hybrid integration. This guide focuses on three capabilities: SimpleAD deployment, MicrosoftAD with enterprise features, and ADConnector for on-premises integration.
Directories require VPC placement with subnets in two availability zones. ADConnector additionally requires network connectivity to on-premises Active Directory via VPN or Direct Connect. The examples are intentionally small. Combine them with your own VPC infrastructure and network configuration.
Create a SimpleAD directory for basic authentication
Teams needing lightweight directory services for user authentication and group management often start with SimpleAD, which provides Active Directory-compatible features without the complexity of a full Microsoft AD deployment.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const main = new aws.ec2.Vpc("main", {cidrBlock: "10.0.0.0/16"});
const foo = new aws.ec2.Subnet("foo", {
vpcId: main.id,
availabilityZone: "us-west-2a",
cidrBlock: "10.0.1.0/24",
});
const barSubnet = new aws.ec2.Subnet("bar", {
vpcId: main.id,
availabilityZone: "us-west-2b",
cidrBlock: "10.0.2.0/24",
});
const bar = new aws.directoryservice.Directory("bar", {
name: "corp.notexample.com",
password: "SuperSecretPassw0rd",
size: "Small",
vpcSettings: {
vpcId: main.id,
subnetIds: [
foo.id,
barSubnet.id,
],
},
tags: {
Project: "foo",
},
});
import pulumi
import pulumi_aws as aws
main = aws.ec2.Vpc("main", cidr_block="10.0.0.0/16")
foo = aws.ec2.Subnet("foo",
vpc_id=main.id,
availability_zone="us-west-2a",
cidr_block="10.0.1.0/24")
bar_subnet = aws.ec2.Subnet("bar",
vpc_id=main.id,
availability_zone="us-west-2b",
cidr_block="10.0.2.0/24")
bar = aws.directoryservice.Directory("bar",
name="corp.notexample.com",
password="SuperSecretPassw0rd",
size="Small",
vpc_settings={
"vpc_id": main.id,
"subnet_ids": [
foo.id,
bar_subnet.id,
],
},
tags={
"Project": "foo",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/directoryservice"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
main, err := ec2.NewVpc(ctx, "main", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.0.0.0/16"),
})
if err != nil {
return err
}
foo, err := ec2.NewSubnet(ctx, "foo", &ec2.SubnetArgs{
VpcId: main.ID(),
AvailabilityZone: pulumi.String("us-west-2a"),
CidrBlock: pulumi.String("10.0.1.0/24"),
})
if err != nil {
return err
}
barSubnet, err := ec2.NewSubnet(ctx, "bar", &ec2.SubnetArgs{
VpcId: main.ID(),
AvailabilityZone: pulumi.String("us-west-2b"),
CidrBlock: pulumi.String("10.0.2.0/24"),
})
if err != nil {
return err
}
_, err = directoryservice.NewDirectory(ctx, "bar", &directoryservice.DirectoryArgs{
Name: pulumi.String("corp.notexample.com"),
Password: pulumi.String("SuperSecretPassw0rd"),
Size: pulumi.String("Small"),
VpcSettings: &directoryservice.DirectoryVpcSettingsArgs{
VpcId: main.ID(),
SubnetIds: pulumi.StringArray{
foo.ID(),
barSubnet.ID(),
},
},
Tags: pulumi.StringMap{
"Project": pulumi.String("foo"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var main = new Aws.Ec2.Vpc("main", new()
{
CidrBlock = "10.0.0.0/16",
});
var foo = new Aws.Ec2.Subnet("foo", new()
{
VpcId = main.Id,
AvailabilityZone = "us-west-2a",
CidrBlock = "10.0.1.0/24",
});
var barSubnet = new Aws.Ec2.Subnet("bar", new()
{
VpcId = main.Id,
AvailabilityZone = "us-west-2b",
CidrBlock = "10.0.2.0/24",
});
var bar = new Aws.DirectoryService.Directory("bar", new()
{
Name = "corp.notexample.com",
Password = "SuperSecretPassw0rd",
Size = "Small",
VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs
{
VpcId = main.Id,
SubnetIds = new[]
{
foo.Id,
barSubnet.Id,
},
},
Tags =
{
{ "Project", "foo" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Vpc;
import com.pulumi.aws.ec2.VpcArgs;
import com.pulumi.aws.ec2.Subnet;
import com.pulumi.aws.ec2.SubnetArgs;
import com.pulumi.aws.directoryservice.Directory;
import com.pulumi.aws.directoryservice.DirectoryArgs;
import com.pulumi.aws.directoryservice.inputs.DirectoryVpcSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var main = new Vpc("main", VpcArgs.builder()
.cidrBlock("10.0.0.0/16")
.build());
var foo = new Subnet("foo", SubnetArgs.builder()
.vpcId(main.id())
.availabilityZone("us-west-2a")
.cidrBlock("10.0.1.0/24")
.build());
var barSubnet = new Subnet("barSubnet", SubnetArgs.builder()
.vpcId(main.id())
.availabilityZone("us-west-2b")
.cidrBlock("10.0.2.0/24")
.build());
var bar = new Directory("bar", DirectoryArgs.builder()
.name("corp.notexample.com")
.password("SuperSecretPassw0rd")
.size("Small")
.vpcSettings(DirectoryVpcSettingsArgs.builder()
.vpcId(main.id())
.subnetIds(
foo.id(),
barSubnet.id())
.build())
.tags(Map.of("Project", "foo"))
.build());
}
}
resources:
bar:
type: aws:directoryservice:Directory
properties:
name: corp.notexample.com
password: SuperSecretPassw0rd
size: Small
vpcSettings:
vpcId: ${main.id}
subnetIds:
- ${foo.id}
- ${barSubnet.id}
tags:
Project: foo
main:
type: aws:ec2:Vpc
properties:
cidrBlock: 10.0.0.0/16
foo:
type: aws:ec2:Subnet
properties:
vpcId: ${main.id}
availabilityZone: us-west-2a
cidrBlock: 10.0.1.0/24
barSubnet:
type: aws:ec2:Subnet
name: bar
properties:
vpcId: ${main.id}
availabilityZone: us-west-2b
cidrBlock: 10.0.2.0/24
When you create a SimpleAD directory, AWS provisions domain controllers in the specified subnets and returns DNS server IP addresses for your applications to use. The name property sets the fully qualified domain name (e.g., “corp.notexample.com”), while size determines capacity (“Small” supports up to 500 users, “Large” up to 5,000). The vpcSettings block places the directory in your VPC; subnetIds must reference subnets in two different availability zones for high availability.
Deploy managed Microsoft AD for enterprise features
Organizations requiring full Active Directory features like Group Policy, schema extensions, or trust relationships use MicrosoftAD, which runs actual Microsoft Active Directory domain controllers managed by AWS.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const main = new aws.ec2.Vpc("main", {cidrBlock: "10.0.0.0/16"});
const foo = new aws.ec2.Subnet("foo", {
vpcId: main.id,
availabilityZone: "us-west-2a",
cidrBlock: "10.0.1.0/24",
});
const barSubnet = new aws.ec2.Subnet("bar", {
vpcId: main.id,
availabilityZone: "us-west-2b",
cidrBlock: "10.0.2.0/24",
});
const bar = new aws.directoryservice.Directory("bar", {
name: "corp.notexample.com",
password: "SuperSecretPassw0rd",
edition: "Standard",
type: "MicrosoftAD",
vpcSettings: {
vpcId: main.id,
subnetIds: [
foo.id,
barSubnet.id,
],
},
tags: {
Project: "foo",
},
});
import pulumi
import pulumi_aws as aws
main = aws.ec2.Vpc("main", cidr_block="10.0.0.0/16")
foo = aws.ec2.Subnet("foo",
vpc_id=main.id,
availability_zone="us-west-2a",
cidr_block="10.0.1.0/24")
bar_subnet = aws.ec2.Subnet("bar",
vpc_id=main.id,
availability_zone="us-west-2b",
cidr_block="10.0.2.0/24")
bar = aws.directoryservice.Directory("bar",
name="corp.notexample.com",
password="SuperSecretPassw0rd",
edition="Standard",
type="MicrosoftAD",
vpc_settings={
"vpc_id": main.id,
"subnet_ids": [
foo.id,
bar_subnet.id,
],
},
tags={
"Project": "foo",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/directoryservice"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
main, err := ec2.NewVpc(ctx, "main", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.0.0.0/16"),
})
if err != nil {
return err
}
foo, err := ec2.NewSubnet(ctx, "foo", &ec2.SubnetArgs{
VpcId: main.ID(),
AvailabilityZone: pulumi.String("us-west-2a"),
CidrBlock: pulumi.String("10.0.1.0/24"),
})
if err != nil {
return err
}
barSubnet, err := ec2.NewSubnet(ctx, "bar", &ec2.SubnetArgs{
VpcId: main.ID(),
AvailabilityZone: pulumi.String("us-west-2b"),
CidrBlock: pulumi.String("10.0.2.0/24"),
})
if err != nil {
return err
}
_, err = directoryservice.NewDirectory(ctx, "bar", &directoryservice.DirectoryArgs{
Name: pulumi.String("corp.notexample.com"),
Password: pulumi.String("SuperSecretPassw0rd"),
Edition: pulumi.String("Standard"),
Type: pulumi.String("MicrosoftAD"),
VpcSettings: &directoryservice.DirectoryVpcSettingsArgs{
VpcId: main.ID(),
SubnetIds: pulumi.StringArray{
foo.ID(),
barSubnet.ID(),
},
},
Tags: pulumi.StringMap{
"Project": pulumi.String("foo"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var main = new Aws.Ec2.Vpc("main", new()
{
CidrBlock = "10.0.0.0/16",
});
var foo = new Aws.Ec2.Subnet("foo", new()
{
VpcId = main.Id,
AvailabilityZone = "us-west-2a",
CidrBlock = "10.0.1.0/24",
});
var barSubnet = new Aws.Ec2.Subnet("bar", new()
{
VpcId = main.Id,
AvailabilityZone = "us-west-2b",
CidrBlock = "10.0.2.0/24",
});
var bar = new Aws.DirectoryService.Directory("bar", new()
{
Name = "corp.notexample.com",
Password = "SuperSecretPassw0rd",
Edition = "Standard",
Type = "MicrosoftAD",
VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs
{
VpcId = main.Id,
SubnetIds = new[]
{
foo.Id,
barSubnet.Id,
},
},
Tags =
{
{ "Project", "foo" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Vpc;
import com.pulumi.aws.ec2.VpcArgs;
import com.pulumi.aws.ec2.Subnet;
import com.pulumi.aws.ec2.SubnetArgs;
import com.pulumi.aws.directoryservice.Directory;
import com.pulumi.aws.directoryservice.DirectoryArgs;
import com.pulumi.aws.directoryservice.inputs.DirectoryVpcSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var main = new Vpc("main", VpcArgs.builder()
.cidrBlock("10.0.0.0/16")
.build());
var foo = new Subnet("foo", SubnetArgs.builder()
.vpcId(main.id())
.availabilityZone("us-west-2a")
.cidrBlock("10.0.1.0/24")
.build());
var barSubnet = new Subnet("barSubnet", SubnetArgs.builder()
.vpcId(main.id())
.availabilityZone("us-west-2b")
.cidrBlock("10.0.2.0/24")
.build());
var bar = new Directory("bar", DirectoryArgs.builder()
.name("corp.notexample.com")
.password("SuperSecretPassw0rd")
.edition("Standard")
.type("MicrosoftAD")
.vpcSettings(DirectoryVpcSettingsArgs.builder()
.vpcId(main.id())
.subnetIds(
foo.id(),
barSubnet.id())
.build())
.tags(Map.of("Project", "foo"))
.build());
}
}
resources:
bar:
type: aws:directoryservice:Directory
properties:
name: corp.notexample.com
password: SuperSecretPassw0rd
edition: Standard
type: MicrosoftAD
vpcSettings:
vpcId: ${main.id}
subnetIds:
- ${foo.id}
- ${barSubnet.id}
tags:
Project: foo
main:
type: aws:ec2:Vpc
properties:
cidrBlock: 10.0.0.0/16
foo:
type: aws:ec2:Subnet
properties:
vpcId: ${main.id}
availabilityZone: us-west-2a
cidrBlock: 10.0.1.0/24
barSubnet:
type: aws:ec2:Subnet
name: bar
properties:
vpcId: ${main.id}
availabilityZone: us-west-2b
cidrBlock: 10.0.2.0/24
Setting type to “MicrosoftAD” provisions Windows Server-based domain controllers instead of Samba-based SimpleAD. The edition property controls capacity and features: “Standard” supports up to 30,000 objects, “Enterprise” up to 500,000. Like SimpleAD, MicrosoftAD requires VPC placement with subnets in two availability zones.
Connect to existing on-premises Active Directory
Hybrid environments with existing on-premises Active Directory infrastructure use ADConnector to proxy authentication requests from AWS to their existing domain controllers, avoiding directory replication.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const main = new aws.ec2.Vpc("main", {cidrBlock: "10.0.0.0/16"});
const foo = new aws.ec2.Subnet("foo", {
vpcId: main.id,
availabilityZone: "us-west-2a",
cidrBlock: "10.0.1.0/24",
});
const bar = new aws.ec2.Subnet("bar", {
vpcId: main.id,
availabilityZone: "us-west-2b",
cidrBlock: "10.0.2.0/24",
});
const connector = new aws.directoryservice.Directory("connector", {
name: "corp.notexample.com",
password: "SuperSecretPassw0rd",
size: "Small",
type: "ADConnector",
connectSettings: {
customerDnsIps: ["A.B.C.D"],
customerUsername: "Admin",
subnetIds: [
foo.id,
bar.id,
],
vpcId: main.id,
},
});
import pulumi
import pulumi_aws as aws
main = aws.ec2.Vpc("main", cidr_block="10.0.0.0/16")
foo = aws.ec2.Subnet("foo",
vpc_id=main.id,
availability_zone="us-west-2a",
cidr_block="10.0.1.0/24")
bar = aws.ec2.Subnet("bar",
vpc_id=main.id,
availability_zone="us-west-2b",
cidr_block="10.0.2.0/24")
connector = aws.directoryservice.Directory("connector",
name="corp.notexample.com",
password="SuperSecretPassw0rd",
size="Small",
type="ADConnector",
connect_settings={
"customer_dns_ips": ["A.B.C.D"],
"customer_username": "Admin",
"subnet_ids": [
foo.id,
bar.id,
],
"vpc_id": main.id,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/directoryservice"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
main, err := ec2.NewVpc(ctx, "main", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.0.0.0/16"),
})
if err != nil {
return err
}
foo, err := ec2.NewSubnet(ctx, "foo", &ec2.SubnetArgs{
VpcId: main.ID(),
AvailabilityZone: pulumi.String("us-west-2a"),
CidrBlock: pulumi.String("10.0.1.0/24"),
})
if err != nil {
return err
}
bar, err := ec2.NewSubnet(ctx, "bar", &ec2.SubnetArgs{
VpcId: main.ID(),
AvailabilityZone: pulumi.String("us-west-2b"),
CidrBlock: pulumi.String("10.0.2.0/24"),
})
if err != nil {
return err
}
_, err = directoryservice.NewDirectory(ctx, "connector", &directoryservice.DirectoryArgs{
Name: pulumi.String("corp.notexample.com"),
Password: pulumi.String("SuperSecretPassw0rd"),
Size: pulumi.String("Small"),
Type: pulumi.String("ADConnector"),
ConnectSettings: &directoryservice.DirectoryConnectSettingsArgs{
CustomerDnsIps: pulumi.StringArray{
pulumi.String("A.B.C.D"),
},
CustomerUsername: pulumi.String("Admin"),
SubnetIds: pulumi.StringArray{
foo.ID(),
bar.ID(),
},
VpcId: main.ID(),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var main = new Aws.Ec2.Vpc("main", new()
{
CidrBlock = "10.0.0.0/16",
});
var foo = new Aws.Ec2.Subnet("foo", new()
{
VpcId = main.Id,
AvailabilityZone = "us-west-2a",
CidrBlock = "10.0.1.0/24",
});
var bar = new Aws.Ec2.Subnet("bar", new()
{
VpcId = main.Id,
AvailabilityZone = "us-west-2b",
CidrBlock = "10.0.2.0/24",
});
var connector = new Aws.DirectoryService.Directory("connector", new()
{
Name = "corp.notexample.com",
Password = "SuperSecretPassw0rd",
Size = "Small",
Type = "ADConnector",
ConnectSettings = new Aws.DirectoryService.Inputs.DirectoryConnectSettingsArgs
{
CustomerDnsIps = new[]
{
"A.B.C.D",
},
CustomerUsername = "Admin",
SubnetIds = new[]
{
foo.Id,
bar.Id,
},
VpcId = main.Id,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Vpc;
import com.pulumi.aws.ec2.VpcArgs;
import com.pulumi.aws.ec2.Subnet;
import com.pulumi.aws.ec2.SubnetArgs;
import com.pulumi.aws.directoryservice.Directory;
import com.pulumi.aws.directoryservice.DirectoryArgs;
import com.pulumi.aws.directoryservice.inputs.DirectoryConnectSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var main = new Vpc("main", VpcArgs.builder()
.cidrBlock("10.0.0.0/16")
.build());
var foo = new Subnet("foo", SubnetArgs.builder()
.vpcId(main.id())
.availabilityZone("us-west-2a")
.cidrBlock("10.0.1.0/24")
.build());
var bar = new Subnet("bar", SubnetArgs.builder()
.vpcId(main.id())
.availabilityZone("us-west-2b")
.cidrBlock("10.0.2.0/24")
.build());
var connector = new Directory("connector", DirectoryArgs.builder()
.name("corp.notexample.com")
.password("SuperSecretPassw0rd")
.size("Small")
.type("ADConnector")
.connectSettings(DirectoryConnectSettingsArgs.builder()
.customerDnsIps("A.B.C.D")
.customerUsername("Admin")
.subnetIds(
foo.id(),
bar.id())
.vpcId(main.id())
.build())
.build());
}
}
resources:
connector:
type: aws:directoryservice:Directory
properties:
name: corp.notexample.com
password: SuperSecretPassw0rd
size: Small
type: ADConnector
connectSettings:
customerDnsIps:
- A.B.C.D
customerUsername: Admin
subnetIds:
- ${foo.id}
- ${bar.id}
vpcId: ${main.id}
main:
type: aws:ec2:Vpc
properties:
cidrBlock: 10.0.0.0/16
foo:
type: aws:ec2:Subnet
properties:
vpcId: ${main.id}
availabilityZone: us-west-2a
cidrBlock: 10.0.1.0/24
bar:
type: aws:ec2:Subnet
properties:
vpcId: ${main.id}
availabilityZone: us-west-2b
cidrBlock: 10.0.2.0/24
ADConnector doesn’t store directory data; it forwards authentication requests to your on-premises domain controllers. The connectSettings block replaces vpcSettings and specifies customerDnsIps (your on-premises DNS servers) and customerUsername (a service account with read access to your directory). This configuration requires network connectivity between your VPC and on-premises network via VPN or Direct Connect.
Beyond these examples
These snippets focus on specific directory-level features: SimpleAD for basic authentication, MicrosoftAD for enterprise features, and ADConnector for hybrid integration. They’re intentionally minimal rather than full identity management solutions.
The examples may reference pre-existing infrastructure such as VPC and subnets (examples create inline but users typically reference existing), on-premises Active Directory (for ADConnector), and network connectivity to on-premises (VPN/Direct Connect for ADConnector). They focus on configuring the directory rather than provisioning everything around it.
To keep things focused, common directory patterns are omitted, including:
- Single sign-on configuration (enableSso and alias)
- Domain controller scaling (desiredNumberOfDomainControllers)
- Directory descriptions and short names
- Trust relationships with other directories
These omissions are intentional: the goal is to illustrate how each directory type is wired, not provide drop-in identity modules. See the Directory Service Directory resource reference for all available configuration options.
Let's create AWS Directory Service Directories
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Directory Types & Configuration
What's the difference between SimpleAD, MicrosoftAD, and ADConnector?
SimpleAD is a standalone directory for basic needs (defaults to SimpleAD if type is not specified). MicrosoftAD is a fully managed Microsoft Active Directory with complete AD features. ADConnector proxies authentication requests to your existing on-premises Active Directory.What's the difference between Standard and Enterprise editions?
The
edition property applies only to MicrosoftAD directories and accepts Standard or Enterprise values. It defaults to Enterprise.What sizes are available for directories?
For
SimpleAD and ADConnector, you can choose Small or Large (defaults to Large). The size property doesn’t apply to MicrosoftAD directories.Immutability & Updates
What properties can't I change after creating a directory?
These properties are immutable and force replacement:
name, password, type, edition, size, vpcSettings, connectSettings, description, shortName, and alias.Can I change my directory type after creation?
No, the
type property is immutable. Changing from SimpleAD to MicrosoftAD or vice versa requires creating a new directory.Networking & VPC Setup
Why do I need two subnets in different availability zones?
Directory Service requires subnets in different availability zones for high availability. All examples show subnets in separate AZs (e.g.,
us-west-2a and us-west-2b).When do I use vpcSettings vs connectSettings?
Use
vpcSettings for SimpleAD and MicrosoftAD directories. Use connectSettings for ADConnector to specify customerDnsIps and customerUsername for your on-premises AD.Single Sign-On
How do I enable single sign-on for my directory?
Set
enableSso to true, but you must also provide an alias (required for SSO). The enableSso property defaults to false.Scaling & Domain Controllers
Can I scale my directory by adding domain controllers?
Yes, but only for
MicrosoftAD directories. Use desiredNumberOfDomainControllers with a minimum value of 2. Domain controller scaling isn’t supported for SimpleAD or ADConnector.How do I connect to an existing on-premises Active Directory?
Use
type: "ADConnector" with connectSettings that includes customerDnsIps (IP addresses of your on-premises DNS servers) and customerUsername (admin username).