Skip to content

Resource: awsDirectoryServiceDirectory

Provides a Simple or Managed Microsoft directory in AWS Directory Service.

\~> Note: All arguments including the password and customer username will be stored in the raw state as plain-text. Read more about sensitive data in state.

Example Usage

SimpleAD

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsVpcMain = new aws.vpc.Vpc(this, "main", {
  cidrBlock: "10.0.0.0/16",
});
const awsSubnetBar = new aws.subnet.Subnet(this, "bar", {
  availabilityZone: "us-west-2b",
  cidrBlock: "10.0.2.0/24",
  vpcId: awsVpcMain.id,
});
const awsSubnetFoo = new aws.subnet.Subnet(this, "foo", {
  availabilityZone: "us-west-2a",
  cidrBlock: "10.0.1.0/24",
  vpcId: awsVpcMain.id,
});
const awsDirectoryServiceDirectoryBar =
  new aws.directoryServiceDirectory.DirectoryServiceDirectory(this, "bar_3", {
    name: "corp.notexample.com",
    password: "SuperSecretPassw0rd",
    size: "Small",
    tags: {
      Project: "foo",
    },
    vpcSettings: {
      subnetIds: [awsSubnetFoo.id, awsSubnetBar.id],
      vpcId: awsVpcMain.id,
    },
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsDirectoryServiceDirectoryBar.overrideLogicalId("bar");

Microsoft Active Directory (MicrosoftAD)

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsVpcMain = new aws.vpc.Vpc(this, "main", {
  cidrBlock: "10.0.0.0/16",
});
const awsSubnetBar = new aws.subnet.Subnet(this, "bar", {
  availabilityZone: "us-west-2b",
  cidrBlock: "10.0.2.0/24",
  vpcId: awsVpcMain.id,
});
const awsSubnetFoo = new aws.subnet.Subnet(this, "foo", {
  availabilityZone: "us-west-2a",
  cidrBlock: "10.0.1.0/24",
  vpcId: awsVpcMain.id,
});
const awsDirectoryServiceDirectoryBar =
  new aws.directoryServiceDirectory.DirectoryServiceDirectory(this, "bar_3", {
    edition: "Standard",
    name: "corp.notexample.com",
    password: "SuperSecretPassw0rd",
    tags: {
      Project: "foo",
    },
    type: "MicrosoftAD",
    vpcSettings: {
      subnetIds: [awsSubnetFoo.id, awsSubnetBar.id],
      vpcId: awsVpcMain.id,
    },
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsDirectoryServiceDirectoryBar.overrideLogicalId("bar");

Microsoft Active Directory Connector (ADConnector)

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsVpcMain = new aws.vpc.Vpc(this, "main", {
  cidrBlock: "10.0.0.0/16",
});
const awsSubnetBar = new aws.subnet.Subnet(this, "bar", {
  availabilityZone: "us-west-2b",
  cidrBlock: "10.0.2.0/24",
  vpcId: awsVpcMain.id,
});
const awsSubnetFoo = new aws.subnet.Subnet(this, "foo", {
  availabilityZone: "us-west-2a",
  cidrBlock: "10.0.1.0/24",
  vpcId: awsVpcMain.id,
});
new aws.directoryServiceDirectory.DirectoryServiceDirectory(this, "connector", {
  connectSettings: {
    customerDnsIps: ["A.B.C.D"],
    customerUsername: "Admin",
    subnetIds: [awsSubnetFoo.id, awsSubnetBar.id],
    vpcId: awsVpcMain.id,
  },
  name: "corp.notexample.com",
  password: "SuperSecretPassw0rd",
  size: "Small",
  type: "ADConnector",
});

Argument Reference

The following arguments are supported:

  • name - (Required) The fully qualified name for the directory, such as corpExampleCom
  • password - (Required) The password for the directory administrator or connector user.
  • size - (Optional) (For simpleAd and adConnector types) The size of the directory (small or large are accepted values). large by default.
  • vpcSettings - (Required for simpleAd and microsoftAd) VPC related information about the directory. Fields documented below.
  • connectSettings - (Required for adConnector) Connector related information about the directory. Fields documented below.
  • alias - (Optional) The alias for the directory (must be unique amongst all aliases in AWS). Required for enableSso.
  • description - (Optional) A textual description for the directory.
  • desiredNumberOfDomainControllers - (Optional) The number of domain controllers desired in the directory. Minimum value of 2. Scaling of domain controllers is only supported for microsoftAd directories.
  • shortName - (Optional) The short name of the directory, such as corp.
  • enableSso - (Optional) Whether to enable single-sign on for the directory. Requires alias. Defaults to false.
  • type (Optional) - The directory type (simpleAd, adConnector or microsoftAd are accepted values). Defaults to simpleAd.
  • edition - (Optional, for type microsoftAd only) The MicrosoftAD edition (standard or enterprise). Defaults to enterprise.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpc_settings supports the following:

  • subnetIds - (Required) The identifiers of the subnets for the directory servers (2 subnets in 2 different AZs).
  • vpcId - (Required) The identifier of the VPC that the directory is in.

connect_settings supports the following:

  • customerUsername - (Required) The username corresponding to the password provided.
  • customerDnsIps - (Required) The DNS IP addresses of the domain to connect to.
  • subnetIds - (Required) The identifiers of the subnets for the directory servers (2 subnets in 2 different AZs).
  • vpcId - (Required) The identifier of the VPC that the directory is in.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The directory identifier.
  • accessUrl - The access URL for the directory, such as http://aliasAwsappsCom.
  • dnsIpAddresses - A list of IP addresses of the DNS servers for the directory or connector.
  • securityGroupId - The ID of the security group created by the directory.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

connectSettings (for adConnector) is also exported with the following attributes:

  • connectIps - The IP addresses of the AD Connector servers.

Timeouts

awsDirectoryServiceDirectory provides the following Timeouts configuration options:

  • create - (Default 60Minutes) Used for directory creation
  • update - (Default 60Minutes) Used for directory update
  • delete - (Default 60Minutes) Used for directory deletion

Import

DirectoryService directories can be imported using the directory id, e.g.,

$ terraform import aws_directory_service_directory.sample d-926724cf57