Resource: awsDirectoryServiceDirectory
Provides a Simple or Managed Microsoft directory in AWS Directory Service.
\~> Note: All arguments including the password and customer username will be stored in the raw state as plain-text. Read more about sensitive data in state.
Example Usage
SimpleAD
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsVpcMain = new aws.vpc.Vpc(this, "main", {
cidrBlock: "10.0.0.0/16",
});
const awsSubnetBar = new aws.subnet.Subnet(this, "bar", {
availabilityZone: "us-west-2b",
cidrBlock: "10.0.2.0/24",
vpcId: awsVpcMain.id,
});
const awsSubnetFoo = new aws.subnet.Subnet(this, "foo", {
availabilityZone: "us-west-2a",
cidrBlock: "10.0.1.0/24",
vpcId: awsVpcMain.id,
});
const awsDirectoryServiceDirectoryBar =
new aws.directoryServiceDirectory.DirectoryServiceDirectory(this, "bar_3", {
name: "corp.notexample.com",
password: "SuperSecretPassw0rd",
size: "Small",
tags: {
Project: "foo",
},
vpcSettings: {
subnetIds: [awsSubnetFoo.id, awsSubnetBar.id],
vpcId: awsVpcMain.id,
},
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsDirectoryServiceDirectoryBar.overrideLogicalId("bar");
Microsoft Active Directory (MicrosoftAD)
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsVpcMain = new aws.vpc.Vpc(this, "main", {
cidrBlock: "10.0.0.0/16",
});
const awsSubnetBar = new aws.subnet.Subnet(this, "bar", {
availabilityZone: "us-west-2b",
cidrBlock: "10.0.2.0/24",
vpcId: awsVpcMain.id,
});
const awsSubnetFoo = new aws.subnet.Subnet(this, "foo", {
availabilityZone: "us-west-2a",
cidrBlock: "10.0.1.0/24",
vpcId: awsVpcMain.id,
});
const awsDirectoryServiceDirectoryBar =
new aws.directoryServiceDirectory.DirectoryServiceDirectory(this, "bar_3", {
edition: "Standard",
name: "corp.notexample.com",
password: "SuperSecretPassw0rd",
tags: {
Project: "foo",
},
type: "MicrosoftAD",
vpcSettings: {
subnetIds: [awsSubnetFoo.id, awsSubnetBar.id],
vpcId: awsVpcMain.id,
},
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsDirectoryServiceDirectoryBar.overrideLogicalId("bar");
Microsoft Active Directory Connector (ADConnector)
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsVpcMain = new aws.vpc.Vpc(this, "main", {
cidrBlock: "10.0.0.0/16",
});
const awsSubnetBar = new aws.subnet.Subnet(this, "bar", {
availabilityZone: "us-west-2b",
cidrBlock: "10.0.2.0/24",
vpcId: awsVpcMain.id,
});
const awsSubnetFoo = new aws.subnet.Subnet(this, "foo", {
availabilityZone: "us-west-2a",
cidrBlock: "10.0.1.0/24",
vpcId: awsVpcMain.id,
});
new aws.directoryServiceDirectory.DirectoryServiceDirectory(this, "connector", {
connectSettings: {
customerDnsIps: ["A.B.C.D"],
customerUsername: "Admin",
subnetIds: [awsSubnetFoo.id, awsSubnetBar.id],
vpcId: awsVpcMain.id,
},
name: "corp.notexample.com",
password: "SuperSecretPassw0rd",
size: "Small",
type: "ADConnector",
});
Argument Reference
The following arguments are supported:
name
- (Required) The fully qualified name for the directory, such ascorpExampleCom
password
- (Required) The password for the directory administrator or connector user.size
- (Optional) (ForsimpleAd
andadConnector
types) The size of the directory (small
orlarge
are accepted values).large
by default.vpcSettings
- (Required forsimpleAd
andmicrosoftAd
) VPC related information about the directory. Fields documented below.connectSettings
- (Required foradConnector
) Connector related information about the directory. Fields documented below.alias
- (Optional) The alias for the directory (must be unique amongst all aliases in AWS). Required forenableSso
.description
- (Optional) A textual description for the directory.desiredNumberOfDomainControllers
- (Optional) The number of domain controllers desired in the directory. Minimum value of2
. Scaling of domain controllers is only supported formicrosoftAd
directories.shortName
- (Optional) The short name of the directory, such ascorp
.enableSso
- (Optional) Whether to enable single-sign on for the directory. Requiresalias
. Defaults tofalse
.type
(Optional) - The directory type (simpleAd
,adConnector
ormicrosoftAd
are accepted values). Defaults tosimpleAd
.edition
- (Optional, for typemicrosoftAd
only) The MicrosoftAD edition (standard
orenterprise
). Defaults toenterprise
.tags
- (Optional) A map of tags to assign to the resource. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
vpc_settings supports the following:
subnetIds
- (Required) The identifiers of the subnets for the directory servers (2 subnets in 2 different AZs).vpcId
- (Required) The identifier of the VPC that the directory is in.
connect_settings supports the following:
customerUsername
- (Required) The username corresponding to the password provided.customerDnsIps
- (Required) The DNS IP addresses of the domain to connect to.subnetIds
- (Required) The identifiers of the subnets for the directory servers (2 subnets in 2 different AZs).vpcId
- (Required) The identifier of the VPC that the directory is in.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The directory identifier.accessUrl
- The access URL for the directory, such ashttp://aliasAwsappsCom
.dnsIpAddresses
- A list of IP addresses of the DNS servers for the directory or connector.securityGroupId
- The ID of the security group created by the directory.tagsAll
- A map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.
connectSettings
(for adConnector
) is also exported with the following attributes:
connectIps
- The IP addresses of the AD Connector servers.
Timeouts
awsDirectoryServiceDirectory
provides the following Timeouts configuration options:
create
- (Default60Minutes
) Used for directory creationupdate
- (Default60Minutes
) Used for directory updatedelete
- (Default60Minutes
) Used for directory deletion
Import
DirectoryService directories can be imported using the directory id
, e.g.,