Enhance the Makefile in the infrastructure git project with the following content:
AWS_REGION := eu-central-1
ACTIVE_DIRECTORY_DOMAIN_NAME := "aws.myorg.com"
###############################################################################################
.PHONY: shared-services-vpc
shared-services-active-directory: guard-ACTIVE_DIRECTORY_ADMIN_PASSWORD
aws cloudformation deploy \
--no-fail-on-empty-changeset \
--template-file shared-services/active-directory.yml \
--stack-name active-directory \
--parameter-overrides DomainName=$(ACTIVE_DIRECTORY_DOMAIN_NAME) \
AdminPassword=$(ACTIVE_DIRECTORY_ADMIN_PASSWORD) \
--region $(AWS_REGION)
.PHONY: guard-%
guard-%:
$(if $(value ${*}),,$(error "Variable ${*} not set!"))
Create a new cloudformation template in shared-services/active-directory.yml and define the VPC in there:
---
AWSTemplateFormatVersion: 2010-09-09
Description: Active Directory
Parameters:
DomainName:
Type: String
Description: Fully qualified domain name for the AWS Managed Microsoft AD directory
AdminPassword:
Type: String
Description: The password for the default administrative user named Admin
NoEcho: True
VpcStack:
Type: String
Description: Name of the vpc stack
Default: vpc
Resources:
MicrosoftAD:
Type: AWS::DirectoryService::MicrosoftAD
Properties:
Name: !Ref DomainName
Password: !Ref AdminPassword
Edition: Standard
VpcSettings:
SubnetIds:
- 'Fn::ImportValue': !Sub '${VpcStack}-SubnetA'
- 'Fn::ImportValue': !Sub '${VpcStack}-SubnetB'
VpcId:
'Fn::ImportValue': !Sub '${VpcStack}-VPC'
Create the Cloudformation stack with the following command in the shared-services AWS account
AWS_PROFILE=myorg-shared-services make shared-services-active-directory ACTIVE_DIRECTORY_ADMIN_PASSWORD=geheim
For management of users on this instance see https://docs.aws.amazon.com/directoryservice/latest/admin-guide/microsoftadbasestep3.html.