Using the following document, https://aws.amazon.com/blogs/security/how-to-enable-ldaps-for-your-aws-microsoft-ad-directory/, I'm attempting to set up server-side LDAPS. I'm running this from us-east-2.
I've created a secret with the directory admin and password. Looks just like the example.
I've created a S3 bucket that states Public accessible.
For the
- VPC CIDR - I used the IPV4 CDR for my VPC instance (172.31.0.0/16)
- VPC ID - I used the only VPC instance I have.
- CA(s) Subnet ID - Select one of the subnet the first subnet from my AD Networking Details, Subnets.
- Domain Members Security Group ID - Added a SG for all traffic for 172.31.0.0/16
- Active Directory Domain Service Type - AWSManaged
- Domain FQDN DNS Name - The Directory DNS name of the Directory
- Domain NetBIOS Name - The Directory NetBIOS name of the Directory
- IP used for DNS (Must be accessible) - First DNS address and Second DNS address
- Secret ARN Containing CA Install Credentials - Using the ARN from the secret I created.
- CA Deployment Type - Two Tier
- Use S3 for CA CRL Location - Yes
- CA CRL S3 Bucket Name - The name of the publicly accessible S3 bucket I created.
After a while I get a CREATE_FAILED, Failed to receive 1 resource signal(s) within the specified duration for SubCA. I'm not sure on how to debug what took too long. Any help would be appreciated.
AWS OFFICIALAktualisiert vor 3 Jahren
I'm having the same issue:
Embedded stack arn:aws:cloudformation:us-east-1:XXXXXXXXXXX:stack/microsost-pki-83a8c03-TwoTierCAStack-1XX3IQBVRYVZS/e6cebc40-ca65-11ee-a8e7-0a627cbc35fb was not successfully created: The following resource(s) failed to create: [SubCA].. Any luck with it?