By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to register Simple AD directory in the correct subnets?

0

I created a Simple AD directory in a VPC which has 2 public subnets (one in us-east-1a and one in us-east-1b) and 2 private subnets (one in us-east-1a and one in us-east-1b). When I created the directory I chose the two private subnets (again each of them are in different availability zones).

When I attempt to register the directory, it prompts me to choose two subnets from different availability zones but the drop downs only contain one of my private subnets and one of my public subnets that are both in the same availability zone (us-east-1a). I verified via the cli (aws ds describe-directories) that I did in fact select both private subnets when creating the directory and these subnets are in fact in two different availability zones.

How am I supposed to choose two subnets in different availability zones when the dropdown menus do not contain them?

Topics
Security, Identity, & Compliance
Tags
AWS Directory Service
Language
English
caleb
asked a month ago126 views
2 Answers
0
Accepted Answer

For anyone finding this in the future, this specific issue was that my us-east-1b happened to be one of the availability zones not supported by Workspaces. I added a third AZ in us-east-1c and was able to register the directory. I'm now running into other issues trying to create a workspace but that is outside the scope of this question.

The only way to avoid this issue is to look up what AZ's are supported for Workspaces here: https://docs.aws.amazon.com/workspaces/latest/adminguide/azs-workspaces.html

and then cross-reference that against your specific AZ mapping listed under "Your AZ ID" here: https://us-east-1.console.aws.amazon.com/ram/home?region=us-east-1#Home:

If you don't have at least 2 subnets in supported AZ's you'll have to add more subnets to your VPC in order to get this to work. Use caution though when doing this since adding subnets can cause issues with existing resources like API Gateway VPC Links, CodeBuild Projects with VPC access, etc; especially if you're managing your resources via IaC (terraform, cloudformation, cdk, etc.). In my case, I had to make changes to my cdk code to constrain the existing resources to the existing subnets making the new subnet really only usable for Workspaces or other future resources.

caleb
answered a month ago
0

Assuming all the VPC is configured correct with subnets, route tables etc., I would pivot back to cloudtrail events at the time of Simple AD creation and debug. By default Simple AD creates the config in single AZ at the time of creation.

Also, file a AWS Support case so that the team can help validate the backend events and if something changed in course of time. If its not too much work, I would rather create simple AD again registered with 2 AZs.

I know this doesnt give concrete answers you are looking for, but sharing thoughts if you havent considered above. Just with the facts provided in the question, it would be hard to validate and provide answers on why only 1 AZ shows up.

AWS
Nagarjun Rangala
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content