Server-Side LDAPS failing at SubCA (Two-Tier)

1

Using the following document, https://aws.amazon.com/blogs/security/how-to-enable-ldaps-for-your-aws-microsoft-ad-directory/, I'm attempting to set up server-side LDAPS. I'm running this from us-east-2.

I've created a secret with the directory admin and password. Looks just like the example. I've created a S3 bucket that states Public accessible.

For the

  • VPC CIDR - I used the IPV4 CDR for my VPC instance (172.31.0.0/16)
  • VPC ID - I used the only VPC instance I have.
  • CA(s) Subnet ID - Select one of the subnet the first subnet from my AD Networking Details, Subnets.
  • Domain Members Security Group ID - Added a SG for all traffic for 172.31.0.0/16
  • Active Directory Domain Service Type - AWSManaged
  • Domain FQDN DNS Name - The Directory DNS name of the Directory
  • Domain NetBIOS Name - The Directory NetBIOS name of the Directory
  • IP used for DNS (Must be accessible) - First DNS address and Second DNS address
  • Secret ARN Containing CA Install Credentials - Using the ARN from the secret I created.
  • CA Deployment Type - Two Tier
  • Use S3 for CA CRL Location - Yes
  • CA CRL S3 Bucket Name - The name of the publicly accessible S3 bucket I created.

After a while I get a CREATE_FAILED, Failed to receive 1 resource signal(s) within the specified duration for SubCA. I'm not sure on how to debug what took too long. Any help would be appreciated.

  • I'm having the same issue: Embedded stack arn:aws:cloudformation:us-east-1:XXXXXXXXXXX:stack/microsost-pki-83a8c03-TwoTierCAStack-1XX3IQBVRYVZS/e6cebc40-ca65-11ee-a8e7-0a627cbc35fb was not successfully created: The following resource(s) failed to create: [SubCA].. Any luck with it?

jsupun
asked 2 years ago145 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions