Server-Side LDAPS failing at SubCA (Two-Tier)


Using the following document,, I'm attempting to set up server-side LDAPS. I'm running this from us-east-2.

I've created a secret with the directory admin and password. Looks just like the example. I've created a S3 bucket that states Public accessible.

For the

  • VPC CIDR - I used the IPV4 CDR for my VPC instance (
  • VPC ID - I used the only VPC instance I have.
  • CA(s) Subnet ID - Select one of the subnet the first subnet from my AD Networking Details, Subnets.
  • Domain Members Security Group ID - Added a SG for all traffic for
  • Active Directory Domain Service Type - AWSManaged
  • Domain FQDN DNS Name - The Directory DNS name of the Directory
  • Domain NetBIOS Name - The Directory NetBIOS name of the Directory
  • IP used for DNS (Must be accessible) - First DNS address and Second DNS address
  • Secret ARN Containing CA Install Credentials - Using the ARN from the secret I created.
  • CA Deployment Type - Two Tier
  • Use S3 for CA CRL Location - Yes
  • CA CRL S3 Bucket Name - The name of the publicly accessible S3 bucket I created.

After a while I get a CREATE_FAILED, Failed to receive 1 resource signal(s) within the specified duration for SubCA. I'm not sure on how to debug what took too long. Any help would be appreciated.

asked 2 months ago30 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions