By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How can i launch admin EC2 to manage managed directory in private environment

0

Hi, we have our environment in Private subnets and we cant enable public access in any of our subnet/cant go public in our environment. so, we want to launch managed directory to use LDAP for authentication for one of our application from this managed AD, currently we are able to launch managed Directory in Private Subnet, but when we are trying to launch Administrator EC2 instance to manage AD, our execution is failing at Domain join instance, and we are getting the following error Error snapshot

It seems like it is trying to connect with ne public IP 51.95.35.27:443, but as i stated we cant allow the internet access in our environment and needs to be private only, we are in doubt how exactly can we to domain join while launching the Administrator EC2 from Managed directory console? Requesting help on to enable Admin ec2 in private environment or if there is any other way to connect with directory in private environment?

Topics
Networking & Content DeliverySecurity, Identity, & ComplianceComputeManagement & Governance
Tags
Amazon VPCAWS Directory ServiceAmazon EC2AWS Systems ManagerNetworking & Content Delivery
Language
English
Shriram
asked 5 months ago311 views
3 Answers
0

Hello! Great question and thanks for posting! How are your EC2 instances discovering the Active Directory? Are they configured to use DNS (via DHCP options sets on the VPC) or are you using Route53 (the default) and forwarding to the AD DNS servers?

This blog will help guide you to configure and select the best option: https://aws.amazon.com/blogs/networking-and-content-delivery/integrating-your-directory-services-dns-resolution-with-amazon-route-53-resolvers/

Hope this helps you! Good Luck.

AWS
adubyascano
answered 5 months ago
0

Could it be that you are trying to communicate with the AWS Directory Service endpoint? You will need a VPC interface endpoint for this. See: Access AWS Directory Service APIs using an interface endpoint (AWS PrivateLink)

profile pictureAWS
EXPERT
kentrad
answered 5 months ago
0

You'll need to make sure that private DNS is configured so that EC2 instances launched look for the proper FQDN. You can test this by manually launching an instance in a private subnet, and ping the FQDN (domain.local) or whatever that might be. If that resolves to the Managed AD endpoints, you're halfway there.

You'll need the proper permissions attached to the instance profile as well. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/launching_instance.html

Test a manual join to AD to ensure that connectivity is there as well. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/join_windows_instance.html

AWS
GDAWS
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content