By using AWS re:Post, you agree to the AWS re:Post Terms of Use

AD Connector Private WebServer

1

Hi all, I have an EC2 webserver sitting inside a private subnet that has an internal ALB and a site-to-site VPN with my on-premises network. Is it possible to use AWS AD connector to connect to my existing AD with this webserver?

2 Answers
1

No, AD connector is a proxy tool that allows AWS services (Chime, QuickSight, AWS VPN, etc.) to make LDAP and Kerberos calls to customer self hosted Active Directory domains. It is not designed to also proxy this traffic for third party applications.

profile pictureAWS
answered a month ago
profile picture
EXPERT
reviewed a month ago
0
Accepted Answer

Yes, you can use AWS AD Connector to connect your EC2 web server in a private subnet to your existing Active Directory (AD) on-premises. Here’s how you can set it up:

  1. Network Configuration: Ensure that your VPC and the private subnet where the EC2 instance resides have the necessary routing and security group rules to allow traffic between the AD Connector and your on-premises AD.

  2. Set Up AD Connector: Create an AD Connector in your AWS account. You will need to specify the directory name, DNS information, and the AD credentials that will be used to connect.

  3. Security Groups: Make sure the security group associated with the AD Connector allows inbound traffic on the required ports (typically LDAP on port 389 and/or LDAPS on port 636) from your private subnet.

  4. VPN Configuration: Verify that your site-to-site VPN is correctly configured to allow traffic from your AWS environment to your on-premises AD.

  5. EC2 Instance Configuration: On your EC2 web server, you may need to configure the application to authenticate against the AD through the AD Connector.

  6. Testing: After everything is configured, test the connectivity and authentication to ensure that your EC2 instance can successfully communicate with your on-premises Active Directory.

Helpful documentation.

Noted earlier—these documents demonstrates connectivity using AWS Direct Connect, but the same setup can also be achieved easily with AWS Site-to-Site VPN.

Following these steps should allow you to connect your private web server to your existing AD using AWS AD Connector. If you encounter specific issues, feel free to ask for further assistance!

AWS
answered 2 months ago
profile picture
EXPERT
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions