How to connect LDAP after joining EC2 instance to Directory Service Domain?


Hi folks, I have setup Directory Service in aws, and created windows instance(management instance) to join the domain, and I installed ldap in the windows server, configured public DNS (Alibaba cloud DNS) to point to EIP of the windows server instance, now in windows server I can use ldp.exe and local domain to connect the ldap service, but if want to use public DNS to connect the ldap service, it will fail because the DNS will be resolved as windows server address, then how can I configure the public DNS to point to domain controller? or how to configure in windows server to forward traffic to DCs? thanks in advance if you can share your idea about this. Best regards, Bryan

1 Answer

My understanding is that the Directory Service is private so can not be directly exposed to the internet.
Easiest way would to be add a load balancer to bridge public/private subnets pointing to the DS servers/endpoints.
However, exposing AD to the internet is not a great idea with out lots of controls and security on AD and the VPC. Also bear in mind that AD also uses more than just a single "server" DNS record.

What are you trying to achieve by opening up the directory to the internet?
It might be easier/wiser to create a "multi site" AD setup and have a DC in another location/cloud that is connected to AWS via secure network (VPN, DX).

profile picture
answered 2 years ago
  • Thanks Robin, I am trying to enable RDS authentication with kerberos, and our users are managed by FreeIPA, then I created AWS Directory Service and AWS Managed AD Server instance, want to integrate managed AD with FreeIPA by using LDAP, but facing issue while setup trust.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions