使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

How can i launch admin EC2 to manage managed directory in private environment

0

Hi, we have our environment in Private subnets and we cant enable public access in any of our subnet/cant go public in our environment. so, we want to launch managed directory to use LDAP for authentication for one of our application from this managed AD, currently we are able to launch managed Directory in Private Subnet, but when we are trying to launch Administrator EC2 instance to manage AD, our execution is failing at Domain join instance, and we are getting the following error Error snapshot

It seems like it is trying to connect with ne public IP 51.95.35.27:443, but as i stated we cant allow the internet access in our environment and needs to be private only, we are in doubt how exactly can we to domain join while launching the Administrator EC2 from Managed directory console? Requesting help on to enable Admin ec2 in private environment or if there is any other way to connect with directory in private environment?

主題
網路與內容交付安全性、身分識別與合規運算管理與治理
標籤
Amazon VPCAWS Directory ServiceAmazon EC2AWS Systems Manager網路與內容交付
語言
English
Shriram
已提問 6 個月前檢視次數 330 次
3 個答案
0

Hello! Great question and thanks for posting! How are your EC2 instances discovering the Active Directory? Are they configured to use DNS (via DHCP options sets on the VPC) or are you using Route53 (the default) and forwarding to the AD DNS servers?

This blog will help guide you to configure and select the best option: https://aws.amazon.com/blogs/networking-and-content-delivery/integrating-your-directory-services-dns-resolution-with-amazon-route-53-resolvers/

Hope this helps you! Good Luck.

AWS
adubyascano
已回答 6 個月前
0

Could it be that you are trying to communicate with the AWS Directory Service endpoint? You will need a VPC interface endpoint for this. See: Access AWS Directory Service APIs using an interface endpoint (AWS PrivateLink)

profile pictureAWS
專家
kentrad
已回答 6 個月前
0

You'll need to make sure that private DNS is configured so that EC2 instances launched look for the proper FQDN. You can test this by manually launching an instance in a private subnet, and ping the FQDN (domain.local) or whatever that might be. If that resolves to the Managed AD endpoints, you're halfway there.

You'll need the proper permissions attached to the instance profile as well. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/launching_instance.html

Test a manual join to AD to ensure that connectivity is there as well. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/join_windows_instance.html

AWS
GDAWS
已回答 6 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容