-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAD.yaml
82 lines (74 loc) · 2.33 KB
/
AD.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
Parameters:
DirectoryName:
Description: Fully qualified domain name for the AWS Managed Microsoft AD directory
Type: String
Default: corp.example.com
DirectoryVPCId:
Description: VPC to create the directory in
Type: AWS::EC2::VPC::Id
DirectorySubnet1:
Type: AWS::EC2::Subnet::Id
Description: The first subnet to create the directory in
DirectorySubnet2:
Type: AWS::EC2::Subnet::Id
Description: The second subnet to create the directory in
Rules:
Subnet1InVPC:
Assertions:
- Assert:
'Fn::Equals':
- 'Fn::ValueOf':
- DirectorySubnet1
- VpcId
- Ref: DirectoryVPCId
AssertDescription: All subnets must in the VPC
Subnet2InVPC:
Assertions:
- Assert:
'Fn::Equals':
- 'Fn::ValueOf':
- DirectorySubnet2
- VpcId
- Ref: DirectoryVPCId
AssertDescription: All subnets must in the VPC
SeparateSubnetAZs:
Assertions:
- Assert:
'Fn::Not':
- 'Fn::Equals':
- 'Fn::ValueOf':
- DirectorySubnet1
- AvailabilityZone
- 'Fn::ValueOf':
- DirectorySubnet2
- AvailabilityZone
AssertDescription: Subnets must be in different AZs
Resources:
#https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-directoryservice-microsoftad.html
myDirectory:
Type: AWS::DirectoryService::MicrosoftAD
Properties:
Edition: Standard
Name: !Ref DirectoryName
Password: "{{resolve:ssm-secure:ADAdminPassword:1}}"
VpcSettings:
SubnetIds:
- !Ref DirectorySubnet1
- !Ref DirectorySubnet2
VpcId: !Ref DirectoryVPCId
Outputs:
MSAD:
Description: Microsoft Active Directory ID
Export:
Name: EpicRO-MSAD
Value: !Ref myDirectory
MSADDnsIpAddress1:
Description: Microsoft AD DNS IP 1
Export:
Name: EpicRO-MSADDNSIP1
Value: !Select [0, !GetAtt myDirectory.DnsIpAddresses]
MSADDnsIpAddress2:
Description: Microsoft AD DNS IP 2
Export:
Name: EpicRO-MSADDNSIP2
Value: !Select [1, !GetAtt myDirectory.DnsIpAddresses]