This procedure launches an Amazon EC2 directory administration Windows instance in the AWS Management Console using AWS Systems Manager Automation to manage your directories. You can also accomplish this by running the automation AWS-CreateDSManagementInstance in the AWS Systems Manager Automation console directly.
For more information, see the following links:
PrerequisitesThe following prerequisites are required to complete this tutorial:
You will need an IAM instance profile role that allows Systems Manager and AWS Managed Microsoft AD.
For more information on Systems Manager, see Configure instance permissions required for Systems Manager.
The IAM instance role needs the following AWS managed policies so your EC2 directory administration Windows instance can domain join your AWS Managed Microsoft AD:
AmazonSSMManagedInstanceCore
AmazonSSMDirectoryServiceAccess
You must have the following permissions enabled in your account to launch a directory administration EC2 instance from the console:
ds:DescribeDirectories
ec2:AuthorizeSecurityGroupIngress
ec2:CreateSecurityGroup
ec2:CreateTags
ec2:DeleteSecurityGroup
ec2:DescribeInstances
ec2:DescribeInstanceStatus
ec2:DescribeKeyPairs
ec2:DescribeSecurityGroups
ec2:DescribeVpcs
ec2:RunInstances
ec2:TerminateInstances
iam:AddRoleToInstanceProfile
iam:AttachRolePolicy
iam:CreateInstanceProfile
iam:CreateRole
iam:DeleteInstanceProfile
iam:DeleteRole
iam:DetachRolePolicy
iam:GetInstanceProfile
iam:GetRole
iam:ListAttachedRolePolicies
iam:ListInstanceProfiles
iam:ListInstanceProfilesForRole
iam:PassRole
iam:RemoveRoleFromInstanceProfile
iam:TagInstanceProfile
iam:TagRole
ssm:CreateDocument
ssm:DeleteDocument
ssm:DescribeInstanceInformation
ssm:GetAutomationExecution
ssm:GetParameters
ssm:ListCommandInvocations
ssm:ListCommands
ssm:ListDocuments
ssm:SendCommand
ssm:StartAutomationExecution
ssm:GetDocument
Sign in to the AWS Directory Service console.
Under Active Directory, choose Directories.
Choose the Directory ID of the directory where you want to launch a directory administration EC2 instance.
On the directory page, in the top right corner, choose Actions.
In the Actions dropdown list, choose Launch directory administration EC2 instance.
On the Launch directory administration EC2 instance page, under Input parameters, complete the fields.
(Optional) You can provide a key pair for the instance. From the Key Pair Name - optional dropdown list, select a key pair.
(Optional) Choose View AWS CLI command to see an example that you use in the AWS CLI to run this automation.
Choose Submit.
You're taken back to the directory page. A green flashbar displays at the top of your screen to indicate that you successfully began the launch.
If you haven't launched any EC2 instances for a directory, a dash (-) displays under Directory administration EC2 instance.
Under Active Directory, choose Directories and select the directory you want to view.
Under Directory details, under Directory administration EC2 instance, choose one or all of your instances to view.
When you choose an instance, you're routed to the EC2 Connect to instance page to connect a remote desktop to your instance.
Ways to join an instance to your directory
Joining a Windows instance
Did this page help you? - Yes
Thanks for letting us know we're doing a good job!
If you've got a moment, please tell us what we did right so we can do more of it.
Did this page help you? - No
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4