How to deploy AWS Directory Service using Terraform

Reading Time: 4 minutes

AWS Directory Service

AWS Directory Service provides multiple ways to use Microsoft Active Directory (AD) with other Aservices. Directories are capable to store data or information about users, groups, and devices, and administrators use them and manage access to information and resources. This Service provides multiple directory choices for customers who want to use existing Microsoft AD. It also offers those same choices to developers who need a directory to manage users, groups, devices, and access. You can follow this link to know more.

In this blog, we will see How to deploy AWS Directory Service using Terraform. To deploy the AWS directory service, We need a VPC with at least two subnets. Now we are going to create the required resources to deploy the AWS directory.

 Steps to deploy AWS Directory Service :

Step 1: Define the Provider

First, We will define the provider with an access key and secret key. In this deployment, I will use the credential profile name. We can simply define credentials with profile by just execute the below command:

aws configure --profile <profile_name>

Create a file with and add the below script :
provider "aws" {

  profile = "terraform"

  region     = "us-west-2"


Step 2 : Create a VPC and Subnet

The first one is we can create a VPC and subnets and the Second one is we can use the VPC module to create our own network. In this blog, I will show both options but I will use the VPC module to create our network. You can follow any of the ones which you want to use. Create a file with the name
resource "aws_vpc" "directory_service_vpc" {

  cidr_block = ""


resource "aws_subnet" "directory_service_subnet_first" {

  vpc_id            =

  availability_zone = "us-west-2a"

  cidr_block        = ""


resource "aws_subnet" "directory_service_subnet_second" {

  vpc_id            =

  availability_zone = "us-west-2b"

  cidr_block        = ""


Now, We are going to use the VPC Module to create a simple VPC with two public and two private subnets in the us-west-2. We will use this option to deploy or create an AWS directory service. WE need to simply create a and add the below script:
module "vpc" {

  source = "terraform-aws-modules/vpc/aws"

  name   = "demo-dev"

  cidr   = ""

  azs             = ["us-west-2a", "us-west-2b"]

  private_subnets = ["", ""]

  public_subnets  = ["", ""]

  enable_nat_gateway     = true

  single_nat_gateway     = true

  one_nat_gateway_per_az = false

  enable_dns_hostnames = true

  enable_dns_support   = true

  tags = {

    Name        = "demo-dev"

    Environment = "Development"



Step 3 : Types of AWS Directory Service Versions

Mainly AWS provides the three types of  AWS Directory Service. As we can see below but for now, We will use the first one which is SimpleAD.

  1. SimpleAD
  2.  ADConnector
  3. MicrosoftAD.

All of these three are used for their own different-different purposes.


SimpleAD is a standalone managed directory that is powered by a Samba 4 Active Directory Compatible Server. It is available in two sizes – Small and Large.


It is a directory gateway. With the help of AD connector, We can redirect directory requests to our on-premises Microsoft Active Directory without having any information in the cloud.


 This is a Microsoft Active Directory (AD) running on AWS-managed infrastructure.

AWS Directory Service Simple AD

SimpleAD is a standalone managed directory that is powered by a Samba 4 Active Directory Compatible Server. It is available in two sizes:

  • Small — It can supports up to 500 users.
  • Large — It can supports up to 5,000 users

Now we will add this script into the file which we have created before:
resource "aws_directory_service_directory" "simple_ad_directory" {

  name     = "dev.demo.local"

  password = "Admin@123"

  size     = "Small"

  vpc_settings {

    vpc_id     = module.vpc.vpc_id

    subnet_ids = module.vpc.private_subnets


  tags = {

    Name        = "demo-simple-ad"

    Environment = "Development"



Step 4: Execute the terraform command to initialize the working Directory

Terraform init

Step 5: Apply the changes:

First, run the plan command. This command will show the plan for deploying the service:

Terraform plan

Now we can apply this script:

Terraform apply -auto-approve

 Step 6: Verify the resource

Now you can verify the service on AWS 

Step 7: Destroy all resources

To destroy all the resources, We just need to run the below command:

terraform destory -auto-approve


In this blog, We have learned how to deploy AWS directory service using terraform. If you find this blog helpful then like and share it with your friends.

Written by 

Mohd Muzakkir Saifi is a Software Consultant at Knoldus Software. He loves to take deep dives into cloud technologies & different tools. His hobbies are playing gymnastics and traveling.