AWS Directory Service
AWS Directory Service provides multiple ways to use Microsoft Active Directory (AD) with other Aservices. Directories are capable to store data or information about users, groups, and devices, and administrators use them and manage access to information and resources. This Service provides multiple directory choices for customers who want to use existing Microsoft AD. It also offers those same choices to developers who need a directory to manage users, groups, devices, and access. You can follow this link to know more.
In this blog, we will see How to deploy AWS Directory Service using Terraform. To deploy the AWS directory service, We need a VPC with at least two subnets. Now we are going to create the required resources to deploy the AWS directory.
Steps to deploy AWS Directory Service :
Step 1: Define the Provider
First, We will define the provider with an access key and secret key. In this deployment, I will use the credential profile name. We can simply define credentials with profile by just execute the below command:
aws configure --profile <profile_name>
Create a file with provider.tf and add the below script :
provider.tfprovider "aws" {
profile = "terraform"
region = "us-west-2"
}
Step 2 : Create a VPC and Subnet
The first one is we can create a VPC and subnets and the Second one is we can use the VPC module to create our own network. In this blog, I will show both options but I will use the VPC module to create our network. You can follow any of the ones which you want to use. Create a file with the resource.tf name
resource.tfresource "aws_vpc" "directory_service_vpc" {
cidr_block = "10.10.0.0/16"
}
resource "aws_subnet" "directory_service_subnet_first" {
vpc_id = aws_vpc.directory_service_vpc.id
availability_zone = "us-west-2a"
cidr_block = "10.10.1.0/24"
}
resource "aws_subnet" "directory_service_subnet_second" {
vpc_id = aws_vpc.directory_service_vpc.id
availability_zone = "us-west-2b"
cidr_block = "10.10.2.0/24"
}Now, We are going to use the VPC Module to create a simple VPC with two public and two private subnets in the us-west-2. We will use this option to deploy or create an AWS directory service. WE need to simply create a module.tf and add the below script:
module.tfmodule "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "demo-dev"
cidr = "10.10.0.0/16"
azs = ["us-west-2a", "us-west-2b"]
private_subnets = ["10.10.1.0/24", "10.10.2.0/24"]
public_subnets = ["10.10.3.0/24", "10.10.4.0/24"]
enable_nat_gateway = true
single_nat_gateway = true
one_nat_gateway_per_az = false
enable_dns_hostnames = true
enable_dns_support = true
tags = {
Name = "demo-dev"
Environment = "Development"
}
}
Step 3 : Types of AWS Directory Service Versions
Mainly AWS provides the three types of AWS Directory Service. As we can see below but for now, We will use the first one which is SimpleAD.
- SimpleAD
- ADConnector
- MicrosoftAD.
All of these three are used for their own different-different purposes.
SimpleAD:
SimpleAD is a standalone managed directory that is powered by a Samba 4 Active Directory Compatible Server. It is available in two sizes – Small and Large.
ADConnector:
It is a directory gateway. With the help of AD connector, We can redirect directory requests to our on-premises Microsoft Active Directory without having any information in the cloud.
MicrosoftAD
This is a Microsoft Active Directory (AD) running on AWS-managed infrastructure.
AWS Directory Service Simple AD
SimpleAD is a standalone managed directory that is powered by a Samba 4 Active Directory Compatible Server. It is available in two sizes:
- Small — It can supports up to 500 users.
- Large — It can supports up to 5,000 users
Now we will add this script into the resource.tf file which we have created before:
resource.tfresource "aws_directory_service_directory" "simple_ad_directory" {
name = "dev.demo.local"
password = "Admin@123"
size = "Small"
vpc_settings {
vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets
}
tags = {
Name = "demo-simple-ad"
Environment = "Development"
}
}
Step 4: Execute the terraform command to initialize the working Directory
Terraform init
Step 5: Apply the changes:
First, run the plan command. This command will show the plan for deploying the service:
Terraform plan
Now we can apply this script:
Terraform apply -auto-approve
Step 6: Verify the resource
Now you can verify the service on AWS
Step 7: Destroy all resources
To destroy all the resources, We just need to run the below command:
terraform destory -auto-approve
Conclusion:
In this blog, We have learned how to deploy AWS directory service using terraform. If you find this blog helpful then like and share it with your friends.
