This CFN template configures LDAP over SSL for AWS managed Microsoft AD directory using single tier Microsoft Enterprise Certification Authority.
- 1 Windows 2019 EC2 instance.
- Instance profile and IAM roles with necessary permissions to access the resources required to configure CA.
- SSM document to join EC2 instance to AWS Managed Microsoft AD domain and then configure Microsoft Enterprise CA on the EC2 instance.
- Security group to allow inbound and outbound traffic on EC2 instance.
- 1 Cloudwatch log group for CFN template.
- 1 secret created using AWS Secret Manager to securely store the credentials for CA admin.
- Existing AWS Managed Microsoft AD directory or create a new AWS Managed Microsoft AD directory.
- Configure outbound rule (egress) on the AWS Managed Microsoft AD domain security group to allow all outbound communication. Refer to the AWS Docs on how to find and modify outbound rules on AWS Managed Microsoft AD domain security group.
- Download the CloudFormation template (src/CFN/AWS-QS-LDAPS-managedAD-templ.yml) file to your local computer.
- Log in to the AWS Management Console and select CloudFormation in the Services menu.
- Create a new stack by uploading the CloudFormation (AWS-QS-LDAPS-managedAD-templ.yml).
- Specify the required stack parameters and launch the stack.
Note: AWS_QS_LDAPS_managedAD CloudFormation template takes about 40 minutes to deploy the required resources. There is no charge for using AWS CloudFormation, however, you will be charged for the resources created by AWS CloudFormation template.