This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::DirectoryService::MicrosoftAD The `AWS::DirectoryService::MicrosoftAD` resource specifies a Microsoft Active Directory in AWS so that your directory users and groups can access the AWS Management Console and AWS applications using their existing credentials. For more information, see [AWS Managed Microsoft AD](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html) in the *Directory Service Admin Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::DirectoryService::MicrosoftAD", "Properties" : { "[CreateAlias](#cfn-directoryservice-microsoftad-createalias)" : Boolean, "[Edition](#cfn-directoryservice-microsoftad-edition)" : String, "[EnableSso](#cfn-directoryservice-microsoftad-enablesso)" : Boolean, "[Name](#cfn-directoryservice-microsoftad-name)" : String, "[Password](#cfn-directoryservice-microsoftad-password)" : String, "[ShortName](#cfn-directoryservice-microsoftad-shortname)" : String, "[VpcSettings](#cfn-directoryservice-microsoftad-vpcsettings)" : VpcSettings } } ``` ### YAML ``` Type: AWS::DirectoryService::MicrosoftAD Properties: [CreateAlias](#cfn-directoryservice-microsoftad-createalias): Boolean [Edition](#cfn-directoryservice-microsoftad-edition): String [EnableSso](#cfn-directoryservice-microsoftad-enablesso): Boolean [Name](#cfn-directoryservice-microsoftad-name): String [Password](#cfn-directoryservice-microsoftad-password): String [ShortName](#cfn-directoryservice-microsoftad-shortname): String [VpcSettings](#cfn-directoryservice-microsoftad-vpcsettings): VpcSettings ``` ## Properties `CreateAlias` Specifies an alias for a directory and assigns the alias to the directory. The alias is used to construct the access URL for the directory, such as `http://.awsapps.com`. By default, CloudFormation does not create an alias. After an alias has been created, it cannot be deleted or reused, so this operation should only be used when absolutely necessary. *Required*: No *Type*: Boolean *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Edition` AWS Managed Microsoft AD is available in two editions: `Standard` and `Enterprise`. `Enterprise` is the default. *Required*: No *Type*: String *Allowed values*: `Enterprise | Standard | Hybrid` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `EnableSso` Whether to enable single sign-on for a Microsoft Active Directory in AWS. Single sign-on allows users in your directory to access certain AWS services from a computer joined to the directory without having to enter their credentials separately. If you don't specify a value, CloudFormation disables single sign-on by default. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Name` The fully qualified domain name for the AWS Managed Microsoft AD directory, such as `corp.example.com`. This name will resolve inside your VPC only. It does not need to be publicly resolvable. *Required*: Yes *Type*: String *Pattern*: `^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+$` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Password` The password for the default administrative user named `Admin`. If you need to change the password for the administrator account, see the [ResetUserPassword](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ResetUserPassword.html) API call in the *Directory Service API Reference*. *Required*: Yes *Type*: String *Pattern*: `(?=^.{8,64}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9\s])(?=.*[a-z])|(?=.*[^A-Za-z0-9\s])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9\s]))^.*` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `ShortName` The NetBIOS name for your domain, such as `CORP`. If you don't specify a NetBIOS name, it will default to the first part of your directory DNS. For example, `CORP` for the directory DNS `corp.example.com`. *Required*: No *Type*: String *Pattern*: `^[^\\/:*?"<>|.]+[^\\/:*?"<>|]*$` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `VpcSettings` Specifies the VPC settings of the Microsoft AD directory server in AWS. *Required*: Yes *Type*: [VpcSettings](aws-properties-directoryservice-microsoftad-vpcsettings.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When the logical ID of this resource is provided to the `Ref` intrinsic function, `Ref` returns the resource ID. In the following sample, the `Ref` function returns the ID of the `myDirectory` directory, such as `d-12345ab592`. `{ "Ref": "myDirectory" }` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Alias` The alias for a directory. For example: `alias4-mydirectory-12345abcgmzsk` (if you have the `CreateAlias` property set to true). `DnsIpAddresses` The IP addresses of the DNS servers for the directory, such as `[ "192.0.2.1", "192.0.2.2" ]`. `Id` The directory ID. For example: `d-12373a053a`. ## Examples The following example creates a Microsoft Active Directory in AWS, where the directory DNS name is `corp.example.com`: ### Create an AWS Managed Microsoft AD #### JSON ``` "myDirectory" : { "Type" : "AWS::DirectoryService::MicrosoftAD", "Properties" : { "Name" : "corp.example.com", "Password" : { "Ref" : "MicrosoftADPW" }, "ShortName" : { "Ref" : "MicrosoftADShortName" }, "VpcSettings" : { "SubnetIds" : [ { "Ref" : "subnetID1" }, { "Ref" : "subnetID2" } ], "VpcId" : { "Ref" : "vpcID" } } } } ``` #### YAML ``` myDirectory: Type: AWS::DirectoryService::MicrosoftAD Properties: Name: "corp.example.com" Password: Ref: MicrosoftADPW ShortName: Ref: MicrosoftADShortName VpcSettings: SubnetIds: - Ref: subnetID1 - Ref: subnetID2 VpcId: Ref: vpcID ``` ## See also + [Getting Started with AWS Managed Microsoft AD](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_getting_started.html) in the *Directory Service Admin Guide*.. + [CreateMicrosoftAD](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateMicrosoftAD.html) in the *Directory Service API Reference*. # AWS::DirectoryService::MicrosoftAD VpcSettings Contains VPC information for the [CreateDirectory](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateDirectory.html) or [CreateMicrosoftAD](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateMicrosoftAD.html) operation. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[SubnetIds](#cfn-directoryservice-microsoftad-vpcsettings-subnetids)" : [ String, ... ], "[VpcId](#cfn-directoryservice-microsoftad-vpcsettings-vpcid)" : String } ``` ### YAML ``` [SubnetIds](#cfn-directoryservice-microsoftad-vpcsettings-subnetids): - String [VpcId](#cfn-directoryservice-microsoftad-vpcsettings-vpcid): String ``` ## Properties `SubnetIds` The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. Directory Service specifies a directory server and a DNS server in each of these subnets. *Required*: Yes *Type*: Array of String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `VpcId` The identifier of the VPC in which to create the directory. *Required*: Yes *Type*: String *Pattern*: `^(vpc-[0-9a-f]{8}|vpc-[0-9a-f]{17})$` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)