# Directory Service Subcategory
**Topics**
+ [Computer Object \$1 Remove](management-directory-computer-object-remove.md)
+ [Computer Object \$1 Remove SPN](management-directory-computer-object-remove-spn.md)
+ [Directory \$1 Accept Sharing](management-directory-directory-accept-sharing.md)
+ [Directory \$1 Create AD Trust](management-directory-directory-create-ad-trust.md)
+ [Directory \$1 Share Directory](management-directory-directory-share-directory.md)
+ [Directory \$1 Unshare Directory](management-directory-directory-unshare-directory.md)
+ [DNS \$1 Add A Record](management-directory-dns-add-a-record.md)
+ [DNS \$1 Add CNAME Record](management-directory-dns-add-cname-record.md)
+ [DNS \$1 Delete Conditional Forwarder](management-directory-dns-delete-conditional-forwarder.md)
+ [DNS \$1 Remediate DNS Scavenging Issue](management-directory-dns-remediate-dns-scavenging-issue.md)
+ [DNS \$1 Remove Record](management-directory-dns-remove-record.md)
+ [DNS \$1 Update Cluster Permissions](management-directory-dns-update-cluster-permissions.md)
+ [DNS \$1 Update Conditional Forwarder](management-directory-dns-update-conditional-forwarder.md)
+ [DNS \$1 Update Group Managed Service Account](management-directory-dns-update-group-managed-service-account.md)
+ [DNS \$1 Update Record Permission](management-directory-dns-update-record-permission.md)
+ [Users and Groups \$1 Add Group](management-directory-users-and-groups-add-group.md)
+ [Users and Groups \$1 Add Group To Group](management-directory-users-and-groups-add-group-to-group.md)
+ [Users and Groups \$1 Add User To Group](management-directory-users-and-groups-add-user-to-group.md)
+ [Users and Groups \$1 Remove User from Group](management-directory-users-and-groups-remove-user-from-group.md)
# Computer Object \$1 Remove
Remove a stale computer object from Microsoft Active Directory (AD) and the corresponding DNS A and PTR records from DNS. Removing the computer object will prevent anyone from raising access against this host using the AMS access control. For multi-account landing zone (MALZ), use this change type in the shared services account.
**Full classification:** Management \$1 Directory Service \$1 Computer object \$1 Remove
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-3d0lrfb8eckuu |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Remove a computer object
#### Removing a computer object from an AMS-managed AD with the console
The following shows this change type in the AMS console.
![\[Remove Computer Object change type details in AMS console interface.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservCompObjectRemoveCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Removing a computer object from an AMS-managed AD with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-3d0lrfb8eckuu" --change-type-version "1.0" --title "Remove Computer Object" --execution-parameters "{\"DocumentName\": \"AWSManagedServices-RemoveADComputerObject-Admin\",\"Region\": \"us-east-1\",\"Parameters\": {\"ADComputerName\": [\"ABRACADABRA\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it ComputerObjectRemoveParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-3d0lrfb8eckuu" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > ComputerObjectRemoveParams.json
```
Modify and save the ComputerObjectRemoveParams file. For example, you can replace the contents with something like this:
```
{
"DocumentName": "AWSManagedServices-RemoveADComputerObject-Admin",
"Region": "us-east-1",
"Parameters": {
"ADComputerName": [
"ABRACADABRA"
]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it ComputerObjectRemoveRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > ComputerObjectRemoveRfc.json
```
1. Modify and save the ComputerObjectRemoveRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeId": "ct-3d0lrfb8eckuu",
"ChangeTypeVersion": "1.0",
"Title": "Remove computer object"
}
```
1. Create the RFC, specifying the ComputerObjectRemoveRfc file and the ComputerObjectRemoveParams file:
```
aws amscm create-rfc --cli-input-json file://ComputerObjectRemoveRfc.json --execution-parameters file://ComputerObjectRemoveParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
For information about Directory Service, see the [Directory Service Admin Guide](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-3d0lrfb8eckuu](schemas.md#ct-3d0lrfb8eckuu-schema-section).
## Example: Required Parameters
```
{
"DocumentName" : "AWSManagedServices-RemoveADComputerObject-Admin",
"Region" : "us-east-1",
"Parameters" : {
"Hostname" : [
"ABRACADABRA"
]
}
}
```
## Example: All Parameters
```
{
"DocumentName" : "AWSManagedServices-RemoveADComputerObject-Admin",
"Region" : "us-east-1",
"Parameters" : {
"Hostname" : [
"ABRACADABRA"
]
}
}
```
# Computer Object \$1 Remove SPN
Remove the Service Principal Name (SPN) associated with a specified hostname or host alias in Microsoft Active Directory. For multi-account landing zone (MALZ), use this change type in the shared services account.
**Full classification:** Management \$1 Directory Service \$1 Computer object \$1 Remove SPN
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-1078jhyxq32dp |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Remove a computer object's SPN
#### Removing a computer object's SPN from an AMS-managed AD with the console
The following shows this change type in the AMS console.
![\[Remove Service Principal Name option with description, ID, and version details.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservCompObjectRemoveSpnCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Removing a computer object's SPN from an AMS-managed AD with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-1078jhyxq32dp" --change-type-version "1.0" --title "Remove AD Computer SPN" --execution-parameters "{\"DocumentName\": \"AWSManagedServices-RemoveADComputerSPN-Admin\",\"Region\": \"us-east-1\",\"Parameters\": {\"Hostname\": [\"webserver\"], \"ServiceType\": [\"HOST\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it ComputerObjectRemoveSpnParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-1078jhyxq32dp" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > ComputerObjectRemoveSpnParams.json
```
Modify and save the ComputerObjectRemoveSpnParams file. For example, you can replace the contents with something like this:
```
{
"DocumentName": "AWSManagedServices-RemoveADComputerSPN-Admin",
"Region": "us-east-1",
"Parameters": {
"Hostname": [
"webserver"
],
"ServiceType": [
"HOST"
]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it ComputerObjectRemoveSpnRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > ComputerObjectRemoveSpnRfc.json
```
1. Modify and save the ComputerObjectRemoveSpnRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeVersion": "1.0",
"ChangeTypeId": "ct-1078jhyxq32dp",
"Title": "Remove AD Computer SPN"
}
```
1. Create the RFC, specifying the ComputerObjectRemoveSpnRfc file and the ComputerObjectRemoveSpnParams file:
```
aws amscm create-rfc --cli-input-json file://ComputerObjectRemoveSpnRfc.json --execution-parameters file://ComputerObjectRemoveSpnParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
+ For multi-account landing zone (MALZ), use this change type in the shared services account.
+ For information about Directory Service, see the [Directory Service Admin Guide](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-1078jhyxq32dp](schemas.md#ct-1078jhyxq32dp-schema-section).
## Example: Required Parameters
```
{
"DocumentName": "AWSManagedServices-RemoveADComputerSPN-Admin",
"Region": "us-east-1",
"Parameters": {
"Hostname": ["RDP-12345"],
"ServiceType": ["HOST"]
}
}
```
## Example: All Parameters
```
{
"DocumentName": "AWSManagedServices-RemoveADComputerSPN-Admin",
"Region": "us-east-1",
"Parameters": {
"Hostname": ["RDP-12345"],
"ServiceType": ["HOST"],
"AliasName": ["Valid-Alias123"],
"GroupManagedServiceAccountName": ["Valid-Name-456"],
"Port": ["1122"]
}
}
```
# Directory \$1 Accept Sharing
Accept a directory sharing request sent from the directory owner account. This is run in the directory consumer account.
**Full classification:** Management \$1 Directory Service \$1 Directory \$1 Accept sharing
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-13xvbj5pqg253 |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Accept directory sharing request
#### Accept a directory sharing request with the console
The following shows this change type in the AMS console.
![\[Accept Directory Sharing Request form with description, ID, and version fields.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservAcceptShareCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Accept a directory sharing request with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc \ --change-type-id "ct-13xvbj5pqg253" \ --change-type-version "1.0" --title "AWS Directory Service accept directory sharing" \ --execution-parameters "{\"DocumentName\":\"AWSManagedServices-AcceptSharedDirectory\",\"Region\":\"eu-central-1\",\"Parameters\":{\"SharedDirectoryId\":[\"d-000000000\"],\"OwnerAccountId\":[\"000000000000\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it DirectorySharingParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-13xvbj5pqg253" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > DirectorySharingParams.json
```
Modify and save the DirectorySharingParams file. For example, you can replace the contents with something like this:
```
{
{
"DocumentName": "AWSManagedServices-AcceptSharedDirectory",
"Region": "eu-central-1",
"Parameters": {
"SharedDirectoryId": ["d-000000000"],
"OwnerAccountId": ["000000000000"]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it DirectorySharingRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > DirectorySharingRfc.json
```
1. Modify and save the DirectorySharingRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeId": "ct-13xvbj5pqg253",
"ChangeTypeVersion": "1.0",
"Title": "AWS Directory Service accept directory sharing"
}
```
1. Create the RFC, specifying the DirectorySharingRfc file and the DirectorySharingParams file:
```
aws amscm create-rfc --cli-input-json file://DirectorySharingRfc.json --execution-parameters file://DirectorySharingParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
**Note**
This change type was originally classified as Management \$1 Advanced stack components \$1 Directory service \$1 Accept sharing, and has now been moved to a more user friendly classification. The change type ID, ct-13xvbj5pqg253, has not changed.
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-13xvbj5pqg253](schemas.md#ct-13xvbj5pqg253-schema-section).
## Example: Required Parameters
```
Example not available.
```
## Example: All Parameters
```
{
"DocumentName": "AWSManagedServices-AcceptSharedDirectory",
"Region": "us-east-1",
"Parameters": {
"SharedDirectoryId": [
"d-12e456789f"
],
"OwnerAccountId": [
"123456789012"
]
}
}
```
# Directory \$1 Create AD Trust
Create a one-way trust between On-Prem Domain and (AWS) Managed Active Directory. For multi-account landing zone (MALZ), use this change type in the shared services account. Before creating the trust, you need to make sure that the following prerequisites are met: 1. You must create the AD trust first on the On-Prem Domain and save the trust password in the Secrets Manager. 2. You must set up a Managed Active Directory (MAD) Security Group with an outbound rule that allows all traffic to On-Prem CIDR ranges.
**Full classification:** Management \$1 Directory Service \$1 Directory \$1 Create AD trust
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-0x6dylrnfjgz5 |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Create Active Directory Trust
#### Adding an AD trust with the console
The following shows this change type in the AMS console.
![\[Create Active Directory Trust interface showing ID, execution mode, and classification details.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservCreateTrustCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Adding an AD trust with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-0x6dylrnfjgz5" --change-type-version "1.0" --title "Create AD Trust" --execution-parameters '
{"DocumentName":"AWSManagedServices-CreateADTrust","Region":"ap-southeast-2","Parameters":{"DirectoryId":["d-976774e42f"],"RemoteDomainName":["onprem.local"],"SecretArn":["arn:aws:secretsmanager:ap-southeast-2:996606605561:secret:customer-shared/CorrectTPW-BI79uu"],"TrustType":["External"],"ConditionalForwarderIpAddresses":["10.153.28.39"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it CreateADTrustParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-0x6dylrnfjgz5" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > CreateADTrustParams.json
```
Modify and save the CreateADTrustParams.json file. For example, you can replace the contents with something like this:
```
{
"DocumentName": "AWSManagedServices-CreateADTrust",
"Region": "ap-southeast-2",
"Parameters": {
"DirectoryId": [
"d-976774e42f"
],
"RemoteDomainName": [
"onprem.local"
],
"SecretArn": [
"arn:aws:secretsmanager:ap-southeast-2:996606605561:secret:customer-shared/CorrectTPW-BI79uu"
],
"TrustType": [
"External"
],
"ConditionalForwarderIpAddresses": [
"10.153.28.39"
]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it CreateADTrustRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > CreateADTrustRfc.json
```
1. Modify and save the CreateADTrustRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeId": "ct-0x6dylrnfjgz5",
"ChangeTypeVersion": "1.0",
"Title": "Active Directory Trust"
}
```
1. Create the RFC, specifying the CreateADTrustRfc file and the CreateADTrustParams file:
```
aws amscm create-rfc --cli-input-json file://CreateADTrustRfc.json --execution-parameters file://CreateADTrustParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
For information about Directory Service, see the [Directory Service Admin Guide](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-0x6dylrnfjgz5](schemas.md#ct-0x6dylrnfjgz5-schema-section).
## Example: Required Parameters
```
{
"DocumentName": "AWSManagedServices-CreateADTrust",
"Region": "us-east-1",
"Parameters": {
"DirectoryId": "d-12e456789f",
"RemoteDomainName": "onprem.local",
"SecretArn": "arn:aws:secretsmanager:us-east-1:000000000000:secret:customer-shared/adtrust",
"TrustType": "External",
"ConditionalForwarderIpAddresses": "10.153.28.39,10.153.28.40"
}
}
```
## Example: All Parameters
```
{
"DocumentName": "AWSManagedServices-CreateADTrust",
"Region": "us-east-1",
"Parameters": {
"DirectoryId": "d-12e456789f",
"RemoteDomainName": "onprem.local",
"SecretArn": "arn:aws:secretsmanager:us-east-1:000000000000:secret:customer-shared/adtrust",
"TrustType": "External",
"ConditionalForwarderIpAddresses": "10.153.28.39,10.153.28.40"
}
}
```
# Directory \$1 Share Directory
Share a specified directory in your AWS account (directory owner) with another AWS account (directory consumer). Run this in your Shared Service account that has Managed Active Directory. This change type is only supported for multi-account landing zone (MALZ).
**Full classification:** Management \$1 Directory Service \$1 Directory \$1 Share directory
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-369odosk0pd9w |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Share directory
#### Share a directory with the console
The following shows this change type in the AMS console.
![\[Share Directory interface showing ID, execution mode, version, and description details.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservShareDirectoryCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Share a directory with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-369odosk0pd9w" --change-type-version "1.0" --title "Share Directory" --execution-parameters "{\"DocumentName\":\"AWSManagedServices-ShareDirectory\",\"Region\":\"ap-southeast-2\",\"Parameters\":{\"DirectoryId\":[\"d-123456ab7c\"],\"TargetAccountId\":[\"012345678912\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it DirectorySharingParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-369odosk0pd9w" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > DirectorySharingParams.json
```
Modify and save the DirectorySharingParams.json file. For example, you can replace the contents with something like this:
```
{
"DocumentName": "AWSManagedServices-ShareDirectory",
"Region": "us-east-1",
"Parameters": {
"DirectoryId": [
"d-123456ab7c"
],
"TargetAccountId": [
"012345678912"
]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it DirectorySharingRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > DirectorySharingRfc.json
```
1. Modify and save the DirectorySharingRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeId": "ct-369odosk0pd9w",
"ChangeTypeVersion": "1.0",
"Title": "Share Directory"
}
```
1. Create the RFC, specifying the DirectorySharingRfc file and the DirectorySharingParams file:
```
aws amscm create-rfc --cli-input-json file://DirectorySharingRfc.json --execution-parameters file://DirectorySharingParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
For related CTs, see [Directory Service Subcategory](https://docs.aws.amazon.com/managedservices/latest/ctref/management-directory-service-section.html).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-369odosk0pd9w](schemas.md#ct-369odosk0pd9w-schema-section).
## Example: Required Parameters
```
{
"DocumentName": "AWSManagedServices-ShareDirectory",
"Region": "us-east-1",
"Parameters": {
"DirectoryId": [
"d-0000000000"
],
"TargetAccountId": [
"000000000000"
]
}
}
```
## Example: All Parameters
```
{
"DocumentName": "AWSManagedServices-ShareDirectory",
"Region": "us-east-1",
"Parameters": {
"DirectoryId": [
"d-12e456789f"
],
"TargetAccountId": [
"123456789012"
]
}
}
```
# Directory \$1 Unshare Directory
Stops the directory sharing between the directory owner and consumer accounts. Run this in your Shared Service account that has Managed Active Directory. This change type is only supported for multi-account landing zone (MALZ).
**Full classification:** Management \$1 Directory Service \$1 Directory \$1 Unshare directory
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-2xd2anlb5hbzo |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Unshare directory
#### Unshare a directory with the console
The following shows this change type in the AMS console.
![\[Unshare Directory details showing ID, execution mode, version, and description.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservUnshareDirectoryCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Unshare a directory with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-2xd2anlb5hbzo" --change-type-version "1.0" --title "Unshare Directory" --execution-parameters "{\"DocumentName\":\"AWSManagedServices-ShareDirectory\",\"Region\":\"ap-southeast-2\",\"Parameters\":{\"DirectoryId\":[\"d-123456ab7c\"],\"UnshareTarget\":[\"012345678912\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it DirectoryUnsharingParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-2xd2anlb5hbzo" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > DirectoryUnsharingParams.json
```
Modify and save the DirectoryUnsharingParams.json file. For example, you can replace the contents with something like this:
```
{
"DocumentName": "AWSManagedServices-UnshareDirectory",
"Region": "us-east-1",
"Parameters": {
"DirectoryId": [
"d-123456ab7c"
],
"UnshareTarget": [
"012345678912"
]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it DirectoryUnsharingRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > DirectoryUnsharingRfc.json
```
1. Modify and save the DirectoryUnsharingRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeId": "ct-2xd2anlb5hbzo",
"ChangeTypeVersion": "1.0",
"Title": "Unshare Directory"
}
```
1. Create the RFC, specifying the DirectoryUnsharingRfc file and the DirectoryUnsharingParams file:
```
aws amscm create-rfc --cli-input-json file://DirectoryUnsharingRfc.json --execution-parameters file://DirectoryUnsharingParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
For related CTs, see [Directory Service Subcategory](https://docs.aws.amazon.com/managedservices/latest/ctref/management-directory-service-section.html).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-2xd2anlb5hbzo](schemas.md#ct-2xd2anlb5hbzo-schema-section).
## Example: Required Parameters
```
{
"DocumentName": "AWSManagedServices-UnshareDirectory",
"Region": "us-east-1",
"Parameters": {
"DirectoryId": [
"d-0000000000"
],
"UnshareTarget": [
"000000000000"
]
}
}
```
## Example: All Parameters
```
{
"DocumentName": "AWSManagedServices-UnshareDirectory",
"Region": "us-east-1",
"Parameters": {
"DirectoryId": [
"d-12e456789f"
],
"UnshareTarget": [
"123456789012"
]
}
}
```
# DNS \$1 Add A Record
Add a new static DNS A record in AWS Managed Microsoft Active Directory (AD). For multi-account landing zone (MALZ), use this change type in the shared services account.
**Full classification:** Management \$1 Directory Service \$1 DNS \$1 Add A record
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-2w3rbmnny1qpo |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Add DNS "A" record
#### Adding a DNS A record with the console
The following shows this change type in the AMS console.
![\[Interface for adding a new static DNS A record, showing description, ID, and version fields.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservArecordAddCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Adding a DNS A record with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-2w3rbmnny1qpo" --change-type-version "1.0" --title "Add DNS A Record" --execution-parameters "{\"DocumentName\": \"AWSManagedServices-CreateDNSARecord-Admin\",\"Region\": \"us-east-1\",\"Parameters\": {\"RecordName\": [\"web-server\"], \"IPAddress\": [\"132.133.134.135\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it ArecordAddParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-2w3rbmnny1qpo" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > ArecordAddParams.json
```
Modify and save the ArecordAddParams file. For example, you can replace the contents with something like this:
```
{
"DocumentName": "AWSManagedServices-CreateDNSARecord-Admin",
"Region": "us-east-1",
"Parameters": {
"RecordName": [
"web-server"
],
"IPAddress": [
"132.133.134.135"
]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it ArecordAddRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > ArecordAddRfc.json
```
1. Modify and save the ArecordAddRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeId": "ct-2w3rbmnny1qpo",
"ChangeTypeVersion": "1.0",
"Title": "AWS Directory Service add DNS A record"
}
```
1. Create the RFC, specifying the ArecordAddRfc file and the ArecordAddParams file:
```
aws amscm create-rfc --cli-input-json file://ArecordAddRfc.json --execution-parameters file://ArecordAddParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
**Note**
For multi-account landing zone (MALZ), use this change type in the shared services account.
For information about Directory Service, see the [Directory Service Admin Guide](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-2w3rbmnny1qpo](schemas.md#ct-2w3rbmnny1qpo-schema-section).
## Example: Required Parameters
```
{
"DocumentName": "AWSManagedServices-CreateDNSARecord-Admin",
"Region": "us-east-1",
"Parameters": {
"RecordName": ["web-server"],
"IPAddress": ["123.1.2.3"]
}
}
```
## Example: All Parameters
```
{
"DocumentName": "AWSManagedServices-CreateDNSARecord-Admin",
"Region": "us-east-1",
"Parameters": {
"RecordName": ["web-server"],
"IPAddress": ["123.1.2.3"],
"TTLValue": ["01:00:01"]
}
}
```
# DNS \$1 Add CNAME Record
Create a new DNS CNAME record in AWS Managed Microsoft Active Directory (AD). CNAME records must always point to another domain name, never directly to an IP address. For multi-account landing zone (MALZ), use this change type in the shared services account.
**Full classification:** Management \$1 Directory Service \$1 DNS \$1 Add CNAME record
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-2murl5xzbxoxf |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Add DNS CNAME record in AMS
**Note**
To create a CNAME record in AWS, see [How do I create alias records for services hosted in AWS?](https://aws.amazon.com/premiumsupport/knowledge-center/route-53-create-alias-records/).
#### Adding a DNS CNAME record with the console
The following shows this change type in the AMS console.
![\[Interface for adding a DNS CNAME record with description, ID, and version fields.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservCnameRecordAddCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Adding a DNS CNAME record with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-2murl5xzbxoxf" --change-type-version "1.0" --title "Add DNS CNAME Record" --execution-parameters "{\"DocumentName\": \"AWSManagedServices-CreateDNSCnameRecord-Admin\",\"Region\": \"us-east-1\",\"Parameters\": {\"RecordName\": [\"host1.mycompany.com\"], \"RecordCname\": [\"web-server\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it CnameRecordAddParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-2w3rbmnny1qpo" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > CnameRecordAddParams.json
```
Modify and save the CnameRecordAddParams file. For example, you can replace the contents with something like this:
```
{
"DocumentName": "AWSManagedServices-CreateDNSCnameRecord-Admin",
"Region": "us-east-1",
"Parameters": {
"RecordName": [
"host1.mycompany.com"
],
"RecordCname": [
"web-server"
]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it CnameRecordAddRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > CnameRecordAddRfc.json
```
1. Modify and save the CnameRecordAddRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeId": "ct-2murl5xzbxoxf",
"ChangeTypeVersion": "1.0",
"Title": "AWS Directory Service add DNS CNAME record"
}
```
1. Create the RFC, specifying the CnameRecordAddRfc file and the CnameRecordAddParams file:
```
aws amscm create-rfc --cli-input-json file://CnameRecordAddRfc.json --execution-parameters file://CnameRecordAddParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
+ For multi-account landing zone (MALZ), use this change type in the Shared Services account.
+ For information about Directory Service, see the [Directory Service Admin Guide](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html). To learn about CNAME records, see [CNAME record type](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html#CNAMEFormat).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-2murl5xzbxoxf](schemas.md#ct-2murl5xzbxoxf-schema-section).
## Example: Required Parameters
```
{
"DocumentName": "AWSManagedServices-CreateDNSCnameRecord-Admin",
"Region": "us-east-1",
"Parameters": {
"RecordName": ["hostname123.example.com"],
"RecordCname": ["webserver"]
}
}
```
## Example: All Parameters
```
{
"DocumentName": "AWSManagedServices-CreateDNSCnameRecord-Admin",
"Region": "us-east-1",
"Parameters": {
"RecordName": ["hostname123.example.com"],
"RecordCname": ["webserver"]
}
}
```
# DNS \$1 Delete Conditional Forwarder
Delete AD DNS conditional forwarder for a remote domain. For multi-account landing zone (MALZ), use this change type in the shared services account.
**Full classification:** Management \$1 Directory Service \$1 DNS \$1 Delete conditional forwarder
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-1icghmq38rnsn |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Delete a DNS conditional forwarder
#### Deleting DNS conditional forwarders with the console
The following shows this change type in the AMS console.
![\[Delete AD DNS Conditional Forwarder change type with ID and version details.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservCondForwardDeleteCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Deleting DNS conditional forwarders with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-1icghmq38rnsn" --change-type-version "1.0" --title "AWSManagedServices-DeleteADDNSConditionalForwarder" --execution-parameters "{\"DocumentName\": \"AWSManagedServices-DeleteADDNSConditionalForwarder-Admin\",\"Region\": \"us-east-1\",\"Parameters\": {\"RemoteDomainName\": [\"test.forwarders.com\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it CondForwardDeleteParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-1icghmq38rnsn" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > CondForwardDeleteParams.json
```
Modify and save the CondForwardDeleteParams file. For example, you can replace the contents with something like this:
```
{
"DocumentName": "AWSManagedServices-DeleteADDNSConditionalForwarder-Admin",
"Region": "us-east-1",
"Parameters": {
"RemoteDomainName": [
"test.forwarders.com"
]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it CondForwardDeleteRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > CondForwardDeleteRfc.json
```
1. Modify and save the CondForwardDeleteRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeVersion": "1.0",
"ChangeTypeId": "ct-1icghmq38rnsn",
"Title": "Delete AD DNS Conditional Forwarder"
}
```
1. Create the RFC, specifying the CondForwardDeleteRfc file and the CondForwardDeleteParams file:
```
aws amscm create-rfc --cli-input-json file://CondForwardDeleteRfc.json --execution-parameters file://CondForwardDeleteParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
For information about Directory Service, see the [Directory Service Admin Guide](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-1icghmq38rnsn](schemas.md#ct-1icghmq38rnsn-schema-section).
## Example: Required Parameters
```
{
"DocumentName" : "AWSManagedServices-DeleteADDNSConditionalForwarder-Admin",
"Region" : "us-east-1",
"Parameters": {
"RemoteDomainName": ["test.test1.com"]
}
}
```
## Example: All Parameters
```
{
"DocumentName" : "AWSManagedServices-DeleteADDNSConditionalForwarder-Admin",
"Region" : "us-east-1",
"Parameters": {
"RemoteDomainName": ["test.test1.com"]
}
}
```
# DNS \$1 Remediate DNS Scavenging Issue
Remediates DNS scavenging issues for Windows failover clusters by updating permissions on CNO and VCO DNS records. Grants 'Read Permissions' to Everyone on CNO and VCO DNS records, 'Reset Password' permission to Everyone on the CNO computer object, and 'Full Control' permissions to the CNO computer object and specified cluster node computer objects on all CNO and VCO DNS records. This ensures that DNS records associated with the failover cluster are not inadvertently removed during DNS scavenging operations.
**Full classification:** Management \$1 Directory Service \$1 DNS \$1 Remediate DNS scavenging issue
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-3k67klld7cimj |
| Current version | 1.0 |
| Expected execution duration | 15 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Remediate DNS scavenging issue
#### Remediating DNS scavenging issue with the console
The following shows this change type in the AMS console.
![\[Screenshot of the Remediate DNS scavenging issue change type in the AMS console\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservDnsScavengingRemediateCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Remediating DNS scavenging issue with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline) and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-3k67klld7cimj" --change-type-version "1.0" --title "Remediate DNS scavenging issue" --execution-parameters "{\"DocumentName\":\"AWSManagedServices-UpdateClusterNodeRecordPermissions-Admin\",\"Parameters\":{\"ClusterCNOName\":[\"CLUSTER_CNO_NAME\"],\"ClusterNodeComputerNames\":[\"NODE_NAME_1\",\"NODE_NAME_2\"],\"ClusterVCONames\":[\"VCO_NAME_1\",\"VCO_NAME_2\"]},\"Region\":\"us-east-1\"}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type; this example names it RemediateDnsScavengingParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-3k67klld7cimj" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > RemediateDnsScavengingParams.json
```
1. Modify and save the execution parameters JSON file. For example, you can replace the contents with something like this:
```
{
"DocumentName": "AWSManagedServices-UpdateClusterNodeRecordPermissions-Admin",
"Region": "us-east-1",
"Parameters": {
"ClusterCNOName": ["CLUSTER_CNO_NAME"],
"ClusterNodeComputerNames": ["NODE_NAME_1", "NODE_NAME_2"],
"ClusterVCONames": ["VCO_NAME_1", "VCO_NAME_2"]
}
}
```
1. Output the RFC template JSON file; this example names it RemediateDnsScavengingRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > RemediateDnsScavengingRfc.json
```
1. Modify and save the RemediateDnsScavengingRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeVersion" : "1.0",
"ChangeTypeId" : "ct-3k67klld7cimj",
"Title" : "Remediate DNS scavenging issue"
}
```
1. Create the RFC, specifying the RemediateDnsScavengingRfc file and the RemediateDnsScavengingParams file:
```
aws amscm create-rfc --cli-input-json file://RemediateDnsScavengingRfc.json --execution-parameters file://RemediateDnsScavengingParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-3k67klld7cimj](schemas.md#ct-3k67klld7cimj-schema-section).
## Example: Required Parameters
```
{
"DocumentName": "AWSManagedServices-UpdateClusterNodeRecordPermissions-Admin",
"Region": "us-east-1",
"Parameters": {
"ClusterCNOName": ["ClusterCNO"],
"ClusterNodeComputerNames": ["Node1"],
"ClusterVCONames": ["ClusterVCO1"]
}
}
```
## Example: All Parameters
```
Example not available.
```
# DNS \$1 Remove Record
Remove the specified DNS resource record name, either an A or CNAME, or pointer record (PTR), from the specified DNS zone. By default, only the static record is removed per specified RecordName for A or CNAME records. Use the RecordData parameter to remove duplicates if there are multiple records with the same Host Name (RecordType A), either dynamic or static. For a PTR record type, all the static and dynamic records will be removed. For multi-account landing zone (MALZ), use this change type in the shared services account.
**Full classification:** Management \$1 Directory Service \$1 DNS \$1 Remove record
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-1icrtx8ydvdwe |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Remove record
#### Removing a DNS record with the console
The following shows this change type in the AMS console.
![\[Remove DNS Record interface with description of record removal process and options.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservRecordRemoveCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Removing a DNS record with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-1icrtx8ydvdwe" --change-type-version "1.0" --title "Remove DNS Record" --execution-parameters "{\"DocumentName\": \"AWSManagedServices-RemoveDNSRecord-Admin\",\"Region\": \"us-east-1\",\"Parameters\": {\"RecordName\": [\"web-server\"], \"RecordType\": [\"CNAME\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it RecordRemoveParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-1icrtx8ydvdwe" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > RecordRemoveParams.json
```
Modify and save the RecordRemoveParams file. For example, you can replace the contents with something like this:
```
{
"DocumentName": "AWSManagedServices-RemoveDNSRecord-Admin",
"Region": "us-east-1",
"Parameters": {
"RecordName": [
"web-server"
],
"RecordType": [
"CNAME"
]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it RecordRemoveRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > RecordRemoveRfc.json
```
1. Modify and save the RecordRemoveRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeId": "ct-1icrtx8ydvdwe",
"ChangeTypeVersion": "1.0",
"Title": "Remove DNS record"
}
```
1. Create the RFC, specifying the RecordRemoveRfc file and the RecordRemoveParams file:
```
aws amscm create-rfc --cli-input-json file://RecordRemoveRfc.json --execution-parameters file://RecordRemoveParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
For information about Directory Service, see the [Directory Service Admin Guide](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-1icrtx8ydvdwe](schemas.md#ct-1icrtx8ydvdwe-schema-section).
## Example: Required Parameters
```
{
"DocumentName": "AWSManagedServices-RemoveDNSRecord-Admin",
"Region": "us-east-1",
"Parameters": {
"RecordName": ["123.123.123.123"],
"RecordType": ["PTR"]
}
}
```
## Example: All Parameters
```
{
"DocumentName": "AWSManagedServices-RemoveDNSRecord-Admin",
"Region": "us-east-1",
"Parameters": {
"RecordName": ["web-server"],
"RecordType": ["CNAME"],
"RecordData": ["123.123.123.123"]
}
}
```
# DNS \$1 Update Cluster Permissions
Grants full control to the Cluster object on the Listener object to bring the SQL Server Listener object online. For multi-account landing zone (MALZ), use this change type in the shared services account.
**Full classification:** Management \$1 Directory Service \$1 DNS \$1 Update cluster permissions
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-03ytgoevfebjr |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Update cluster permissions
#### Updating cluster permissions with the console
The following shows this change type in the AMS console.
![\[Update Cluster Permissions interface showing description, ID, and version details.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservClusterPermsUpdateCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Updating cluster permissions with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-03ytgoevfebjr" --change-type-version "1.0" --title "Update Cluster Permissions" --execution-parameters "{\"DocumentName\": \"AWSManagedServices-UpdateClusterDNSPermission-Admin\",\"Region\": \"us-east-1\",\"Parameters\": {\"ClusterName\": [\"EC2-SAMPLE-AGL\"],\"ClusterNodeComputerName\":[\"EC2SAMPLE-O1A1MR9\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it ClusterPermissionsUpdateParams.json:
```
{
"DocumentName": "AWSManagedServices-UpdateClusterDNSPermission-Admin",
"Region": "us-east-1",
"Parameters": {
"ClusterName": ["EC2-SAMPLE-AGL"],
"ClusterNodeComputerName": ["EC2SAMPLE-O1A1MR9"]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it ClusterPermissionsUpdateRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > ClusterPermissionsUpdateRfc.json
```
1. Modify and save the ClusterPermissionsUpdateRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeId": "ct-03ytgoevfebjr",
"ChangeTypeVersion": "1.0",
"Title": "Update Cluster Permissions"
}
```
1. Create the RFC, specifying the ClusterPermissionsUpdateRfc file and the ClusterPermissionsUpdateParams file:
```
aws amscm create-rfc --cli-input-json file://ClusterPermissionsUpdateRfc.json --execution-parameters file://ClusterPermissionsUpdateParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
For additional information, see [DirectoryService section](https://docs.aws.amazon.com/parallelcluster/latest/ug/DirectoryService-v3.html).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-03ytgoevfebjr](schemas.md#ct-03ytgoevfebjr-schema-section).
## Example: Required Parameters
```
{
"DocumentName": "AWSManagedServices-UpdateClusterDNSPermission-Admin",
"Region": "us-east-1",
"Parameters": {
"ClusterName": ["EC2-O6G85G-AGL"],
"ClusterNodeComputerName": ["EC2AMAZ-O6G3MR9"]
}
}
```
## Example: All Parameters
```
{
"DocumentName": "AWSManagedServices-UpdateClusterDNSPermission-Admin",
"Region": "us-east-1",
"Parameters": {
"ClusterName": ["EC2-O6G85G-AGL"],
"ClusterNodeComputerName": ["EC2AMAZ-O6G3MR9"]
}
}
```
# DNS \$1 Update Conditional Forwarder
Update AD DNS conditional forwarder for a remote domain. For multi-account landing zone (MALZ), use this change type in the shared services account.
**Full classification:** Management \$1 Directory Service \$1 DNS \$1 Update conditional forwarder
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-2fqmbyud166z9 |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Update a DNS conditional forwarder
#### Updating DNS conditional forwarders with the console
The following shows this change type in the AMS console.
![\[Update AD DNS Conditional Forwarder change type details for a remote domain.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservCondForwardUpdateCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Updating DNS conditional forwarders with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-2fqmbyud166z9" --change-type-version "1.0" --title "AWSManagedServices-UpdateADDNSConditionalForwarder" --execution-parameters "{\"DocumentName\": \"AWSManagedServices-UpdateADDNSConditionalForwarder-Admin\",\"Region\": \"us-east-1\",\"Parameters\": {\"RemoteDomainName\": [\"test.forwarders.com\"], \"IpAddresses\": [\"10.0.0.3\", \"10.0.0.4"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it CondForwardUpdateParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-2fqmbyud166z9" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > CondForwardUpdateParams.json
```
Modify and save the CondForwardUpdateParams file. For example, you can replace the contents with something like this:
```
{
"DocumentName": "AWSManagedServices-UpdateADDNSConditionalForwarder-Admin",
"Region": "us-east-1",
"Parameters": {
"RemoteDomainName": [
"Domain_Name"
],
"IPAddresses": [
"132.133.134.135", "135.134.133.132"
]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it CondForwardUpdateRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > CondForwardUpdateRfc.json
```
1. Modify and save the CondForwardUpdateRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeId": "ct-2fqmbyud166z9",
"ChangeTypeVersion": "1.0",
"Title": "Update conditional forwarders"
}
```
1. Create the RFC, specifying the CondForwardUpdateRfc file and the CondForwardUpdateParams file:
```
aws amscm create-rfc --cli-input-json file://CondForwardUpdateRfc.json --execution-parameters file://CondForwardUpdateParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
For information about Directory Service, see the [Directory Service Admin Guide](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-2fqmbyud166z9](schemas.md#ct-2fqmbyud166z9-schema-section).
## Example: Required Parameters
```
{
"DocumentName" : "AWSManagedServices-UpdateADDNSConditionalForwarder-Admin",
"Region" : "us-east-1",
"Parameters": {
"RemoteDomainName": ["test.test1.com"],
"IPAddresses": ["10.0.0.1", "10.0.0.2"]
}
}
```
## Example: All Parameters
```
{
"DocumentName" : "AWSManagedServices-UpdateADDNSConditionalForwarder-Admin",
"Region" : "us-east-1",
"Parameters": {
"RemoteDomainName": ["test.test1.com"],
"IPAddresses": ["10.0.0.1", "10.0.0.2"]
}
}
```
# DNS \$1 Update Group Managed Service Account
Update an existing Active Directory (AD) Group Managed Service Account (gMSA). For multi-account landing zone (MALZ), use this change type in the shared services account.
**Full classification:** Management \$1 Directory Service \$1 DNS \$1 Update group managed service account
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-15gyrpzjx1yac |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Update group managed service account
#### Updating a group managed service account with the console
The following shows this change type in the AMS console.
![\[alt text not found\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirServUpdateGrpMngdServiceAccountCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Updating a group managed service account with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-15gyrpzjx1yac" --change-type-version "1.0" --title "Update Group Managed Service Account" --execution-parameters "{\"DocumentName\": \"AWSManagedServices-UpdateADGroupManagedServiceAccount-Admin\",\"Region\": \"us-east-1\",\"Parameters\": {\"AccountName\": [\"Test-Sample\"],\"DNSHostName\": [\"test.domain.com\"],\"ComputerName\": [\"TestComputer\"],\"PrincipalAllowedToRetrievePassword\": [\"Test-admin\"],\"ComputerName\":[\"Test-Computer\"],\"KerberosEncryptionType\": [\"RC4\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it GroupManServAcctUpdateParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-15gyrpzjx1yac" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > GroupManServAcctUpdateParams.json
```
Modify and save the GroupManServAcctUpdateParams file. For example, you can replace the contents with something like this:
```
{
"DocumentName": "AWSManagedServices-UpdateADGroupManagedServiceAccount-Admin",
"Region": "us-east-1",
"Parameters": {
"AccountName": [
"Test-Sample"
],
"DNSHostName": [
"test.domain.com"
],
"PrincipalAllowedToRetrievePassword": [
"Test-admin"
],
"ComputerName": [
"Test-Computer"
],
"KerberosEncryptionType": [
"RC4"
]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it GroupManServAcctUpdateRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > GroupManServAcctUpdateRfc.json
```
1. Modify and save the GroupManServAcctUpdateRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeVersion": "1.0",
"ChangeTypeId": "ct-15gyrpzjx1yac",
"Title": "Update Group Managed Service Account"
}
```
1. Create the RFC, specifying the GroupManServAcctUpdateRfc file and the GroupManServAcctUpdateParams file:
```
aws amscm create-rfc --cli-input-json file://GroupManServAcctUpdateRfc.json --execution-parameters file://GroupManServAcctUpdateParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-15gyrpzjx1yac](schemas.md#ct-15gyrpzjx1yac-schema-section).
## Example: Required Parameters
```
{
"DocumentName": "AWSManagedServices-UpdateADGroupManagedServiceAccount-Admin",
"Region": "us-east-1",
"Parameters": {
"AccountName": ["Sample-account"]
}
}
```
## Example: All Parameters
```
{
"DocumentName": "AWSManagedServices-UpdateADGroupManagedServiceAccount-Admin",
"Region": "us-east-1",
"Parameters": {
"AccountName": ["Sample-account"],
"PrincipalAllowedToRetrievePassword": ["Sample_Principal"],
"ComputerName": ["Sample-Computer"],
"DNSHostName": ["test.domain.com"],
"KerberosEncryptionType": ["RC4,AES128,AES256"]
}
}
```
# DNS \$1 Update Record Permission
Grant permissions to the computer object to update DNS records after failover. For multi-account landing zone (MALZ), use this change type in the shared services account.
**Full classification:** Management \$1 Directory Service \$1 DNS \$1 Update record permission
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-1eft8s6vdhz0w |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Update DNS record permission
#### Updating DNS record permissions with the console
The following shows this change type in the AMS console.
![\[Update DNS Record Permission interface showing description, ID, and version details.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservRecordPermUpdateCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Updating DNS record permissions with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-1eft8s6vdhz0w" --change-type-version "1.0" --title "Update DNS Record" --execution-parameters "{\"DocumentName\": \"AWSManagedServices-UpdateDNSRecordsPermission-Admin\",\"Region\": \"us-east-1\",\"Parameters\": {\"RecordNames\": [\"EC2CLUS-SAMPLE\",\"EC2SAmPL1-AWS\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it UpdateDNSRecordsPermissionParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-1eft8s6vdhz0w" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > UpdateDNSRecordsPermissionParams.json
```
Modify and save the UpdateDNSRecordsPermissionParams file. For example, you can replace the contents with something like this:
```
{
"DocumentName": "AWSManagedServices-UpdateDNSRecordsPermission-Admin",
"Region": "us-east-1",
"Parameters": {
"RecordNames": ["EC2CLUS-SAMPLE","EC2SAmPL1-AWS"]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it UpdateDNSRecordsPermissionRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > UpdateDNSRecordsPermissionRfc.json
```
1. Modify and save the UpdateDNSRecordsPermissionRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeVersion": "1.0",
"ChangeTypeId": "ct-1eft8s6vdhz0w",
"Title": "Update DNS record"
}
```
1. Create the RFC, specifying the UpdateDNSRecordsPermissionRfc file and the UpdateDNSRecordsPermissionParams file:
```
aws amscm create-rfc --cli-input-json file://UpdateDNSRecordsPermissionRfc.json --execution-parameters file://UpdateDNSRecordsPermissionParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-1eft8s6vdhz0w](schemas.md#ct-1eft8s6vdhz0w-schema-section).
## Example: Required Parameters
```
{
"DocumentName": "AWSManagedServices-UpdateDNSRecordsPermission-Admin",
"Region": "us-east-1",
"Parameters": {
"RecordNames": ["EC2CLUS-SAMPl1,EC2G90BI1-AWS"]
}
}
```
## Example: All Parameters
```
{
"DocumentName": "AWSManagedServices-UpdateDNSRecordsPermission-Admin",
"Region": "us-east-1",
"Parameters": {
"RecordNames": ["EC2CLUS-SAMPl1,EC2G90BI1-AWS"]
}
}
```
# Users and Groups \$1 Add Group
Create an Active Directory (AD) group in the AMS managed AD. For multi-account landing zone (MALZ), use this change type in the shared services account.
**Full classification:** Management \$1 Directory Service \$1 Users and groups \$1 Add group
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-3eutt7grkict4 |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Add Active Directory group
#### Adding an AD group with the console
The following shows this change type in the AMS console.
![\[Form to add an Active Directory group in AMS managed AD, showing description and ID fields.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservAddGroupCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Adding an AD group with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-3eutt7grkict4" --change-type-version "1.0" --title "Create AD group" --execution-parameters "{\"DocumentName\":\"AWSManagedServices-CreateADGroup-Admin\",\"Region\":\"us-east-1\",\"Parameters\":{\"GroupName\":[\"my-group\"],\"GroupDescription\":[\"Group description\"],\"GroupScope\":[\"DomainLocal\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it AdGroupAddParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-3eutt7grkict4" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > AdGroupAddParams.json
```
Modify and save the AdGroupAddParams file. For example, you can replace the contents with something like this:
```
{
"DocumentName" : "AWSManagedServices-CreateADGroup-Admin",
"Region" : "us-east-1",
"Parameters" : {
"GroupName" : ["my-group"],
"GroupDescription" : ["Group description"],
"GroupScope" : ["DomainLocal"]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it AdGroupAddRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > AdGroupAddRfc.json
```
1. Modify and save the AdGroupAddRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeVersion": "1.0",
"ChangeTypeId": "ct-3eutt7grkict4",
"Title": "Create AD group"
}
```
1. Create the RFC, specifying the AdGroupAddRfc file and the AdGroupAddParams file:
```
aws amscm create-rfc --cli-input-json file://AdGroupAddRfc.json --execution-parameters file://AdGroupAddParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
For information about Directory Service, see the [Directory Service Admin Guide](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-3eutt7grkict4](schemas.md#ct-3eutt7grkict4-schema-section).
## Example: Required Parameters
```
{
"DocumentName" : "AWSManagedServices-CreateADGroup-Admin",
"Region" : "us-east-1",
"Parameters" : {
"GroupName" : ["my-group"],
"GroupDescription" : ["Group description"]
}
}
```
## Example: All Parameters
```
{
"DocumentName" : "AWSManagedServices-CreateADGroup-Admin",
"Region" : "us-east-1",
"Parameters" : {
"GroupName" : ["my-group"],
"GroupDescription" : ["Group description"],
"GroupScope" : ["DomainLocal"]
}
}
```
# Users and Groups \$1 Add Group To Group
Add an Active Directory (AD) group in the trusted domain to an AD group in the AMS managed AD. For multi-account landing zone (MALZ), use this change type in the shared services account.
**Full classification:** Management \$1 Directory Service \$1 Users and groups \$1 Add group to group
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-1i20abktsm05v |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Add an AD group to an AD group
#### Adding an AD group to an AMS-managed AD group with the console
The following shows this change type in the AMS console.
![\[Form showing details for adding an AD group to another AD group in AMS managed AD.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservAddGroupToGroupCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Adding an AD group to an AMS-managed AD group with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-1i20abktsm05v" --change-type-version "1.0" --title "Add AD group to AD group" --execution-parameters "{\"DocumentName\":\"AWSManagedServices-AddADGroupToADGroup-Admin\",\"Region\":\"us-east-1\",\"Parameters\":{\"NestedGroupName\":[\"my-nested-group\"],\"GroupName\":[\"my-parent-group\"],\"TrustedDomainFQDN\":[\"my-domain.com\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it GroupToGroupAddParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-1i20abktsm05v" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > GroupToGroupAddParams.json
```
Modify and save the GroupToGroupAddParams file. For example, you can replace the contents with something like this:
```
{
"DocumentName" : "AWSManagedServices-AddADGroupToADGroup-Admin",
"Region" : "us-east-1",
"Parameters" : {
"NestedGroupName" : ["my-nested-group"],
"GroupName" : ["my-parent-group"],
"TrustedDomainFQDN" : ["my-domain.com"]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it GroupToGroupAddRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > GroupToGroupAddRfc.json
```
1. Modify and save the GroupToGroupAddRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeId": "ct-1i20abktsm05v",
"ChangeTypeVersion": "1.0",
"Title": "Add AD group to AD group"
}
```
1. Create the RFC, specifying the GroupToGroupAddRfc file and the GroupToGroupAddParams file:
```
aws amscm create-rfc --cli-input-json file://GroupToGroupAddRfc.json --execution-parameters file://GroupToGroupAddParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
For information about Directory Service, see the [Directory Service Admin Guide](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-1i20abktsm05v](schemas.md#ct-1i20abktsm05v-schema-section).
## Example: Required Parameters
```
{
"DocumentName" : "AWSManagedServices-AddADGroupToADGroup-Admin",
"Region" : "us-east-1",
"Parameters" : {
"NestedGroupName" : ["nested-group"],
"GroupName" : ["parent-group"],
"TrustedDomainFQDN" : ["my-test-domain.com"]
}
}
```
## Example: All Parameters
```
{
"DocumentName" : "AWSManagedServices-AddADGroupToADGroup-Admin",
"Region" : "us-east-1",
"Parameters" : {
"NestedGroupName" : ["nested-group"],
"GroupName" : ["parent-group"],
"TrustedDomainFQDN" : ["my-test-domain.com"]
}
}
```
# Users and Groups \$1 Add User To Group
Add an Active Directory (AD) user to an AD group in the AMS managed AD. For multi-account landing zone (MALZ), use this change type in the shared services account.
**Full classification:** Management \$1 Directory Service \$1 Users and groups \$1 Add user to group
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-24pi85mjtza8k |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Add an AD user to an AD group
#### Adding an AD user to an AMS-managed AD group with the console
The following shows this change type in the AMS console.
![\[Add AD User To AD Group interface showing description, ID, and version details.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservAddUserToGroupCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Adding an AD user to an AMS-managed AD group with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-24pi85mjtza8k" --change-type-version "1.0" --title "Add AD user to AD group" --execution-parameters "{\"DocumentName\":\"AWSManagedServices-AddADUserToGroup-Admin\",\"Region\":\"us-east-1\",\"Parameters\":{\"UserName\":[\"my-user\"],\"GroupName\":[\"my-group\"],\"DomainFQDN\":[\"my-domain.com\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it UserToGroupAddParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-24pi85mjtza8k" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > UserToGroupAddParams.json
```
Modify and save the UserToGroupAddParams file. For example, you can replace the contents with something like this:
```
{
"DocumentName" : "AWSManagedServices-AddADUserToGroup-Admin",
"Region" : "us-east-1",
"Parameters" : {
"UserName" : ["my-user"],
"GroupName" : ["my-group"],
"DomainFQDN" : ["my-domain.com"]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it UserToGroupAddRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > UserToGroupAddRfc.json
```
1. Modify and save the UserToGroupAddRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeId": "ct-24pi85mjtza8k",
"ChangeTypeVersion": "1.0",
"Title": "Add AD user to AD group"
}
```
1. Create the RFC, specifying the UserToGroupAddRfc file and the UserToGroupAddParams file:
```
aws amscm create-rfc --cli-input-json file://UserToGroupAddRfc.json --execution-parameters file://UserToGroupAddParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
For information about Directory Service, see the [Directory Service Admin Guide](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-24pi85mjtza8k](schemas.md#ct-24pi85mjtza8k-schema-section).
## Example: Required Parameters
```
{
"DocumentName" : "AWSManagedServices-AddADUserToGroup-Admin",
"Region" : "us-east-1",
"Parameters" : {
"UserName" : ["my-user"],
"GroupName" : ["parent-group"],
"DomainFQDN" : ["my-test-domain.com"]
}
}
```
## Example: All Parameters
```
{
"DocumentName" : "AWSManagedServices-AddADUserToGroup-Admin",
"Region" : "us-east-1",
"Parameters" : {
"UserName" : ["my-user"],
"GroupName" : ["parent-group"],
"DomainFQDN" : ["my-test-domain.com"]
}
}
```
# Users and Groups \$1 Remove User from Group
Remove an Active Directory (AD) user from an AD group in the AMS managed AD. For multi-account landing zone (MALZ), use this change type in the shared services account.
**Full classification:** Management \$1 Directory Service \$1 Users and groups \$1 Remove user from group
## Change Type Details
****
| | |
| --- |--- |
| Change type ID | ct-2019s9y3nfml4 |
| Current version | 1.0 |
| Expected execution duration | 60 minutes |
| AWS approval | Required |
| Customer approval | Not required |
| Execution mode | Automated |
## Additional Information
### Remove an AD user from an AD group
#### Removing an AD user from an AMS-managed AD group with the console
The following shows this change type in the AMS console.
![\[Remove AD User From AD Group change type with description and version details.\]](http://docs.aws.amazon.com/managedservices/latest/ctref/images/guiDirservRemoveUserFromGroupCT.png)
How it works:
1. Navigate to the **Create RFC** page: In the left navigation pane of the AMS console click **RFCs** to open the RFCs list page, and then click **Create RFC**.
1. Choose a popular change type (CT) in the default **Browse change types** view, or select a CT in the **Choose by category** view.
+ **Browse by change type**: You can click on a popular CT in the **Quick create** area to immediately open the **Run RFC** page. Note that you cannot choose an older CT version with quick create.
To sort CTs, use the **All change types** area in either the **Card** or **Table** view. In either view, select a CT and then click **Create RFC** to open the **Run RFC** page. If applicable, a **Create with older version** option appears next to the **Create RFC** button.
+ **Choose by category**: Select a category, subcategory, item, and operation and the CT details box opens with an option to **Create with older version** if applicable. Click **Create RFC** to open the **Run RFC** page.
1. On the **Run RFC** page, open the CT name area to see the CT details box. A **Subject** is required (this is filled in for you if you choose your CT in the **Browse change types** view). Open the **Additional configuration** area to add information about the RFC.
In the **Execution configuration** area, use available drop-down lists or enter values for the required parameters. To configure optional execution parameters, open the **Additional configuration** area.
1. When finished, click **Run**. If there are no errors, the **RFC successfully created** page displays with the submitted RFC details, and the initial **Run output**.
1. Open the **Run parameters** area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.
#### Removing an AD user from an AMS-managed AD group with the CLI
How it works:
1. Use either the Inline Create (you issue a `create-rfc` command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the `create-rfc` command with the two files as input. Both methods are described here.
1. Submit the RFC: `aws amscm submit-rfc --rfc-id ID` command with the returned RFC ID.
Monitor the RFC: `aws amscm get-rfc --rfc-id ID` command.
To check the change type version, use this command:
```
aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID
```
**Note**
You can use any `CreateRfc` parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, `--notification "{\"Email\": {\"EmailRecipients\" : [\"email@example.com\"]}}"` to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the [AMS Change Management API Reference](https://docs.aws.amazon.com/managedservices/latest/ApiReference-cm/API_CreateRfc.html).
*INLINE CREATE*:
Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:
```
aws amscm create-rfc --change-type-id "ct-2019s9y3nfml4" --change-type-version "1.0" --title "Remove AD user from AD group" --execution-parameters "{\"DocumentName\":\"AWSManagedServices-RemoveADUserFromGroup-Admin\",\"Region\":\"us-east-1\",\"Parameters\":{\"UserName\":[\"my-user\"],\"GroupName\":[\"my-group\"],\"DomainFQDN\":[\"my-domain.com\"]}}"
```
*TEMPLATE CREATE*:
1. Output the execution parameters JSON schema for this change type to a file; this example names it UserFromGroupRemoveParams.json:
```
aws amscm get-change-type-version --change-type-id "ct-2019s9y3nfml4" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > UserFromGroupRemoveParams.json
```
Modify and save the UserFromGroupRemoveParams file. For example, you can replace the contents with something like this:
```
{
"DocumentName" : "AWSManagedServices-RemoveADUserFromGroup-Admin",
"Region" : "us-east-1",
"Parameters" : {
"UserName" : ["my-user"],
"GroupName" : ["my-group"],
"DomainFQDN" : ["my-domain.com"]
}
}
```
1. Output the RFC template to a file in your current folder; this example names it UserFromGroupRemoveRfc.json:
```
aws amscm create-rfc --generate-cli-skeleton > UserFromGroupRemoveRfc.json
```
1. Modify and save the UserFromGroupRemoveRfc.json file. For example, you can replace the contents with something like this:
```
{
"ChangeTypeId": "ct-2019s9y3nfml4",
"ChangeTypeVersion": "1.0",
"Title": "Remove AD user from AD group"
}
```
1. Create the RFC, specifying the UserFromGroupRemoveRfc file and the UserFromGroupRemoveParams file:
```
aws amscm create-rfc --cli-input-json file://UserFromGroupRemoveRfc.json --execution-parameters file://UserFromGroupRemoveParams.json
```
You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.
#### Tips
For information about Directory Service, see the [Directory Service Admin Guide](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html).
## Execution Input Parameters
For detailed information about the execution input parameters, see [Schema for Change Type ct-2019s9y3nfml4](schemas.md#ct-2019s9y3nfml4-schema-section).
## Example: Required Parameters
```
{
"DocumentName" : "AWSManagedServices-RemoveADUserFromGroup-Admin",
"Region" : "us-east-1",
"Parameters" : {
"UserName" : ["my-user"],
"GroupName" : ["my-group"],
"DomainFQDN" : ["my-domain.com"]
}
}
```
## Example: All Parameters
```
{
"DocumentName" : "AWSManagedServices-RemoveADUserFromGroup-Admin",
"Region" : "us-east-1",
"Parameters" : {
"UserName" : ["my-user"],
"GroupName" : ["my-group"],
"DomainFQDN" : ["my-domain.com"]
}
}
```