My Saved Presets
You must be logged in to view saved presets
Security Controls
Service Control PoliciesConfig RulesCloudWatch Alarms and Event RulesCloudFormation Guard RulesLogging & Monitoring ConfigurationsBackups & DRAuto Remediation RulesConformance PacksBilling and Cost ManagementS3 Bucket PoliciesSecurity Groups & NACLsIAM PoliciesVPC Endpoint Policies
AWS Services
VPC Security ControlsEC2 Security ControlsIAM Security ControlsS3 Security ControlsRDS Security ControlsOpenSearch/Elasticsearch Security ControlsEFS Security ControlsRoute53 Security ControlsAmazon DynamoDB & DAXECR Security ControlsEMR SecurityLambda SecurityCloudFormation SecurityCodeX Security ControlsCloudFront SecurityAWS Certificate Manager (ACM) SecurityAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieAWS WAF & ShieldAWS Secrets ManagerAWS Systems ManagerAWS KMSAWS SSOLoad Balancers & Auto ScalingRDS Event SubscriptionsAWS Resource Access Manager (RAM)Amazon ECSAmazon EKSAmazon API GatewayAWS AppConfigAmazon AppFlowAWS App MeshAWS App RunnerAWS AppSyncApplication Auto ScalingAmazon AthenaAWS BatchAWS Billing ConductorAWS Clean RoomsAWS SNSAWS SQSAWS Service DiscoveryAWS Step FunctionsAWS CloudTrailAWS ConfigAmazon EventBridgeAWS CloudWatchAWS CognitoAmazon ConnectAWS GlueAWS Data Pipeline & Data SyncAmazon DetectiveAWS DevOps GuruAmazon DocumentDBAmazon ElastiCacheAWS Elastic BeanstalkAmazon FSxAmazon MQAmazon PrometheusAmazon CassandraAmazon FinSpaceAWS Fault Injection SimulatorAmazon GameLiftAWS Global AcceleratorAmazon GrafanaAWS IoT GreenGrassAWS IoT ServicesAWS Ground StationAmazon IVS (Interactive Live Streams)Amazon KinesisAWS LakeFormationAmazon LookoutAmazon Managed BlockchainAWS Media ServicesAWS Managed Apache AirflowAWS OpsWorksAWS OrganizationsAmazon PersonalizeAmazon QLDBAmazon RedshiftAmazon RekognitionAWS Resource ExplorerAWS Resource GroupsAmazon Lex & AlexaAWS RoboMakerAmazon SageMakerAWS Service CatalogAmazon SESAWS SimSpace WeaverAWS Support AppAWS TransferAWS X-RayAWS AmplifyAWS AppstreamAWS Audit ManagerAmazon BedrockAWS Cloud9AWS CloudHSMAmazon NeptuneAmazon Quicksight
Reference Guides
AWS Account Setup GuideEC2 Security StrategyS3 Security StrategyLogging & Monitoring Strategy Guide
Configuration Packages
Guided Walkthroughs

Setup Multi-Region AWS Managed Microsoft AD

This template sets up a multi-region AWS Managed Microsoft AD with primary and secondary configurations including VPCs and subnets.

example

aws_directory_service_directory



vpc_settings


connect_settings


customer_dns_ips

subnet_ids





depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



example

aws_directory_service_region



vpc_settings


depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



example

aws_subnet








depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



example-secondary

aws_subnet








depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



example

aws_vpc






depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



example-secondary

aws_vpc






depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



available

aws_availability_zones
filter


values

exclude_names

exclude_zone_ids

depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



available-secondary

aws_availability_zones
filter


values

exclude_names

exclude_zone_ids

depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



example

aws_region



depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



Terraform Template

data "aws_availability_zones" "available" {

  filter {
    name = "opt-in-status"
    values = ["opt-in-not-required"]
  }
  state = "available"
}

data "aws_availability_zones" "available-secondary" {

  filter {
    name = "opt-in-status"
    values = ["opt-in-not-required"]
  }
  provider = "aws.secondary"
  state = "available"
}

data "aws_region" "example" {
  provider = "aws.secondary"
}

resource "aws_directory_service_directory" "example" {
  name = "example.com"
  password = "SuperSecretPassw0rd"
  type = "MicrosoftAD"

  vpc_settings {
    subnet_ids = aws_subnet.example[*].id
    vpc_id = aws_vpc.example.id
  }
}

resource "aws_directory_service_region" "example" {
  directory_id = aws_directory_service_directory.example.id
  region_name = data.aws_region.example.name

  tags = {
    Name = "Secondary"
  }

  vpc_settings {
    subnet_ids = aws_subnet.example-secondary[*].id
    vpc_id = aws_vpc.example-secondary.id
  }
}

resource "aws_subnet" "example" {
  availability_zone = "data.aws_availability_zones.available.names[count.index]"
  cidr_block = cidrsubnet(aws_vpc.example.cidr_block, 8, count.index)
  count = 2

  tags = {
    Name = "Primary"
  }
  vpc_id = aws_vpc.example.id
}

resource "aws_subnet" "example-secondary" {
  availability_zone = "data.aws_availability_zones.available-secondary.names[count.index]"
  cidr_block = cidrsubnet(aws_vpc.example-secondary.cidr_block, 8, count.index)
  count = 2
  provider = "aws.secondary"

  tags = {
    Name = "Secondary"
  }
  vpc_id = aws_vpc.example-secondary.id
}

resource "aws_vpc" "example" {
  cidr_block = "10.0.0.0/16"

  tags = {
    Name = "Primary"
  }
}

resource "aws_vpc" "example-secondary" {
  cidr_block = "10.1.0.0/16"
  provider = "aws.secondary"

  tags = {
    Name = "Secondary"
  }
}

© 2024 asecurecloud. All rights reserved.