A security group that allows domain controller services on Microsoft Active Directory servers.
The template creates the security group into an existing VPC, and requires the following details:
See Related Items section for configuration templates to create a new VPC.
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
SecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: >-
A security group that allows domain controller services on Microsoft
Active Directory servers.
VpcId: ''
SecurityGroupEgress:
- FromPort: -1
ToPort: -1
IpProtocol: '-1'
Description: ''
CidrIp: 0.0.0.0/0
SecurityGroupIngress:
- FromPort: 9389
ToPort: 9389
IpProtocol: tcp
Description: >-
Active Directory Web Services (ADWS) / Active Directory Management
Gateway Service
CidrIp: ''
- FromPort: 3269
ToPort: 3269
IpProtocol: tcp
Description: Global Catalog
CidrIp: ''
- FromPort: 3268
ToPort: 3268
IpProtocol: tcp
Description: Global Catalog
CidrIp: ''
- FromPort: -1
ToPort: -1
IpProtocol: icmp
Description: ICMP
CidrIp: ''
- FromPort: 389
ToPort: 389
IpProtocol: tcp
Description: LDAP Server
CidrIp: ''
- FromPort: 389
ToPort: 389
IpProtocol: udp
Description: LDAP Server
CidrIp: ''
- FromPort: 636
ToPort: 636
IpProtocol: tcp
Description: LDAP Server (SSL)
CidrIp: ''
- FromPort: 445
ToPort: 445
IpProtocol: tcp
Description: SMB
CidrIp: ''
- FromPort: 135
ToPort: 135
IpProtocol: tcp
Description: RPC
CidrIp: ''
- FromPort: 1024
ToPort: 5000
IpProtocol: tcp
Description: RPC randomly allocated tcp high ports
CidrIp: ''
- FromPort: 49152
ToPort: 65535
IpProtocol: tcp
Description: RPC randomly allocated tcp high ports
CidrIp: ''
- FromPort: 500
ToPort: 500
IpProtocol: udp
Description: IPSec ISAKMP
CidrIp: ''
- FromPort: 4500
ToPort: 4500
IpProtocol: udp
Description: NAT-T
CidrIp: ''
GroupName: allow-ms-ad-traffic
Parameters: {}
Metadata: {}
Conditions: {}
Configuration Source: Native Feature
Additional Documentation: