For all new AD DS installations, Quick Start deploys AD DS and AD-integrated DNS, and it sets up Active Directory sites and subnets.
The Quick Start supports three scenarios:
- Scenario 1: Deploy a new AWS Cloud-based AD DS environment that you manage yourself
- Scenario 2: Extend your existing on-premises AD DS to AWS
- Scenario 3: Deploy Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD)
For each scenario, you have the option to create a new virtual private cloud (VPC) or use your existing VPC infrastructure.
Scenario 1: Deploy a new AWS Cloud-based AD DS Environment:
In this scenario, Quick Start sets up the following:
- A VPC configured with public and private subnets in two Availability Zones for high availability. *
- In the public subnets:
- Managed network address translation (NAT) gateways to allow outbound internet access for resources in the private subnets. *
- Remote Desktop Gateway (RD Gateway) instances in an Auto Scaling group to help secure remote access to instances in private subnets. *
- In the private subnets:
- A Windows Server Forest and domain functional level, including security groups and rules for traffic between instances.
- AWS Systems Manager Automation documents to set up and configure AD DS and AD-integrated DNS.
- AWS Secrets Manager to store passwords.
Scenario 2: Extend your on-premises AD:
In this scenario-except for the virtual private network (VPN) gateway, VPN connection, and customer gateway, which you create manually-the Quick Start sets up the following:
- A VPC configured with public and private subnets in two Availability Zones for high availability. *
- In the public subnets:
- Managed NAT gateways to allow outbound internet access for resources in the private subnets. *
- RD Gateway instances in an Auto Scaling group to help secure remote access to instances in private subnets. *
- In the private subnets:
- Windows Server Forest and domain functional level, including security groups and rules for traffic between instances.
- AWS Systems Manager Automation documents to set up and configure AD DS and AD-integrated DNS.
- AWS Secrets Manager to store passwords.
Scenario 3: Deploy AWS Managed Microsoft AD:
In this scenario, the Quick Start sets up the following:
- A VPC configured with public and private subnets in two Availability Zones for high availability. *
-
In the public subnets:
- Managed NAT gateways to allow outbound internet access for resources in the private subnets. *
- RD Gateway instances in an Auto Scaling group to help secure remote access to instances in private subnets. *
-
In the private subnets:
- (Optional) A Windows EC2 instance to act as a management instance, including security groups and rules for traffic between instances.
- AWS Systems Manager Automation documents to set up and configure AD DS and AD-integrated DNS.
- AWS Secrets Manager to store passwords.
- AWS Directory Service to provide and manage AD DS in the private subnets.
