Deploy and Automate AD DS with AWS


In this lab we will be taking a basic AWS architecture similar to our requirement and we use that architecture to build our template.

Cloud Formation

AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.

We can use AWS CloudFormation’s sample templates or create our own templates to describe the AWS resources, and any associated dependencies or runtime parameters, required to run your application. we don’t need to figure out the order for provisioning AWS services or the subtleties of making those dependencies work. CloudFormation takes care of this for the user. After the AWS resources are deployed, we can modify and update them in a controlled and predictable way, in effect applying version control to your AWS infrastructure the same way you do with your software. You can also visualize your templates as diagrams and edit them using a drag-and-drop interface with the AWS CloudFormation Designer.

We can deploy and update a template and its associated collection of resources (called a stack) by using the AWS Management Console, AWS Command Line Interface, or APIs. CloudFormation is available at no additional charge, and we pay only for the AWS resources needed to run your instances

*The purpose of the Lab

The Clear picture doing this lab is to get an idea how cloud former works, how can we use a similar architecture that matches our requirement deploy it and create our own template with the help of that by giving the correct inbound rules and regions and the other configuration by matching up with the  template we created earlier by changing and optimizing the code. if the template is created successfully, you can deploy it in any other region without designing a new template.

In this Lab you will learn:

  • How to Manually deploy a Microsoft Active Directory system using the AWS Directory Service
  • How to Apply Cloud Formation Designer on this infrastructure to create a cloud formation template.
  • How to Develop and generally customising the template for easy/instant creation of the previously manually created system. Customising includes relevant naming

To begin with the lab 1st we have to go and deploy the Microsoft Active Directory System using the AWS architecture and use this link to QuickStart>

1st Part: Manually deploying a Microsoft Active Directory system using the AWS Directory Service.

The below image shows when you click on the link you will get a page like this, When you click on Launch Quick Start it will direct you to the AWS Console. Log in to your Console and it will take to you to cloud formation to deploy the template.

Screenshot (261)

When you log in to your console it will take you to create stack page where you can deploy your ADDS template, Here you click next.

Screenshot (56)

In the specify details give your stack a name, in the parameters you can select the availability zones and if you need you can change the private subnet cidr and public subnet cidr to a IP range you like.

Screenshot (57)

Make sure in the Amazon EC2 configuration for the Key Pair Name you give a key pair which is you already you saved so it would be easier rather than creating a new one.

Screenshot (58)

You can choose the remote desktop gateway instance type as t2.large, provide the domain admin password ( a simple password you can remember), and rest keep the default settings and click next.

Screenshot (59)

In options provide a tag so it will be easier for you to identify.

Screenshot (60)

In the review, you can review all the configurations you have given, if all the configuration are correct click on Create.

Screenshot (61)Screenshot (62)Screenshot (63)

Creating the Stack will take nearly 45 mints to get created.

Screenshot (64)

Sometimes you will get an error called unable to list data internal failure, it appears when your network connection get disconnected or it get limited. But not worry it doesn’t affect the stack creation.

Screenshot (65)

When the stacks are created it will say CREATE_COMPLETE.

Screenshot (66)

Image below shows the designed ADDS template from the AWS.

Screenshot (262)

When stacks creation is completed, go to services and select EC2 and select instances, in the instance you will find an Instance called RDGW select that instance and click on connect to remote desktop in to it. Provide the key pair you have given while creating the stack. When you are on the remote desktop of the RDGW you can now try installing Active directory Domain Services to check if the instance is working properly. In order to install active directory go to server manager, click on manage > role base or feature based installation click on next.

Screenshot (80)

From server roles select the Active Directory Domain Services and click on Next.

Screenshot (81)

Click Next.

Screenshot (82)

tick checkbox for Restart the destination server automatically if required and click on next.

Screenshot (83)

Wait till it get installed, this might take 2-4 mintues.

Screenshot (84)

Click on the flag next to next to manage and click on promote as a domain. Select Add new forest.

Screenshot (85)

Give a domain name and click on next.

Screenshot (86)

Provide a password you like and click next.

Screenshot (87)

Click on Next.

Screenshot (88)

Click on Install. when the installation is completed it will restart the server again.

Screenshot (89)

Now you can create a user under your domain, to create a user click on tool select Active Directory Users and Computers. Give domain controller permissions to check if the created user can log in to the server using the credentials.

Screenshot (90)Screenshot (91)

Up to here you have completed the part1 of the lab.

Now lets go to part 2, in part 2 you have to design your own template using cloud former with the help of template we designed earlier. 1st we have to create the cloud former in order to do that we have to create a new stack therefore click on Create Stack, in the create stack page when you are going to choose the template select Cloud Formation and click Next.

2nd Part : Applying Cloud Formation Designer on this infrastructure to create a cloud formation template.

Screenshot (253)

Here give a name to your stack and provide a password and a username. Click next.

Screenshot (254)

Give a tag if you need because it will help you to identify the stack separately from the rest.

Screenshot (255)

Review the configuration you have given and click on create.

Screenshot (256)

creating the stack will take up to 10minutes. When the stack is created click on the output tab you can find the link for your cloud former click on the link and it will open up in a new tab.

Screenshot (151)

Image below shows the Cloud Former page to design a template. When you click on the link it will ask you to provide the credentials you have given when you were creating the stack. Select the region you want to design your template and click on create template.

Screenshot (152)

Give a template description so it can be identified easier.

Screenshot (208)

Here you can see the hosted zones and route 53 records of the dinostore labs because it is also in the same region. you do not have to select these, therefore click on continue.

Screenshot (209)

In the VPC you need to select the VPC of the ADDS you created earlier since we are going to create a similar design.

Screenshot (210)

In the VPC network technologies it will automatically select the subnets and internet gateways because we selected the VPC of the ADDS.

Screenshot (211)

keep the default selected according to the VPC of the ADDS. and click on Continue.

Screenshot (212)

Select the elatic IP which is associated with the RDGW instance.

Screenshot (213)

select the ADDS auto scaling group and click on continue.

Screenshot (214)

Keep the default configuration and click on continue. when you have selected the auto scaling group you do not have to select the launch configuration it will get automatically selected.

Screenshot (215)

No need to choose an instance click on continue.

Screenshot (216)

Keep the default and click on continue.

Screenshot (217)

No need to configure the storage because we still doesn’t have created a environment.

Screenshot (218)

No need to select any of the application services because it doesn’t required for our environment.

Screenshot (219)

For the security groups select the 2 ADDS security groups and the controller security group.

Screenshot (220)

here you go with the default configuration and click on continue.

Screenshot (221)

In the summary you need to modify the names so it can be easy to identify. and click on continue.

Screenshot (222)

When you have finished modifying click on continue and save the template. do not launch it.

Screenshot (223)

Go to the cloud formation and click on create stack and provide the file you saved earlier in your local storage or in the S3 storage. In the Image below it shows the template i created.

Screenshot (257)


Screenshot (258)Screenshot (259)

When the template is created, validate it first and click on Create stack , when you click on create stack if the template is wrong it will give you an ROLLBACK.  The creation will be cancelled due to, Amazon wont allow any duplication of resources while its deploying template if we try to run the same template in the same region the stack will show an error ‘Maximum number of VPCs has been reached’.

The JASON script contains several lines holding the information of availability zone. I deployed the template with the details of that availability region  in an other region. This will mismatch the script with the environment and it can’t launch its resources.

The other reason is the cloud former beta version 0.41 will not give the perfect jason query because it is an testing version.

Screenshot (286)


3rd Part: Developing and generally customising the template for easy/instant creation of the previously manually created system. Customising includes relevant naming, 


In the comparison stage we have to compare the code with the ADDS template we deployed in the beginning to compare with the environment we created. To open these templates you can use Notepad++, Visual studio. The screenshots below shows the template which i used to complete the project.

The file name is ‘ShanithUpdated’ is my basic AWS JSON script with 1511 lines. When the script is opened in the design view and when you click on create stack it will be created with all the required resources. The template i designed have 1118 lines because the requirements are not exact. i have created 1 VPC, 4 Route Tables, 3 Security Groups, 1 Internet Gateway, 3acls.

In this section, i will compare some selected sections of codes with the template i deployed in the new region.

I compared the following codes below ill show the comparison between the codes.

If we compare VPC code by using the ShanithUpdated and  new template. The both have the exact code but the name of the VPC name is different. But if you try to deploy it in the same region it will give you errors because it will exceed the VPCs.

Screenshot (295)Screenshot (296)

Now lets compare the subnet codes in each region has to be changed from the new region you are deploying the template. In new code we copied we have to change the availability zone from  “AvailabilityZone”: “us-west-2a” to  “AvailabilityZone”: “us-east-1a”. Do not forget to change the AZ because when you update the stack you will get an error. You can see the changes in the images below (Do the same changes to the rest of the remaining Subnet Codes. The subnet names will be different in ShanithUpdated the subnet name is “subnet16bf8671” and the name in the new template is “ShanithSubnet1”.

Screenshot (297)Screenshot (298)


Now we will compare the Launch configuration Code

1st we will compare the codes in the ShanithUpdate for Launch Configuration,

“lcADDSScenario3RDGWStackLO7WZ1GKR6URRDGWLaunchConfigurationC1GYYMQDUISW”: {
“Type”: “AWS::AutoScaling::LaunchConfiguration”,
“Properties”: {
“ImageId”: “ami-3189ec51”, 
“InstanceType”: “t2.large”,
“KeyName”: “Webserver123“,
“IamInstanceProfile”: “AD-DS-Scenario-3-RDGWStack-LO7WZ1GKR6UR-RDGWHostProfile-I871I3MU93H9”,
“InstanceMonitoring”: “true”,
“SecurityGroups”: [
“Ref”: “sgADDSScenario3ADStackVM0YYRQNJRMFDomainMemberSG37EU9Q9H05T1″
“Ref”: “sgADDSScenario3RDGWStackLO7WZ1GKR6URRemoteDesktopGatewaySG1IFOJTXDNN5BK”
“BlockDeviceMappings”: [
“DeviceName”: “/dev/sda1”,
“Ebs”: {
“VolumeSize”: 50

As for the above code you have to make some changes in the code which you have pasted in the other region and i have highlighted the places in red where it need to be changed. For AMI you have to select an instance image id from the new region you are deploying the stack the new stack image id would  “ami-271b6d31” and you have to create a key pair in the same region in order to access your instance, the KeyName will be “Shanith”  and the security groups names will be changed according the name you have given when you were creating the new template by using the cloud Former.

Screenshot (301)Screenshot (302)

We will compare the code for AutoScaling

The image below shows the comparison between the autoscaling group in the code you pasted in the new region you have make the necessary changes the Availability Zone should be changed from “us-west-2a”,”us-west-2b” to “us-east-1a”,”us-east-1b”.

The code below is from the NewTemplate the code  shows the difference the code is exact same you need to change the availability zone and the MaxSize and the MinSize from 0 to 1 in the new code.

“Cooldown”: “300”,
“DesiredCapacity”: “1”,
“HealthCheckGracePeriod”: “0”,
“HealthCheckType”: “EC2”,
“MaxSize”: “1”, “0” the highlighted parts are from the code shanithupdated
“MinSize”: “1”,“0”
“VPCZoneIdentifier”: [

Screenshot (303)Screenshot (304)


Now lets Compare the ACL. ACL is an Optional layer of Security for our VPC that acts as a firewall for controlling traffic in and out of one or more subnets. Acl section will be in two categories which describes the inbound rules and the outbound rules. It contains the details on cidrblock, egress status, rule actions and protocol.

Screenshot (305)

Below shows the network acl for my template. The script is same as the basic one and it takes the values which we chose. I got two sections for acl: one for inbound and other for outbound.

Screenshot (306)

3rd (II)  Part: The Developing the template and deploying it in a another region 

When you have created the template, to avoid the duplication we have to deploy the stack in a different region. As i have mentioned in the 2nd part i got an error while creating the stack because of the same VPCs. To avoid those errors we will create the template in another region with the JSON code of above template which was created in the 2nd part. But before you create your template you have to make some changes in the codes.

*Note:  You have to change the region in the codes if the region is mentioned and the for the Launch Configuration you have to provide an AMI from the same region and to get an ami go to your EC2 Instance launch a instance from the ami get an ami number and paste it in your code and cancel the instance.

Click on create stack and click on design. when you are on the design resources page you can take the JSON codes which were from the template we created and we have to do some changes after pasting the codes, below i have pasted the VPC code and it created the VPC which is i’m building in the new region.

Screenshot (231)

Screenshot (289)

You should be careful with the brackets in the codes if the bracket are not properly given it can give you errors.

Screenshot (232)

When the VPC is created without any errors give click on create stack and create it. When the stack is completed successfully it will say CREATE_COMPLETE. After it has been completed select the stack you created and click on actions and select update stack.

Screenshot (233)

Now ill paste the code for the 4 subnets, Make the necessary changes to the code and when you refresh it will give you the 4 subnets inside the VPC. Always update your stack by clicking on Create stack.

Screenshot (236)

You can create more subnets by using the same code but make sure you give a different cidr to each subnet.

Screenshot (290)

Once the stack is updated, select the stack again click on update and now paste the internet gateway code and from the architecture you created from the cloudformer and paste it. and if you have pasted and given the correct coding it will appear and click on create stack to update the stack you created.

Screenshot (238)

Screenshot (291)

Screenshot (240)

Now paste the DHCP code and you will get the DHPC above or below the Internet Gateway. Click on Create Stack to the update it.

Screenshot (241)

Screenshot (292)

for the next code i added the routing tables inside the VPC by copying the code.

Screenshot (243)

Update the stack.

Screenshot (245)

Now i will add the security groups so that we can communicate outside the VPC because the security groups is like a firewall.

Screenshot (247)

Screenshot (293)

Update the stack. (Keep Updating Everytime when you do any changes to template.)

Screenshot (248)

Keep pasting the codes and make the necessary changes and i have done creating my template till the autoscaling group.

Screenshot (257)

Screenshot (294)

These are my resources after the template is being updated.

Screenshot (268)

When the template is created you can go to EC2 and you can check the  3 security groups , VPC , 4 Subnets (2Private and 2 Public) and the Autoscaling Group.

Screenshot (287)

Screenshot (271)Screenshot (272)Screenshot (273)


When you move forward you will run in to errors, You have be patience and solve the errors and move forward.


You can deploy and update a template and its associated collection of resources (called a stack) by using the AWS Management Console, AWS Command Line Interface, or APIs. CloudFormation is available at no additional charge, and you pay only for the AWS resources needed to run your applications.

I started doing this assignment with $57.54 on my billing dashboard.

Screenshot (307)

This assignment will create an 2 “t2.large” instances and it will create 50GB Elastic Block Storage, and for elastic IPs.

Screenshot (308)

Make sure you do the necessary changes for the auto scaling group. because when you shut down your instance it will create a another t2.large instance and it will start charging you.

Screenshot (309)

After this work is done the remaining balance is  $4.89.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s