AWS.Directory (aws-elixir v0.8.0) View Source

AWS Directory Service

AWS Directory Service is a web service that makes it easy for you to setup and run directories in the AWS cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory.

This guide provides detailed information about AWS Directory Service operations, data types, parameters, and errors. For information about AWS Directory Services features, see AWS Directory Service and the AWS Directory Service Administration Guide.

AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to AWS Directory Service and other AWS services. For more information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services.

Link to this section Summary

Functions

Accepts a directory sharing request that was sent from the directory owner account.

If the DNS server for your on-premises domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services.

Adds two domain controllers in the specified Region for the specified directory.

Adds or overwrites one or more tags for the specified directory.

Cancels an in-progress schema extension to a Microsoft AD directory.

Creates an AD Connector to connect to an on-premises directory.

Creates an alias for a directory and assigns the alias to the directory.

Creates an Active Directory computer object in the specified directory.

Creates a conditional forwarder associated with your AWS directory.

Creates a Simple AD directory.

Creates a subscription to forward real-time Directory Service domain controller security logs to the specified Amazon CloudWatch log group in your AWS account.

Creates a Microsoft AD directory in the AWS Cloud.

Creates a snapshot of a Simple AD or Microsoft AD directory in the AWS cloud.

AWS Directory Service for Microsoft Active Directory allows you to configure trust relationships.

Deletes a conditional forwarder that has been set up for your AWS directory.

Deletes an AWS Directory Service directory.

Deletes the specified log subscription.

Deletes a directory snapshot.

Deletes an existing trust relationship between your AWS Managed Microsoft AD directory and an external domain.

Deletes from the system the certificate that was registered for secure LDAP or client certificate authentication.

Removes the specified directory as a publisher to the specified SNS topic.

Displays information about the certificate registered for secure LDAP or client certificate authentication.

Obtains information about the conditional forwarders for this account.

Obtains information about the directories that belong to this account.

Provides information about any domain controllers in your directory.

Obtains information about which SNS topics receive status messages from the specified directory.

Describes the status of LDAP security for the specified directory.

Provides information about the Regions that are configured for multi-Region replication.

Returns the shared directories in your account.

Obtains information about the directory snapshots that belong to this account.

Obtains information about the trust relationships for this account.

Disables alternative client authentication methods for the specified directory.

Deactivates LDAP secure calls for the specified directory.

Disables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory.

Disables single-sign on for a directory.

Enables alternative client authentication methods for the specified directory.

Activates the switch for the specific directory to always use LDAP secure calls.

Enables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory.

Enables single sign-on for a directory.

Obtains directory limit information for the current Region.

Obtains the manual snapshot limits for a directory.

For the specified directory, lists all the certificates registered for a secure LDAP or client certificate authentication.

Lists the address blocks that you have added to a directory.

Lists the active log subscriptions for the AWS account.

Lists all schema extensions applied to a Microsoft AD Directory.

Registers a certificate for a secure LDAP or client certificate authentication.

Associates a directory with an SNS topic.

Rejects a directory sharing request that was sent from the directory owner account.

Removes IP address blocks from a directory.

Stops all replication and removes the domain controllers from the specified Region.

Resets the password for any user in your AWS Managed Microsoft AD or Simple AD directory.

Restores a directory using an existing directory snapshot.

Shares a specified directory (DirectoryId) in your AWS account (directory owner) with another AWS account (directory consumer).

Applies a schema extension to a Microsoft AD directory.

Stops the directory sharing between the directory owner and consumer accounts.

Updates a conditional forwarder that has been set up for your AWS directory.

Adds or removes domain controllers to or from the directory.

Updates the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector or Microsoft AD directory.

Updates the trust that has been set up between your AWS Managed Microsoft AD directory and an on-premises Active Directory.

AWS Directory Service for Microsoft Active Directory allows you to configure and verify trust relationships.

Link to this section Functions

Link to this function

accept_shared_directory(client, input, options \\ [])

View Source

Accepts a directory sharing request that was sent from the directory owner account.

Link to this function

add_ip_routes(client, input, options \\ [])

View Source

If the DNS server for your on-premises domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services.

AddIpRoutes adds this address block. You can also use AddIpRoutes to facilitate routing traffic that uses public IP ranges from your Microsoft AD on AWS to a peer VPC.

Before you call AddIpRoutes, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the AddIpRoutes operation, see AWS Directory Service API Permissions: Actions, Resources, and Conditions Reference.

Link to this function

add_region(client, input, options \\ [])

View Source

Adds two domain controllers in the specified Region for the specified directory.

Link to this function

add_tags_to_resource(client, input, options \\ [])

View Source

Adds or overwrites one or more tags for the specified directory.

Each directory can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique to each resource.

Link to this function

cancel_schema_extension(client, input, options \\ [])

View Source

Cancels an in-progress schema extension to a Microsoft AD directory.

Once a schema extension has started replicating to all domain controllers, the task can no longer be canceled. A schema extension can be canceled during any of the following states; Initializing, CreatingSnapshot, and UpdatingSchema.

Link to this function

connect_directory(client, input, options \\ [])

View Source

Creates an AD Connector to connect to an on-premises directory.

Before you call ConnectDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the ConnectDirectory operation, see AWS Directory Service API Permissions: Actions, Resources, and Conditions Reference.

Link to this function

create_alias(client, input, options \\ [])

View Source

Creates an alias for a directory and assigns the alias to the directory.

The alias is used to construct the access URL for the directory, such as http://<alias>.awsapps.com.

After an alias has been created, it cannot be deleted or reused, so this operation should only be used when absolutely necessary.

Link to this function

create_computer(client, input, options \\ [])

View Source

Creates an Active Directory computer object in the specified directory.

Link to this function

create_conditional_forwarder(client, input, options \\ [])

View Source

Creates a conditional forwarder associated with your AWS directory.

Conditional forwarders are required in order to set up a trust relationship with another domain. The conditional forwarder points to the trusted domain.

Link to this function

create_directory(client, input, options \\ [])

View Source

Creates a Simple AD directory.

For more information, see Simple Active Directory in the AWS Directory Service Admin Guide.

Before you call CreateDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the CreateDirectory operation, see AWS Directory Service API Permissions: Actions, Resources, and Conditions Reference.

Link to this function

create_log_subscription(client, input, options \\ [])

View Source

Creates a subscription to forward real-time Directory Service domain controller security logs to the specified Amazon CloudWatch log group in your AWS account.

Link to this function

create_microsoft_ad(client, input, options \\ [])

View Source

Creates a Microsoft AD directory in the AWS Cloud.

For more information, see AWS Managed Microsoft AD in the AWS Directory Service Admin Guide.

Before you call CreateMicrosoftAD, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the CreateMicrosoftAD operation, see AWS Directory Service API Permissions: Actions, Resources, and Conditions Reference.

Link to this function

create_snapshot(client, input, options \\ [])

View Source

Creates a snapshot of a Simple AD or Microsoft AD directory in the AWS cloud.

You cannot take snapshots of AD Connector directories.

Link to this function

create_trust(client, input, options \\ [])

View Source

AWS Directory Service for Microsoft Active Directory allows you to configure trust relationships.

For example, you can establish a trust between your AWS Managed Microsoft AD directory, and your existing on-premises Microsoft Active Directory. This would allow you to provide users and groups access to resources in either domain, with a single set of credentials.

This action initiates the creation of the AWS side of a trust relationship between an AWS Managed Microsoft AD directory and an external domain. You can create either a forest trust or an external trust.

Link to this function

delete_conditional_forwarder(client, input, options \\ [])

View Source

Deletes a conditional forwarder that has been set up for your AWS directory.

Link to this function

delete_directory(client, input, options \\ [])

View Source

Deletes an AWS Directory Service directory.

Before you call DeleteDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the DeleteDirectory operation, see AWS Directory Service API Permissions: Actions, Resources, and Conditions Reference.

Link to this function

delete_log_subscription(client, input, options \\ [])

View Source

Deletes the specified log subscription.

Link to this function

delete_snapshot(client, input, options \\ [])

View Source

Deletes a directory snapshot.

Link to this function

delete_trust(client, input, options \\ [])

View Source

Deletes an existing trust relationship between your AWS Managed Microsoft AD directory and an external domain.

Link to this function

deregister_certificate(client, input, options \\ [])

View Source

Deletes from the system the certificate that was registered for secure LDAP or client certificate authentication.

Link to this function

deregister_event_topic(client, input, options \\ [])

View Source

Removes the specified directory as a publisher to the specified SNS topic.

Link to this function

describe_certificate(client, input, options \\ [])

View Source

Displays information about the certificate registered for secure LDAP or client certificate authentication.

Link to this function

describe_conditional_forwarders(client, input, options \\ [])

View Source

Obtains information about the conditional forwarders for this account.

If no input parameters are provided for RemoteDomainNames, this request describes all conditional forwarders for the specified directory ID.

Link to this function

describe_directories(client, input, options \\ [])

View Source

Obtains information about the directories that belong to this account.

You can retrieve information about specific directories by passing the directory identifiers in the DirectoryIds parameter. Otherwise, all directories that belong to the current account are returned.

This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the DescribeDirectoriesResult.NextToken member contains a token that you pass in the next call to DescribeDirectories to retrieve the next set of items.

You can also specify a maximum number of return results with the Limit parameter.

Link to this function

describe_domain_controllers(client, input, options \\ [])

View Source

Provides information about any domain controllers in your directory.

Link to this function

describe_event_topics(client, input, options \\ [])

View Source

Obtains information about which SNS topics receive status messages from the specified directory.

If no input parameters are provided, such as DirectoryId or TopicName, this request describes all of the associations in the account.

Link to this function

describe_ldaps_settings(client, input, options \\ [])

View Source

Describes the status of LDAP security for the specified directory.

Link to this function

describe_regions(client, input, options \\ [])

View Source

Provides information about the Regions that are configured for multi-Region replication.

Link to this function

describe_shared_directories(client, input, options \\ [])

View Source

Returns the shared directories in your account.

Link to this function

describe_snapshots(client, input, options \\ [])

View Source

Obtains information about the directory snapshots that belong to this account.

This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the DescribeSnapshots.NextToken member contains a token that you pass in the next call to DescribeSnapshots to retrieve the next set of items.

You can also specify a maximum number of return results with the Limit parameter.

Link to this function

describe_trusts(client, input, options \\ [])

View Source

Obtains information about the trust relationships for this account.

If no input parameters are provided, such as DirectoryId or TrustIds, this request describes all the trust relationships belonging to the account.

Link to this function

disable_client_authentication(client, input, options \\ [])

View Source

Disables alternative client authentication methods for the specified directory.

Link to this function

disable_ldaps(client, input, options \\ [])

View Source

Deactivates LDAP secure calls for the specified directory.

Link to this function

disable_radius(client, input, options \\ [])

View Source

Disables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory.

Link to this function

disable_sso(client, input, options \\ [])

View Source

Disables single-sign on for a directory.

Link to this function

enable_client_authentication(client, input, options \\ [])

View Source

Enables alternative client authentication methods for the specified directory.

Link to this function

enable_ldaps(client, input, options \\ [])

View Source

Activates the switch for the specific directory to always use LDAP secure calls.

Link to this function

enable_radius(client, input, options \\ [])

View Source

Enables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory.

Link to this function

enable_sso(client, input, options \\ [])

View Source

Enables single sign-on for a directory.

Single sign-on allows users in your directory to access certain AWS services from a computer joined to the directory without having to enter their credentials separately.

Link to this function

get_directory_limits(client, input, options \\ [])

View Source

Obtains directory limit information for the current Region.

Link to this function

get_snapshot_limits(client, input, options \\ [])

View Source

Obtains the manual snapshot limits for a directory.

Link to this function

list_certificates(client, input, options \\ [])

View Source

For the specified directory, lists all the certificates registered for a secure LDAP or client certificate authentication.

Link to this function

list_ip_routes(client, input, options \\ [])

View Source

Lists the address blocks that you have added to a directory.

Link to this function

list_log_subscriptions(client, input, options \\ [])

View Source

Lists the active log subscriptions for the AWS account.

Link to this function

list_schema_extensions(client, input, options \\ [])

View Source

Lists all schema extensions applied to a Microsoft AD Directory.

Link to this function

list_tags_for_resource(client, input, options \\ [])

View Source

Lists all tags on a directory.

Link to this function

register_certificate(client, input, options \\ [])

View Source

Registers a certificate for a secure LDAP or client certificate authentication.

Link to this function

register_event_topic(client, input, options \\ [])

View Source

Associates a directory with an SNS topic.

This establishes the directory as a publisher to the specified SNS topic. You can then receive email or text (SMS) messages when the status of your directory changes. You get notified if your directory goes from an Active status to an Impaired or Inoperable status. You also receive a notification when the directory returns to an Active status.

Link to this function

reject_shared_directory(client, input, options \\ [])

View Source

Rejects a directory sharing request that was sent from the directory owner account.

Link to this function

remove_ip_routes(client, input, options \\ [])

View Source

Removes IP address blocks from a directory.

Link to this function

remove_region(client, input, options \\ [])

View Source

Stops all replication and removes the domain controllers from the specified Region.

You cannot remove the primary Region with this operation. Instead, use the DeleteDirectory API.

Link to this function

remove_tags_from_resource(client, input, options \\ [])

View Source

Removes tags from a directory.

Link to this function

reset_user_password(client, input, options \\ [])

View Source

Resets the password for any user in your AWS Managed Microsoft AD or Simple AD directory.

You can reset the password for any user in your directory with the following exceptions:

  • For Simple AD, you cannot reset the password for any user that is a member of either the Domain Admins or Enterprise Admins group except for the administrator user.

  • For AWS Managed Microsoft AD, you can only reset the password for a user that is in an OU based off of the NetBIOS name that you typed when you created your directory. For example, you cannot reset the password for a user in the AWS Reserved OU. For more information about the OU structure for an AWS Managed Microsoft AD directory, see What Gets Created in the AWS Directory Service Administration Guide.

Link to this function

restore_from_snapshot(client, input, options \\ [])

View Source

Restores a directory using an existing directory snapshot.

When you restore a directory from a snapshot, any changes made to the directory after the snapshot date are overwritten.

This action returns as soon as the restore operation is initiated. You can monitor the progress of the restore operation by calling the DescribeDirectories operation with the directory identifier. When the DirectoryDescription.Stage value changes to Active, the restore operation is complete.

Link to this function

share_directory(client, input, options \\ [])

View Source

Shares a specified directory (DirectoryId) in your AWS account (directory owner) with another AWS account (directory consumer).

With this operation you can use your directory from any AWS account and from any Amazon VPC within an AWS Region.

When you share your AWS Managed Microsoft AD directory, AWS Directory Service creates a shared directory in the directory consumer account. This shared directory contains the metadata to provide access to the directory within the directory owner account. The shared directory is visible in all VPCs in the directory consumer account.

The ShareMethod parameter determines whether the specified directory can be shared between AWS accounts inside the same AWS organization (ORGANIZATIONS). It also determines whether you can share the directory with any other AWS account either inside or outside of the organization (HANDSHAKE).

The ShareNotes parameter is only used when HANDSHAKE is called, which sends a directory sharing request to the directory consumer.

Link to this function

start_schema_extension(client, input, options \\ [])

View Source

Applies a schema extension to a Microsoft AD directory.

Link to this function

unshare_directory(client, input, options \\ [])

View Source

Stops the directory sharing between the directory owner and consumer accounts.

Link to this function

update_conditional_forwarder(client, input, options \\ [])

View Source

Updates a conditional forwarder that has been set up for your AWS directory.

Link to this function

update_number_of_domain_controllers(client, input, options \\ [])

View Source

Adds or removes domain controllers to or from the directory.

Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request.

Link to this function

update_radius(client, input, options \\ [])

View Source

Updates the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector or Microsoft AD directory.

Link to this function

update_trust(client, input, options \\ [])

View Source

Updates the trust that has been set up between your AWS Managed Microsoft AD directory and an on-premises Active Directory.

Link to this function

verify_trust(client, input, options \\ [])

View Source

AWS Directory Service for Microsoft Active Directory allows you to configure and verify trust relationships.

This action verifies a trust relationship between your AWS Managed Microsoft AD directory and an external domain.