aws-senior.com
www.aws-senior.comVisite out website www.aws-senior.com
http://www.aws-senior.com
www.aws-senior.com
AWS Certified Cloud Practitioner
AWS Certified Solutions Architect Associate
AWS Certified Developer Associate
AWS Certified SysOps Administrator Associate
AWS Certified Solutions Architect Professional
AWS Certified DevOps Engineer Professional
AWS Certified Big Data Specialty
AWS Certified Advanced Networking Specialty
AWS Certified Security Specialty www.aws-senior.com
/
Once you create a Managed AD in an AWS account, you can share this AD with other accounts. This is a common use-case when you have AWS Managed Active Directory in a shared services account that needs to be shared with other workload accounts. The following are few points to keep in mind: Sharing to another account can happen only within the same region where the Managed AD resides Shared directory will be visible to all the VPCs in the workload accounts The shared directory on the workload account will get a directory id that is different than the original directory id in the shared services account. If Managed AD directory is in an account where organization is enabled, then you also have the option of sharing it with all the accounts within the organization or with a specific account This tutorial covers the following examples: Share Managed AD â€" AWS CLI View Current Managed AD Shares â€" AWS CLI Accept Directory Sharing â€" AWS CLI Unshare Directory â€" AWS CLI Reject Sharing â€" AWS CLI Share Managed AD â€" AWS Console Accept or Reject Directory Sharing â€" AWS Console Unshare Directory â€" AWS Console 1. Share Managed AD â€" AWS CLI First, set the source directory id, and the destination AWS workload account number. DIRECTORY_ID=d-123abc4567 WORKLOAD_ACCOUNT=222222222222 Execute the following command to share the directory to the workload account. Execute this command using the shared services account credentials. aws ds share-directory --directory-id ${DIRECTORY_ID} \ --share-notes "AD Directory for workload accounts" \ --share-target "Id=${WORKLOAD_ACCOUNT},Type=ACCOUNT" \ --share-method HANDSHAKE I n the above example: DIRECTORY_ID â€" This is the Managed AD directory id that is in the shared services account WORKLOAD_ACCOUNT â€" This is the AWS account number of the workload account to which you are sharing the Managed AD share-method â€" Since we are specifically sharing with another account, use HANDSHAKE as the method The following is the output of the above command, which displays the shared directory id. { "SharedDirectoryId": "d-444efg5555" } 2. View Current Managed AD Shares â€" AWS CLI Once you’ve shared a directory, you can view the current status of the sharing, and also to get a list of all the existing shares as shown below. DIRECTORY_ID=d-123abc4567 aws ds describe-shared-directories \ --owner-directory-id ${DIRECTORY_ID} The following is an example output: { "SharedDirectories": [ { "OwnerDirectoryId": "d-123abc4567", "ShareNotes": "AD Directory for workload accounts", "ShareMethod": "HANDSHAKE", "CreatedDateTime": 1558566663.171, "SharedAccountId": "222222222222", "SharedDirectoryId": "d-444efg5555", "ShareStatus": "PendingAcceptance", "OwnerAccountId": "111111111111", "LastUpdatedDateTime": 1558566663.171 } ] } Note: In the above output, the ShareStatus is PendingAcceptance. This will change to “Shared†once the workload account accept the share request. 3. Accept Directory Sharing â€" AWS CLI Use the workload account credentials to accept the directory sharing as shown below. aws ds accept-shared-directory \ --shared-directory-id d-444efg5555 In the above example, d-444efg5555 is the shared directory id (not the directory id of the Managed AD in the shared services account). Few ways to get the shared directory id: You’ll get this as an output from this CLI: aws ds share-directory Login to the workload account, and get the directory id from the console Use aws ds describe-shared-directories on the workload account, to get this id 4. Unshare Directory â€" AWS CLI First, set the source directory id, and the destination AWS workload account number. DIRECTORY_ID=d-123abc4567 WORKLOAD_ACCOUNT=222222222222 Execute the following command to share the directory to the workload account. Execute this command using the shared services account credentials. aws ds unshare-directory --directory-id ${DIRECTORY_ID} \ --unshare-target "Id=${WORKLOAD_ACCOUNT},Type=ACCOUNT"
www.aws-senior.com
Visite out website www.aws-senior.com
http://www.aws-senior.com
aws-senior.com
www.aws-senior.com
Visite out website www.aws-senior.com
www.aws-senior.com
AWS Certified Cloud Practitioner
AWS Certified Solutions Architect Associate
AWS Certified Developer Associate
AWS Certified SysOps Administrator Associate
AWS Certified Solutions Architect Professional
AWS Certified DevOps Engineer Professional
AWS Certified Big Data Specialty
AWS Certified Advanced Networking Specialty
AWS Certified Security Specialty www.aws-senior.com
/ www.aws-senior.com www.aws-senior.com
Visite out website www.aws-senior.com
http://www.aws-senior.com
- aws solutions architect certification
- aws partner directory
- aws certified developer - associate
- certified in risk and information systems control
- aws logging best practices
- best it certifications for beginners
- aws security logs
- aws security group change log
- aws jobs for freshers
- aws artifact
http://oraclesupport2018.blogspot.com
http://world-cup-2018-fifa.blogspot.com
http://oracle-support-community.blogspot.com
https://oracleerrormsgs.blogspot.com
https://russie-foot-2018.blogspot.com
https://oracle-support-maintenance.blogspot.com
https://aws-config-tutorial.blogspot.com
https://aws-certification-exam.blogspot.com
http://watch-live2018.blogspot.com
https://facebook2010.blogspot.com
https://updatefun.blogspot.com
https://soft-pedia2010.blogspot.com
https://aws-cloudtrail-tutorial.blogspot.com
https://encysc0.blogspot.com
0 commentaires:
Enregistrer un commentaire