AWS News Blog

Now Available – AWS Directory Service API & CLI (Bonus: CloudTrail Integration)

AWS Directory Service allows you to connect your AWS resources to an existing on-premises Active Directory or to set up a new, standalone directory in the AWS Cloud (see my post, New AWS Directory Service, to learn more).

Until today, all operations on a Directory were initiated through the AWS Management Console. This was convenient, but was not ideal for integration with existing workflows.

API & CLI
Today we are making Directory Service even more useful by adding API and CLI (Command-Line Interface) support. You can now create and delete directories, computer accounts, and aliases (alternate names for the directory). You can create snapshot backups for standalone directories, and you can manage sign-on modes (Radius and SSO).

You can use an IAM policy to grant permission to perform the API actions.

Let’s take a look at some sample requests and responses, starting with a call to CreateDirectory. Here is the request:

{"Name": "corp.snackers.org",
 "ShortName": "corp",
 "Password": "Westbay@123",
 "Description": "corp",
 "Size": "Large",
 "VpcSettings": 
  {"VpcId": "vpc-c3dd04a2",
   "SubnetIds": 
    ["subnet-9add04fb", "subnet-66dc0507"]
  }
}

And here is the response:

{"DirectoryId": "d-90673058d7"}

Here’s a call to DescribeDirectories, with three Directory Ids as arguments:

{"DirectoryIds": 
  ["d-9067315087", "d-9067312ba4", "d-906731a3f3"]
}

The response is fairly long; it starts like this:

{"DirectoryDescriptions": 
  [
    {"AccessUrl": "d-9067312ba4.dev.awsapps.com", 
     "Alias": "d-9067312ba4", 
     "DirectoryId": "d-9067312ba4", 
     "DnsIpAddrs": 
      ["172.16.1.130", "172.16.0.87"], 
     "LaunchTime": 1430175177.892, 
     "Name": "Eastbay.snackers.org", 
     "ShortName": "Eastbay", 
     "Size": "Large", 
     "SsoEnabled": false, 
     "Stage": "Active", 
     "StageLastUpdatedDateTime": 1430175333.603, 
     "Type": "SimpleAD", 
     "VpcSettings": 
      {"AvailabilityZones": 
        ["us-east-1a", "us-east-1e"], 
       "SubnetIds": 
        ["subnet-9add04fb", "subnet-13773d29"], 
       "VpcId": "vpc-c3dd04a2"}
    }, 
    ...

CloudTrail Integration
Directory Service API actions (via an SDK, the Console, or the CLI) can now be recorded via AWS CloudTrail.

Learn More
To learn more, read the new AWS Directory Service API Developer Guide. You can download the AWS SDKs and the AWS Command Line Interface (CLI) to get started.

Jeff;