Options
All
  • Public
  • Public/Protected
  • All
English
  • English
  • Français
Menu
Warning
The configuration file schema documentation is a work in progress. Please use this draft document with caution. The deeper you browse into the hierarchy, the less accurate the definitions are likely to be.

Microsoft Active Directory configuration

Hierarchy

  • MADConfig1

Index

Properties

ad-groups

ad-groups: string[]
Title: Active Directory Groups
Description: Groups to create within the MAD instance. Only executed on Accelerator initial installation (used to speed initial installs).

ad-per-account-groups

ad-per-account-groups: string[]
Title: AD per Account Groups
Description: Create these AD groups within MAD for every Shared account in Accelerator. Only executed on Accelerator initial installation (used to speed initial installs).

ad-users

ad-users: MADUserConfig1[]
Title: Active Directory Users
Description: Users to create within the MAD instance. Only executed on Accelerator initial installation (used to speed initial installs).

adc-group

adc-group: string
Title: AWS ADC Group
Description: AWS Active Directory Connector (ADC) group to be created and assigned appropriate permissions within MAD. Only executed on Accelerator initial installation.

Optional azs

azs: string[]
Title: Azs
Description: Availability zones for the underlying MAD instances

central-resolver-rule-account

central-resolver-rule-account: string
Title: Central Resolver Rule Account
Description: Integrate DNS resolution between MAD and the endpoint VPC. Provide the account for the endpoint VPC

central-resolver-rule-vpc

central-resolver-rule-vpc: string
Title: Central Resolver Rule Vpc
Description: Name of the endpoint VPC or the VPC that implements the centralized resolvers

deploy

deploy: boolean
Title: Deploy
Description: Set to true to deploy this MAD or to false if only being defined in the Accelerator

Optional description

description: string
Title: Description
Description: Description field used in the future GUI, and allows customers to provide a purpose for this MAD.

dir-id

dir-id: number
Title: Dir Id
Description: MAD directory ID

dns-domain

dns-domain: string
Title: MAD DNS Domain Name
Description: MAD DNS Domain

image-path

image-path: string
Title: RDGW Image Path
Description: The SSM AMI ID of the image used to bootstrap the RDGW instance. This should point to the variable for the latest image ID.

log-group-name

log-group-name: string
Title: Log Group Name
Description: CWL log group name for MAD

max-rdgw-hosts

max-rdgw-hosts: number
Title: Max RDGW Hosts
Description: Maximum number of instances in the RDGW auto-scaling group

min-rdgw-hosts

min-rdgw-hosts: number
Title: Min RDGW Hosts
Description: Minimum number of instances in the RDGW auto-scaling group

netbios-domain

netbios-domain: string
Title: MAD Netbios Domain Name
Description: MAD Netbios Domain

num-rdgw-hosts

num-rdgw-hosts: number
Title: Number of RDGW Hosts
Description: Desired number of instances in the RDGW auto-scaling group

password-policies

password-policies: MADPasswordPolicy1
Title: Active Directory Password Policies
Description: Password policies for MAD users. Only set on Accelerator initial installation.

Optional password-secret-name

password-secret-name: string
Title: Password Secret Name
Description: A Secret ARN containing the MAD root user password. This is only used for customers that have iupgraded from v1.0.4.

Optional rdgw-enforce-imdsv2

rdgw-enforce-imdsv2: boolean
Title: Enforce IMDSv2 on the EC instances launched for Remote Desktop Gateway
Description: If set to true, IMDSv2 will be mandatory on the instances. Default : false

rdgw-instance-role

rdgw-instance-role: string
Title: Remote Desktop Gateway instance role
Description: EC2 instance role assumed by the RDGW

rdgw-instance-type

rdgw-instance-type: string
Title: Remote Desktop Gateway EC2 instance type
Description: To manage the MAD the Accelerator deploys an EC2 instance to serve as a Remote Desktop Gateway

rdgw-max-instance-age

rdgw-max-instance-age: number
Title: RDGW Max Instance Age
Description: EC2 Auto Scaling lets you safely and securely recycle instances in at a regular cadence. The Maximum Instance Lifetime parameter helps you ensure that instances are recycled before reaching the specified lifetime in days.

region

region: string
Title: Region
Description: Region to deploy the MAD

restrict_srcips

restrict_srcips: string[]
Title: Restrict source IPs
Description: Restrict access to the MAD interface to this source IPs defined in ${RANGE-RESTRICT}

security-groups

security-groups: SecurityGroupConfig4[]
Title: Security Groups
Description: AWS security groups to associate to the MAD EC2 instances

Optional share-to-account

share-to-account: string
Title: Share To Account
Description: Share the MAD to other accounts. This is typically left blank and the share-mad-from parameter at the OU level is leveraged

size

size: string
Title: MAD Size
Description: Standard or Enterprise. AWS Managed Microsoft AD (Standard Edition) is optimized to be a primary directory for small and midsize businesses with up to 5,000 employees. It provides you enough storage capacity to support up to 30,000* directory objects, such as users, groups, and computers. AWS Managed Microsoft AD (Enterprise Edition) is designed to support enterprise organizations with up to 500,000* directory objects

subnet

subnet: string
Title: Subnet
Description: Subnets to deploy the MAD

vpc-name

vpc-name: string
Title: MAD VPC Name
Description: Name of the VPC to deploy the MAD to