Is AWS Directory Services supported?

[jkodroff]

I'd like to use AWS Directory Services to avoid having to create a Domain Controller as an actual EC2 instance. It looks like the AWS SDK for Go supports it, but I don't see anything relating to it in the Terraform docs nor did I see any open PRs relating to it.

Assuming this isn't already supported, I'd be willing to give a PR a go for this (pun accidental). If this is a feature Terraform doesn't support, and would like to support, I'd appreciate it if someone could point me to a spot in the Terraform codebase I could use as an example.

[phinze]

Hi @jkodroff - you're correct that we don't yet have any support for Directory Services resources, and it'd be great if you wanted to work on a PR!

From reading the API docs - it looks like the first resources would probably be aws_directoryservice_directory and aws_directoryservice_computer?

So something like:

resource "aws_directoryservice_directory" "foo" {
  name     = "foo"
  password = "secret"
  size     = "large"
}

resource "aws_directoryservice_computer" "compu" {
  directory_id = "${aws_directoryservice_directory.foo.id}"
  computer_name = "compu"
  // terraform autogenerates password perhaps?
}

output "compu_join_password" {
  value = "${aws_directoryservice_computer.foo.password}"
}

What do you think?

Once we land on a candidate config, there are plenty of examples of resources in the AWS provider that you can copy from to get going.

[jkodroff]

Yeah, that's about what I had in mind. I'm going to give this a shot. I'm pretty motivated to do it since I'm terrible at AWS, am running terraform destroy a lot because of it, and it's really annoying to have to re-create the directory manually. ;)

[jkodroff]

@phinze Are there any existing resources which auto-generate a password?

[leaanthony]

I'm also interested in getting this working. How far did you get @jkodroff? Thanks

[jkodroff]

@lea-anthony @phinze My apologies. I kinda lost steam on this as I got pulled onto something else at work as we shelved our cloud plans. My work can be found here.

I was trying to muddle my way through creating the tests when I left off, so I don't have a good idea of whether the stuff I've written works at all. (I was copying the other AWS resources if that's any help, and I do know it compiles, minus the tests.) If someone wants to finish the feature, that would be awesome.

[stack72]

@phinze I think this can be closed now due to merging #3228

[apparentlymart]

It looks like #3228 gets us directory but not yet computer, so I'm inclined to leave this for someone who wants to work on computer. It sounds like @jkodroff no longer needs this feature, but maybe someone else would like to build on @radeksimko's work and add this other resource, now that there's a good example and the client object is already wired in there.

[AzCii]

So now it's possible to setup a directory, are there any way to join the EC2 instances to the direcotry, or are we still waiting for this?

[radeksimko]

@AzCii There is no computer resource yet, if that's what you are asking for. I was not able to find any PRs for this either, so it's open for anyone to pick up. I personally don't plan to work on that any time soon.

btw. it seems there's only Create API method for computers but no way to discover, update or delete existing ones (unless you want to use the actual AD protocol): http://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateComputer.html
but I might be missing the point/workflow for this resource due to the lack of my experience with AD and managing Windows generally.

[liamjbennett]

I see little value is a computer resource here. If you want to ensure that a computer is attached to the domain the you can use AWS SSM (see: http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-join-aws-domain.html)

There is now the aws_ssm_document resource to handle that side of things. As a result I think we can now safely close this ticket.

[catsby]

Hey Friends – I'm going to go ahead and close this for now. IF someone wants to pick up the torch and add the mentioned computer resource, please open a new issue. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.