docs(installation): update based on following documentation #9
+23
−13
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
richardkeit
commented
Dec 9, 2024
Comment on lines
-30
to
-39
| ## 4.5 Deploy Managed Active Directory configuration instance | ||
| When using Managed Active Directory, manual steps are needed to customize the security group created for your domain controllers. By default traffic is only allowed from the CIDR range of the VPC where the directory is deployed. Traffic needs to be allowed from the Endpoint VPC where Amazon Route 53 Outbound Resolver endpoints are deployed as well as all other CIDRs associated to your VPC, other peered VPCs, or networks that you have connected using AWS Direct Connect, AWS Transit Gateway, or Virtual Private Network that need to communicate with the domain controllers. | ||
|
|
||
| 1. Locate the security group created by Directory Service in your Operations account (named `d-<your-directory-id>_controllers`) and edit the source of the inbound rules to allow traffic from the needed CIDR ranges. You can use the same value used for the `AcceleratorIpamSupernet` replacement variable that covers all your VPC address space. This needs to be customized according to your needs. | ||
|
|
||
| Refer to the [AWS Directory Service documentation](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_getting_started.html#ms_ad_getting_started_what_gets_created) for more details. | ||
|
|
||
| 2. Edit the `iam-config.yaml` file to un-comment and edit as needed the `activeDirectoryConfigurationInstance` block under `managedActiveDirectories`. Send your configuration changes to CodeCommit or S3 | ||
|
|
||
| 3. Release the `AWSAccelerator-Pipeline` to finalize the deployment of the Active Directory configuration instance. |
There was a problem hiding this comment.
This was moved because it cut the ALB forwarding section into two and broke the flow of the document
| @@ -103,7 +112,7 @@ Some configuration elements need to be updated when using ControlTower | |||
| - global-config.yaml | |||
| * Update `managementAccountAccessRole` value to `AWSControlTowerExecution` | |||
| * Update `controlTower` to `enable: true` | |||
| * Uncomment the `landingZone` block | |||
| * Uncomment the `landingZone` block (only if it is a new Organization with zero accounts other than the Management Account) | |||
There was a problem hiding this comment.
Per Auto-deploy AWS Control Tower by the solution (recommended)
:
There are no AWS services enabled for AWS Organizations.
There are no organization units created in the AWS Organizations.
The only AWS account in the AWS Organization is the management account.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
No open issue
Description of changes:
After following the documentation, I found some of the formatting and wording slightly hard to follow.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.