Trust
Manages a trust relationship between two Active Directory Directories. The directories may either be both AWS Managed Microsoft AD domains or an AWS Managed Microsoft AD domain and a self-managed Active Directory Domain. The Trust relationship must be configured on both sides of the relationship. If a Trust has only been created on one side, it will be in the state VerifyFailed. Once the second Trust is created, the first will update to the correct state.
Example Usage
Two-Way Trust
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const oneDirectory = new aws.directoryservice.Directory("one", {
name: "one.example.com",
type: "MicrosoftAD",
});
const twoDirectory = new aws.directoryservice.Directory("two", {
name: "two.example.com",
type: "MicrosoftAD",
});
const one = new aws.directoryservice.Trust("one", {
directoryId: oneDirectory.id,
remoteDomainName: twoDirectory.name,
trustDirection: "Two-Way",
trustPassword: "Some0therPassword",
conditionalForwarderIpAddrs: twoDirectory.dnsIpAddresses,
});
const two = new aws.directoryservice.Trust("two", {
directoryId: twoDirectory.id,
remoteDomainName: oneDirectory.name,
trustDirection: "Two-Way",
trustPassword: "Some0therPassword",
conditionalForwarderIpAddrs: oneDirectory.dnsIpAddresses,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
one_directory = aws.directoryservice.Directory("one",
name="one.example.com",
type="MicrosoftAD")
two_directory = aws.directoryservice.Directory("two",
name="two.example.com",
type="MicrosoftAD")
one = aws.directoryservice.Trust("one",
directory_id=one_directory.id,
remote_domain_name=two_directory.name,
trust_direction="Two-Way",
trust_password="Some0therPassword",
conditional_forwarder_ip_addrs=two_directory.dns_ip_addresses)
two = aws.directoryservice.Trust("two",
directory_id=two_directory.id,
remote_domain_name=one_directory.name,
trust_direction="Two-Way",
trust_password="Some0therPassword",
conditional_forwarder_ip_addrs=one_directory.dns_ip_addresses)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var oneDirectory = new Aws.DirectoryService.Directory("one", new()
{
Name = "one.example.com",
Type = "MicrosoftAD",
});
var twoDirectory = new Aws.DirectoryService.Directory("two", new()
{
Name = "two.example.com",
Type = "MicrosoftAD",
});
var one = new Aws.DirectoryService.Trust("one", new()
{
DirectoryId = oneDirectory.Id,
RemoteDomainName = twoDirectory.Name,
TrustDirection = "Two-Way",
TrustPassword = "Some0therPassword",
ConditionalForwarderIpAddrs = twoDirectory.DnsIpAddresses,
});
var two = new Aws.DirectoryService.Trust("two", new()
{
DirectoryId = twoDirectory.Id,
RemoteDomainName = oneDirectory.Name,
TrustDirection = "Two-Way",
TrustPassword = "Some0therPassword",
ConditionalForwarderIpAddrs = oneDirectory.DnsIpAddresses,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directoryservice"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
oneDirectory, err := directoryservice.NewDirectory(ctx, "one", &directoryservice.DirectoryArgs{
Name: pulumi.String("one.example.com"),
Type: pulumi.String("MicrosoftAD"),
})
if err != nil {
return err
}
twoDirectory, err := directoryservice.NewDirectory(ctx, "two", &directoryservice.DirectoryArgs{
Name: pulumi.String("two.example.com"),
Type: pulumi.String("MicrosoftAD"),
})
if err != nil {
return err
}
_, err = directoryservice.NewTrust(ctx, "one", &directoryservice.TrustArgs{
DirectoryId: oneDirectory.ID(),
RemoteDomainName: twoDirectory.Name,
TrustDirection: pulumi.String("Two-Way"),
TrustPassword: pulumi.String("Some0therPassword"),
ConditionalForwarderIpAddrs: twoDirectory.DnsIpAddresses,
})
if err != nil {
return err
}
_, err = directoryservice.NewTrust(ctx, "two", &directoryservice.TrustArgs{
DirectoryId: twoDirectory.ID(),
RemoteDomainName: oneDirectory.Name,
TrustDirection: pulumi.String("Two-Way"),
TrustPassword: pulumi.String("Some0therPassword"),
ConditionalForwarderIpAddrs: oneDirectory.DnsIpAddresses,
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.directoryservice.Directory;
import com.pulumi.aws.directoryservice.DirectoryArgs;
import com.pulumi.aws.directoryservice.Trust;
import com.pulumi.aws.directoryservice.TrustArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var oneDirectory = new Directory("oneDirectory", DirectoryArgs.builder()
.name("one.example.com")
.type("MicrosoftAD")
.build());
var twoDirectory = new Directory("twoDirectory", DirectoryArgs.builder()
.name("two.example.com")
.type("MicrosoftAD")
.build());
var one = new Trust("one", TrustArgs.builder()
.directoryId(oneDirectory.id())
.remoteDomainName(twoDirectory.name())
.trustDirection("Two-Way")
.trustPassword("Some0therPassword")
.conditionalForwarderIpAddrs(twoDirectory.dnsIpAddresses())
.build());
var two = new Trust("two", TrustArgs.builder()
.directoryId(twoDirectory.id())
.remoteDomainName(oneDirectory.name())
.trustDirection("Two-Way")
.trustPassword("Some0therPassword")
.conditionalForwarderIpAddrs(oneDirectory.dnsIpAddresses())
.build());
}
}Content copied to clipboard
resources:
one:
type: aws:directoryservice:Trust
properties:
directoryId: ${oneDirectory.id}
remoteDomainName: ${twoDirectory.name}
trustDirection: Two-Way
trustPassword: Some0therPassword
conditionalForwarderIpAddrs: ${twoDirectory.dnsIpAddresses}
two:
type: aws:directoryservice:Trust
properties:
directoryId: ${twoDirectory.id}
remoteDomainName: ${oneDirectory.name}
trustDirection: Two-Way
trustPassword: Some0therPassword
conditionalForwarderIpAddrs: ${oneDirectory.dnsIpAddresses}
oneDirectory:
type: aws:directoryservice:Directory
name: one
properties:
name: one.example.com
type: MicrosoftAD
twoDirectory:
type: aws:directoryservice:Directory
name: two
properties:
name: two.example.com
type: MicrosoftADContent copied to clipboard
One-Way Trust
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const oneDirectory = new aws.directoryservice.Directory("one", {
name: "one.example.com",
type: "MicrosoftAD",
});
const twoDirectory = new aws.directoryservice.Directory("two", {
name: "two.example.com",
type: "MicrosoftAD",
});
const one = new aws.directoryservice.Trust("one", {
directoryId: oneDirectory.id,
remoteDomainName: twoDirectory.name,
trustDirection: "One-Way: Incoming",
trustPassword: "Some0therPassword",
conditionalForwarderIpAddrs: twoDirectory.dnsIpAddresses,
});
const two = new aws.directoryservice.Trust("two", {
directoryId: twoDirectory.id,
remoteDomainName: oneDirectory.name,
trustDirection: "One-Way: Outgoing",
trustPassword: "Some0therPassword",
conditionalForwarderIpAddrs: oneDirectory.dnsIpAddresses,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
one_directory = aws.directoryservice.Directory("one",
name="one.example.com",
type="MicrosoftAD")
two_directory = aws.directoryservice.Directory("two",
name="two.example.com",
type="MicrosoftAD")
one = aws.directoryservice.Trust("one",
directory_id=one_directory.id,
remote_domain_name=two_directory.name,
trust_direction="One-Way: Incoming",
trust_password="Some0therPassword",
conditional_forwarder_ip_addrs=two_directory.dns_ip_addresses)
two = aws.directoryservice.Trust("two",
directory_id=two_directory.id,
remote_domain_name=one_directory.name,
trust_direction="One-Way: Outgoing",
trust_password="Some0therPassword",
conditional_forwarder_ip_addrs=one_directory.dns_ip_addresses)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var oneDirectory = new Aws.DirectoryService.Directory("one", new()
{
Name = "one.example.com",
Type = "MicrosoftAD",
});
var twoDirectory = new Aws.DirectoryService.Directory("two", new()
{
Name = "two.example.com",
Type = "MicrosoftAD",
});
var one = new Aws.DirectoryService.Trust("one", new()
{
DirectoryId = oneDirectory.Id,
RemoteDomainName = twoDirectory.Name,
TrustDirection = "One-Way: Incoming",
TrustPassword = "Some0therPassword",
ConditionalForwarderIpAddrs = twoDirectory.DnsIpAddresses,
});
var two = new Aws.DirectoryService.Trust("two", new()
{
DirectoryId = twoDirectory.Id,
RemoteDomainName = oneDirectory.Name,
TrustDirection = "One-Way: Outgoing",
TrustPassword = "Some0therPassword",
ConditionalForwarderIpAddrs = oneDirectory.DnsIpAddresses,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directoryservice"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
oneDirectory, err := directoryservice.NewDirectory(ctx, "one", &directoryservice.DirectoryArgs{
Name: pulumi.String("one.example.com"),
Type: pulumi.String("MicrosoftAD"),
})
if err != nil {
return err
}
twoDirectory, err := directoryservice.NewDirectory(ctx, "two", &directoryservice.DirectoryArgs{
Name: pulumi.String("two.example.com"),
Type: pulumi.String("MicrosoftAD"),
})
if err != nil {
return err
}
_, err = directoryservice.NewTrust(ctx, "one", &directoryservice.TrustArgs{
DirectoryId: oneDirectory.ID(),
RemoteDomainName: twoDirectory.Name,
TrustDirection: pulumi.String("One-Way: Incoming"),
TrustPassword: pulumi.String("Some0therPassword"),
ConditionalForwarderIpAddrs: twoDirectory.DnsIpAddresses,
})
if err != nil {
return err
}
_, err = directoryservice.NewTrust(ctx, "two", &directoryservice.TrustArgs{
DirectoryId: twoDirectory.ID(),
RemoteDomainName: oneDirectory.Name,
TrustDirection: pulumi.String("One-Way: Outgoing"),
TrustPassword: pulumi.String("Some0therPassword"),
ConditionalForwarderIpAddrs: oneDirectory.DnsIpAddresses,
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.directoryservice.Directory;
import com.pulumi.aws.directoryservice.DirectoryArgs;
import com.pulumi.aws.directoryservice.Trust;
import com.pulumi.aws.directoryservice.TrustArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var oneDirectory = new Directory("oneDirectory", DirectoryArgs.builder()
.name("one.example.com")
.type("MicrosoftAD")
.build());
var twoDirectory = new Directory("twoDirectory", DirectoryArgs.builder()
.name("two.example.com")
.type("MicrosoftAD")
.build());
var one = new Trust("one", TrustArgs.builder()
.directoryId(oneDirectory.id())
.remoteDomainName(twoDirectory.name())
.trustDirection("One-Way: Incoming")
.trustPassword("Some0therPassword")
.conditionalForwarderIpAddrs(twoDirectory.dnsIpAddresses())
.build());
var two = new Trust("two", TrustArgs.builder()
.directoryId(twoDirectory.id())
.remoteDomainName(oneDirectory.name())
.trustDirection("One-Way: Outgoing")
.trustPassword("Some0therPassword")
.conditionalForwarderIpAddrs(oneDirectory.dnsIpAddresses())
.build());
}
}Content copied to clipboard
resources:
one:
type: aws:directoryservice:Trust
properties:
directoryId: ${oneDirectory.id}
remoteDomainName: ${twoDirectory.name}
trustDirection: 'One-Way: Incoming'
trustPassword: Some0therPassword
conditionalForwarderIpAddrs: ${twoDirectory.dnsIpAddresses}
two:
type: aws:directoryservice:Trust
properties:
directoryId: ${twoDirectory.id}
remoteDomainName: ${oneDirectory.name}
trustDirection: 'One-Way: Outgoing'
trustPassword: Some0therPassword
conditionalForwarderIpAddrs: ${oneDirectory.dnsIpAddresses}
oneDirectory:
type: aws:directoryservice:Directory
name: one
properties:
name: one.example.com
type: MicrosoftAD
twoDirectory:
type: aws:directoryservice:Directory
name: two
properties:
name: two.example.com
type: MicrosoftADContent copied to clipboard
Import
Using pulumi import, import the Trust relationship using the directory ID and remote domain name, separated by a /. For example:
$ pulumi import aws:directoryservice/trust:Trust example d-926724cf57/directory.example.comContent copied to clipboard
Properties
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard