Setup Federation of Windows AD in AWS - amazon-web-services

I am new to AWS i am trying to federate aws access with my active directory. So far i have created a Windows Server 2008 [ec2 instance] in a VPC on aws. I have installed AD, DNS, ADFS. I followed all the steps mentioned in this link --> http://blogs.aws.amazon.com/security/post/Tx71TWXXJ3UI14/Enabling-Federation-to-AWS-using-Windows-Active-Directory-ADFS-and-SAML-2-0
I was successful in creating the Windows active directory but i am not able to access it outside the VM. I have created a elastic ip and associated it with that instance as well, since it is created in a VPC.
My requirement is to access the aws management console with my AD details in place of IAM.I am struck with this i don't know where to go from here.
I am very new to AWS, sorry if my terms are wrong.. Kindly help me with this.

Related

EC2 instances connecting to lambda result in ConnectFailure

I'm trying to access lambda functions from a Windows VM I have created in EC2 for dev purposes but even a simple 'list functions' command fails to connect
I have tried using the AWS CLI through PowerShell, the dotnet sdk and the VS AWS Toolkit but each of these times out after a long waiting period. I can, however, list other services such as my databases and S3 buckets.
aws cli failure message
VS toolkit failure message
I have tried creating a new VM with the same results. I've disabled windows firewall altogether, allowed all traffic through the security group and have VPC endpoints for my subnet (ssm, ec2messages, lambda, ec2).
I have no trouble connecting to the lambda service through my own computer. On the VM, I have modified the .aws/credentials file to match the one on my computer for both the admin and current user but I still can't connect. This tells me that the problem isn't related to my access key credentials.
I'm reaching the end of the troubleshooting options I can think of so any help would be very much appreciated!
Update: using telnet, I cannot connect to lambda.ap-southeast-2 but I can connect to s3.ap-southeast-2 and lambda.ap-southeast-1. It seems lambda.ap-southeast-2 is being blocked somewhere but it isn't windows firewall because it's off and the same problem happens on Ubuntu VMs.
In the VPC Management Console, I haven't set up any firewalls under network or dns filewalls and my network ACL allows all traffic.

Seemless AD join with AWS AD Connector in private subnet

I have the following network setup and try to join EC2 instances with an on-prem active directory.
Ec2 running inside a private non-routable subnet
Ad connector runs in a on-prem connected subnet
the domain is dns resolvable throughout the whole VPC
In this setup is it possible to join the ec2 instance through the AD connector without having the instance a direct connection to the on-prem AD?
When the AD Connector is up and running with status active, should it show up in the on-prem directory as domain controller?
Anyone experience which Windows Server versions are supported for the AD connector? Server 2019?
After a dive deep in this topic i have answers, which might help others looking into topics arround AD on AWS.
The AD Connector only helps with joining an instance to your AD
The wording proxy is meant literally (not a technical proxy server), it is the proxy which creates the computer object inside your AD for you, afterwards you need to join the instance (mostly done using a AWS Systems Manager AWS-JoinDirectoryServiceDomain document.
The Ec2 instance in fact needs direct network connectivity with the domain controller, of course the domain (fully qualified) needs to be resolvable as well.
Details on the plugin for joining can be found here: https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-plugins.html#aws-domainJoin
One important feature for me is, you can define a OU were the computer object should be created!

authentication failure between 2 ec2 instances with windows server 2016

I am a newbie to AWS Cloud. Recently I was given the requirement to do a Automation Anywhere Clustered Control Room installation on AWS Cloud. Based on this requirement, I set up 2 EC2 instances (as a test run) with Windows Server 2016 AMI. I installed MS SQL server on one of the instances and opened port 1433 for access from the other instance. I installed Control Room on the first instance successfully (using custom install). When I completed the installation on the second instance, I got credential vault error. I have created a shared folder which is accessible by both the instances inspite of which I am getting the error. I have security groups and firewalls setup appropriately alsoI have shared the snapshot below. I have been informed that there is an authentication issue between the 2 instances. How do I get this to work?
Any and all help is much appreciated.
I don't know if this is a duplicate of any other question. If it is, please point me in the right direction.
I was able to solve the problem. I reinstalled the control room on both the EC2 machines with Manual mode for the Credential Vault access.
I also reset the firewall to allow only 80 and 443 (for now) both locally and remotely on the second EC2 instance.

We are not using ADFS when we log onto AWS servers

I am going over IAM topic. Understood about Active Directory Federation service (ADFS). We just started on a project. We are going to host a vendor product that we use here on premise onto AWS. I RDP (remote into) into AWS 2012 servers from my office network. When I log onto AWS windows 2012 servers, I see my credentials already on AWS servers. I am pretty sure we are not using ADFS to authenticate users. What else could we be using when we RDP onto AWS servers. I can see my on premise file servers when I log onto AWS servers. Is it possible that when our cloud platform engineers have setup AWS servers, they configured in such a way we can see our on prem servers?
I'm assuming you used your domain credentials to RDP to the servers in AWS... The AWS servers would need to be joined to the domain and there would need to be a route from the VPC in AWS back to your on-prem infrastructure in order for either of those things to work, so it sounds like it was configured prior to you logging onto it.

Transitioning from Amazon AWS to a different Hosting provider

This task fell on my lap and I have no experience with Amazon aws. We run a simple informational site along with redmine (as a subdomain) using amazon aws and want to switch to simple helix. I have researched how to switch providers and I haven't found any posts that show how to do this step by step. Is there a simple way to move from Amazon aws to another provider? I think it would be best to create a duplicate of what we have on amazon aws on the simple helix server before totally dropping amazon aws. As far as I know I only have log in details to EC2 Console, no ssh log in details or FTP for amazon aws.
When an AWS instance is launched a public/private key pair is specified and installed in the running instance. You can find the name of the key-pair by looking at details of the instance in the console. Check for "Key pair name".
Hopefully, you'll have the private key of that pair somewhere at hand. If it's lost I'm not sure how to recover it without tech support from Amazon.
If you have the private key then ssh is simple, just type:
ssh -i my.private.key -l ubuntu servername
or something similar and you're in.
FTP access might require opening up a port in the firewall. Look at the security group settings for the server to see what ports are open. Secure ftp is available if you can ssh into the machine using the same private key.