"documentation":"<p>Creates an alias for a directory and assigns the alias to the directory. The alias is used to construct the access URL for the directory, such as <code>http://<![CDATA[<]]>alias<![CDATA[>]]>.awsapps.com</code>.</p> <important> <p>After an alias has been created, it cannot be deleted or reused, so this operation should only be used when absolutely necessary.</p> </important>"
"documentation":"<p>AWS Directory Service for Microsoft Active Directory allows you to configure trust relationships. For example, you can establish a trust between your Microsoft AD in the AWS cloud, and your existing on-premises Microsoft Active Directory. This would allow you to provide users and groups access to resources in either domain, with a single set of credentials.</p><p>This action initiates the creation of the AWS side of a trust relationship between a Microsoft AD in the AWS cloud and an external domain.</p>"
"documentation":"<p>Obtains information about the directories that belong to this account.</p> <p>You can retrieve information about specific directories by passing the directory identifiers in the <i>DirectoryIds</i> parameter. Otherwise, all directories that belong to the current account are returned.</p> <p>This operation supports pagination with the use of the <i>NextToken</i> request and response parameters. If more results are available, the <i>DescribeDirectoriesResult.NextToken</i> member contains a token that you pass in the next call to <a>DescribeDirectories</a> to retrieve the next set of items.</p> <p>You can also specify a maximum number of return results with the <i>Limit</i> parameter.</p>"
"documentation":"<p>Obtains information about the directory snapshots that belong to this account.</p> <p>This operation supports pagination with the use of the <i>NextToken</i> request and response parameters. If more results are available, the <i>DescribeSnapshots.NextToken</i> member contains a token that you pass in the next call to <a>DescribeSnapshots</a> to retrieve the next set of items.</p> <p>You can also specify a maximum number of return results with the <i>Limit</i> parameter.</p>"
"documentation":"<p>Obtains information about the trust relationships for this account.</p> <p>If no input parameters are provided, such as DirectoryId or TrustIds, this request describes all the trust relationships belonging to the account.</p>"
"documentation":"<p>Disables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory.</p>"
"documentation":"<p>Enables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory.</p>"
"documentation":"<p>Restores a directory using an existing directory snapshot.</p> <p>When you restore a directory from a snapshot, any changes made to the directory after the snapshot date are overwritten.</p> <p>This action returns as soon as the restore operation is initiated. You can monitor the progress of the restore operation by calling the <a>DescribeDirectories</a> operation with the directory identifier. When the <b>DirectoryDescription.Stage</b> value changes to <code>Active</code>, the restore operation is complete.</p>"
"documentation":"<p>AWS Directory Service for Microsoft Active Directory allows you to configure and verify trust relationships. </p><p>This action verifies a trust relationship between your Microsoft AD in the AWS cloud and an external domain.</p>"
"documentation":"<p>The requested alias.</p> <p>The alias must be unique amongst all aliases in AWS. This operation throws an <code>EntityAlreadyExistsException</code> error if the alias already exists.</p>"
"documentation":"<p>The name of the computer account.</p>"
},
"Password":{
"shape":"ComputerPassword",
"documentation":"<p>A one-time password that is used to join the computer to the directory. You should generate a random, strong password to use for this parameter.</p>"
},
"OrganizationalUnitDistinguishedName":{
"shape":"OrganizationalUnitDN",
"documentation":"<p>The fully-qualified distinguished name of the organizational unit to place the computer account in.</p>"
},
"ComputerAttributes":{
"shape":"Attributes",
"documentation":"<p>An array of <a>Attribute</a> objects that contain any LDAP attributes to apply to the computer account.</p>"
}
},
"documentation":"<p>Contains the inputs for the <a>CreateComputer</a> operation.</p>"
"documentation":"<p>Contains the results for the <a>CreateComputer</a> operation.</p>"
},
"CreateDirectoryRequest":{
"type":"structure",
"required":[
"Name",
"Password",
"Size"
],
"members":{
"Name":{
"shape":"DirectoryName",
"documentation":"<p>The fully qualified name for the directory, such as <code>corp.example.com</code>.</p>"
},
"ShortName":{
"shape":"DirectoryShortName",
"documentation":"<p>The short name of the directory, such as <code>CORP</code>.</p>"
},
"Password":{
"shape":"Password",
"documentation":"<p>The password for the directory administrator. The directory creation process creates a directory administrator account with the username <code>Administrator</code> and this password.</p>"
},
"Description":{
"shape":"Description",
"documentation":"<p>A textual description for the directory.</p>"
},
"Size":{
"shape":"DirectorySize",
"documentation":"<p>The size of the directory.</p>"
},
"VpcSettings":{
"shape":"DirectoryVpcSettings",
"documentation":"<p>A <a>DirectoryVpcSettings</a> object that contains additional information for the operation.</p>"
}
},
"documentation":"<p>Contains the inputs for the <a>CreateDirectory</a> operation. </p>"
},
"CreateDirectoryResult":{
"type":"structure",
"members":{
"DirectoryId":{
"shape":"DirectoryId",
"documentation":"<p>The identifier of the directory that was created.</p>"
}
},
"documentation":"<p>Contains the results of the <a>CreateDirectory</a> operation.</p>"
"documentation":"<p>The fully qualified domain name for the directory, such as <code>corp.example.com</code>. This name will resolve inside your VPC only. It does not need to be publicly resolvable.</p>"
},
"ShortName":{
"shape":"DirectoryShortName",
"documentation":"<p>The NetBIOS name for your domain. A short identifier for your domain, such as <code>CORP</code>. If you don't specify a NetBIOS name, it will default to the first part of your directory DNS. For example, <code>CORP</code> for the directory DNS <code>corp.example.com</code>. </p>"
},
"Password":{
"shape":"Password",
"documentation":"<p>The password for the default administrative user named <code>Admin</code>.</p>"
},
"Description":{
"shape":"Description",
"documentation":"<p>A textual description for the directory. This label will appear on the AWS console <code>Directory Details</code> page after the directory is created.</p>"
},
"VpcSettings":{"shape":"DirectoryVpcSettings"}
},
"documentation":"Creates a Microsoft AD in the AWS cloud."
},
"CreateMicrosoftADResult":{
"type":"structure",
"members":{
"DirectoryId":{
"shape":"DirectoryId",
"documentation":"The identifier of the directory that was created."
"documentation":"The Directory ID of the Microsoft AD in the AWS cloud for which to establish the trust relationship."
},
"RemoteDomainName":{
"shape":"RemoteDomainName",
"documentation":"The Fully Qualified Domain Name (FQDN) of the external domain for which to create the trust relationship."
},
"TrustPassword":{
"shape":"TrustPassword",
"documentation":"The trust password. The must be the same password that was used when creating the trust relationship on the external domain."
},
"TrustDirection":{
"shape":"TrustDirection",
"documentation":"The direction of the trust relationship."
},
"TrustType":{
"shape":"TrustType",
"documentation":"The trust relationship type."
}
},
"documentation":"<p>AWS Directory Service for Microsoft Active Directory allows you to configure trust relationships. For example, you can establish a trust between your Microsoft AD in the AWS cloud, and your existing on-premises Microsoft Active Directory. This would allow you to provide users and groups access to resources in either domain, with a single set of credentials.</p><p>This action initiates the creation of the AWS side of a trust relationship between a Microsoft AD in the AWS cloud and an external domain.</p>"
},
"CreateTrustResult":{
"type":"structure",
"members":{
"TrustId":{
"shape":"TrustId",
"documentation":"A unique identifier for the trust relationship that was created."
"documentation":"<p>A list of identifiers of the directories for which to obtain the information. If this member is null, all directories that belong to the current account are returned.</p> <p>An empty list results in an <code>InvalidParameterException</code> being thrown.</p>"
"documentation":"<p>The <i>DescribeDirectoriesResult.NextToken</i> value from a previous call to <a>DescribeDirectories</a>. Pass null if this is the first call.</p>"
},
"Limit":{
"shape":"Limit",
"documentation":"<p>The maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation.</p>"
}
},
"documentation":"<p>Contains the inputs for the <a>DescribeDirectories</a> operation.</p>"
},
"DescribeDirectoriesResult":{
"type":"structure",
"members":{
"DirectoryDescriptions":{
"shape":"DirectoryDescriptions",
"documentation":"<p>The list of <a>DirectoryDescription</a> objects that were retrieved.</p> <p>It is possible that this list contains less than the number of items specified in the <i>Limit</i> member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded.</p>"
},
"NextToken":{
"shape":"NextToken",
"documentation":"<p>If not null, more results are available. Pass this value for the <i>NextToken</i> parameter in a subsequent call to <a>DescribeDirectories</a> to retrieve the next set of items.</p>"
}
},
"documentation":"<p>Contains the results of the <a>DescribeDirectories</a> operation.</p>"
"documentation":"<p>A list of identifiers of the snapshots to obtain the information for. If this member is null or empty, all snapshots are returned using the <i>Limit</i> and <i>NextToken</i> members.</p>"
},
"NextToken":{
"shape":"NextToken",
"documentation":"<p>The <i>DescribeSnapshotsResult.NextToken</i> value from a previous call to <a>DescribeSnapshots</a>. Pass null if this is the first call.</p>"
},
"Limit":{
"shape":"Limit",
"documentation":"<p>The maximum number of objects to return.</p>"
}
},
"documentation":"<p>Contains the inputs for the <a>DescribeSnapshots</a> operation.</p>"
},
"DescribeSnapshotsResult":{
"type":"structure",
"members":{
"Snapshots":{
"shape":"Snapshots",
"documentation":"<p>The list of <a>Snapshot</a> objects that were retrieved.</p> <p>It is possible that this list contains less than the number of items specified in the <i>Limit</i> member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded.</p>"
},
"NextToken":{
"shape":"NextToken",
"documentation":"<p>If not null, more results are available. Pass this value in the <i>NextToken</i> member of a subsequent call to <a>DescribeSnapshots</a>.</p>"
}
},
"documentation":"<p>Contains the results of the <a>DescribeSnapshots</a> operation.</p>"
"documentation":"The Directory ID of the AWS directory that is a part of the requested trust relationship."
},
"TrustIds":{
"shape":"TrustIds",
"documentation":"<p>A list of identifiers of the trust relationships for which to obtain the information. If this member is null, all trust relationships that belong to the current account are returned.</p> <p>An empty list results in an <code>InvalidParameterException</code> being thrown.</p>"
},
"NextToken":{
"shape":"NextToken",
"documentation":"<p>The <i>DescribeTrustsResult.NextToken</i> value from a previous call to <a>DescribeTrusts</a>. Pass null if this is the first call.</p>"
},
"Limit":{
"shape":"Limit",
"documentation":"The maximum number of objects to return."
}
},
"documentation":"Describes the trust relationships for a particular Microsoft AD in the AWS cloud. If no input parameters are are provided, such as directory ID or trust ID, this request describes all the trust relationships."
},
"DescribeTrustsResult":{
"type":"structure",
"members":{
"Trusts":{
"shape":"Trusts",
"documentation":"<p>The list of Trust objects that were retrieved.</p> <p>It is possible that this list contains less than the number of items specified in the <i>Limit</i> member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded.</p>"
},
"NextToken":{
"shape":"NextToken",
"documentation":"<p>If not null, more results are available. Pass this value for the <i>NextToken</i> parameter in a subsequent call to <a>DescribeTrusts</a> to retrieve the next set of items.</p>"
"documentation":"<p>A list of one or more IP addresses of DNS servers or domain controllers in the on-premises directory.</p>"
},
"CustomerUserName":{
"shape":"UserName",
"documentation":"<p>The username of an account in the on-premises directory that is used to connect to the directory. This account must have the following privileges:</p> <ul> <li>Read users and groups</li> <li>Create computer objects</li> <li>Join computers to the domain</li> </ul>"
}
},
"documentation":"<p>Contains information for the <a>ConnectDirectory</a> operation when an AD Connector directory is being created.</p>"
},
"DirectoryConnectSettingsDescription":{
"type":"structure",
"members":{
"VpcId":{
"shape":"VpcId",
"documentation":"<p>The identifier of the VPC that the AD Connector is in.</p>"
},
"SubnetIds":{
"shape":"SubnetIds",
"documentation":"<p>A list of subnet identifiers in the VPC that the AD connector is in.</p>"
},
"CustomerUserName":{
"shape":"UserName",
"documentation":"<p>The username of the service account in the on-premises directory.</p>"
},
"SecurityGroupId":{
"shape":"SecurityGroupId",
"documentation":"<p>The security group identifier for the AD Connector directory.</p>"
},
"AvailabilityZones":{
"shape":"AvailabilityZones",
"documentation":"<p>A list of the Availability Zones that the directory is in.</p>"
},
"ConnectIps":{
"shape":"IpAddrs",
"documentation":"<p>The IP addresses of the AD Connector servers.</p>"
}
},
"documentation":"<p>Contains information about an AD Connector directory.</p>"
"documentation":"<p>The alias for the directory. If no alias has been created for the directory, the alias is the directory identifier, such as <code>d-XXXXXXXXXX</code>.</p>"
"documentation":"<p>The access URL for the directory, such as <code>http://<![CDATA[<]]>alias<![CDATA[>]]>.awsapps.com</code>. If no alias has been created for the directory, <code><![CDATA[<]]>alias<![CDATA[>]]></code> is the directory identifier, such as <code>d-XXXXXXXXXX</code>.</p>"
"documentation":"<p>The IP addresses of the DNS servers for the directory. For a Simple AD or Microsoft AD directory, these are the IP addresses of the Simple AD or Microsoft AD directory servers. For an AD Connector directory, these are the IP addresses of the DNS servers or domain controllers in the on-premises directory to which the AD Connector is connected.</p>"
"documentation":"<p>A <a>DirectoryVpcSettingsDescription</a> object that contains additional information about a directory. This member is only present if the directory is a Simple AD or Managed AD directory.</p>"
"documentation":"<p>A <a>DirectoryConnectSettingsDescription</a> object that contains additional information about an AD Connector directory. This member is only present if the directory is an AD Connector directory.</p>"
},
"RadiusSettings":{
"shape":"RadiusSettings",
"documentation":"<p>A <a>RadiusSettings</a> object that contains information about the RADIUS server configured for this directory.</p>"
},
"RadiusStatus":{
"shape":"RadiusStatus",
"documentation":"<p>The status of the RADIUS MFA server connection.</p>"
},
"StageReason":{
"shape":"StageReason",
"documentation":"<p>Additional information about the directory stage.</p>"
},
"SsoEnabled":{
"shape":"SsoEnabled",
"documentation":"<p>Indicates if single-sign on is enabled for the directory. For more information, see <a>EnableSso</a> and <a>DisableSso</a>.</p>"
}
},
"documentation":"<p>Contains information about an AWS Directory Service directory.</p>"
},
"DirectoryDescriptions":{
"type":"list",
"member":{"shape":"DirectoryDescription"},
"documentation":"<p>A list of directory descriptions.</p>"
},
"DirectoryId":{
"type":"string",
"pattern":"^d-[0-9a-f]{10}$"
},
"DirectoryIds":{
"type":"list",
"member":{"shape":"DirectoryId"},
"documentation":"<p>A list of directory identifiers.</p>"
"documentation":"<p>The maximum number of directories in the region has been reached. You can use the <a>GetDirectoryLimits</a> operation to determine your directory limits in the region.</p>",
"documentation":"<p>The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. AWS Directory Service creates a directory server and a DNS server in each of these subnets.</p>"
"documentation":"<p>The security group identifier for the directory. If the directory was created before 8/1/2014, this is the identifier of the directory members security group that was created when the directory was created. If the directory was created after this date, this value is null.</p>"
"documentation":"<p>The username of an alternate account to use to disable single-sign on. This is only used for AD Connector directories. This account must have privileges to remove a service principal name. </p> <p>If the AD Connector service account does not have privileges to remove a service principal name, you can specify an alternate account with the <i>UserName</i> and <i>Password</i> parameters. These credentials are only used to disable single sign-on and are not stored by the service. The AD Connector service account is not changed.</p>"
"documentation":"<p>The password of an alternate account to use to disable single-sign on. This is only used for AD Connector directories. For more information, see the <i>UserName</i> parameter.</p>"
"documentation":"<p>The username of an alternate account to use to enable single-sign on. This is only used for AD Connector directories. This account must have privileges to add a service principal name. </p> <p>If the AD Connector service account does not have privileges to add a service principal name, you can specify an alternate account with the <i>UserName</i> and <i>Password</i> parameters. These credentials are only used to enable single sign-on and are not stored by the service. The AD Connector service account is not changed.</p>"
"documentation":"<p>The password of an alternate account to use to enable single-sign on. This is only used for AD Connector directories. For more information, see the <i>UserName</i> parameter.</p>"
"documentation":"<p>An array of strings that contains the IP addresses of the RADIUS server endpoints, or the IP addresses of your RADIUS server load balancer.</p>"
},
"RadiusPort":{
"shape":"PortNumber",
"documentation":"<p>The port that your RADIUS server is using for communications. Your on-premises network must allow inbound traffic over this port from the AWS Directory Service servers.</p>"
},
"RadiusTimeout":{
"shape":"RadiusTimeout",
"documentation":"<p>The amount of time, in seconds, to wait for the RADIUS server to respond.</p>"
},
"RadiusRetries":{
"shape":"RadiusRetries",
"documentation":"<p>The maximum number of times that communication with the RADIUS server is attempted. </p>"
},
"SharedSecret":{
"shape":"RadiusSharedSecret",
"documentation":"<p>The shared secret code that was specified when your RADIUS endpoints were created.</p>"
},
"AuthenticationProtocol":{
"shape":"RadiusAuthenticationProtocol",
"documentation":"<p>The protocol specified for your RADIUS endpoints.</p>"
},
"DisplayLabel":{
"shape":"RadiusDisplayLabel",
"documentation":"<p>Not currently used.</p>"
},
"UseSameUsername":{
"shape":"UseSameUsername",
"documentation":"<p>Not currently used.</p>"
}
},
"documentation":"<p>Contains information about a Remote Authentication Dial In User Service (RADIUS) server.</p>"
"documentation":"<p>The maximum number of manual snapshots for the directory has been reached. You can use the <a>GetSnapshotLimits</a> operation to determine the snapshot limits for a directory.</p>",
"documentation":"<fullname>AWS Directory Service</fullname> <p>This is the <i>AWS Directory Service API Reference</i>. This guide provides detailed information about AWS Directory Service operations, data types, parameters, and errors.</p>"