Learn Active Directory on AWS in minutes.
🛑 Read this before starting: This lab creates real AWS resources. By default, it uses t3.micro (Free Tier eligible) but can be upgraded to t3.small (~$0.04/hr) for better performance. Always run the Cleanup step when finished.
You are deploying a professional Identity Lab directly from your browser.
(You)
|
[ AWS CloudShell ] <--- (Free Browser Terminal)
|
| (Deploys via Terraform)
v
+-----------------------------------------+
| PRIVATE LAB NETWORK (VPC) |
| |
| +-------------+ +--------------+ |
| | Domain |<--->| Member | |
| | Controller | | Server | |
| | (DC01) | | (Client01) | |
| +-------------+ +--------------+ |
+-----------------------------------------+
- Zero Setup: No local tools to install. No configuration files.
- Secure: Uses AWS Systems Manager (SSM) for access. No public IP addresses required.
- Log in to AWS:
- Go to the AWS Console.
- Ensure you are in US East (N. Virginia) or your preferred region.
- Open CloudShell:
- Click the CloudShell icon (
>_) in the top navigation bar (near the bell icon). - Or press
Alt+S(Windows) /Option+S(Mac). - Wait for the terminal to prepare.
- Run the Deployment:
- Paste the following commands into the terminal and hit Enter:
git clone https://github.com/Hectormalvarez/basic-ad.git
cd basic-ad
# Run with default settings (Free Tier / t3.micro (1GB RAM))
./quickstart.sh
# Recommended: Run with better performance (~$0.04/hr (2GB RAM))
./quickstart.sh t3.small
Note: running .\quickstart.sh without a parameter will default to t3.micro (Free Tier) with only 1GB of RAM.
To use a faster instance, run: ./quickstart.sh LARGER_INSTANCE_TYPE
- Enter a Password:
- When prompted, type a secure password (e.g.,
SuperSecurePass123!). - Note: Characters will not appear while typing.
- Wait for Completion:
- Terraform will build the network and servers.
- The lab takes about 10-15 minutes (Windows needs to reboot twice to promote the Domain Controller).
- Look for the green message:
Deployment Complete!
Once the deployment finishes, you can connect directly from CloudShell.
- Connect to DC01:
- Run this command in your CloudShell terminal:
./connect.sh
- This uses AWS Systems Manager to open a secure PowerShell session on the Domain Controller.
- Verify Active Directory:
- Once connected (you will see a
PS C:\>prompt), try these commands:
# Check the domain details
Get-ADDomain
# Check DNS records
Get-DnsServerResourceRecord -ZoneName "corp.cloudlab.internal"
- Open a new CloudShell tab (Click the
+icon). - Navigate to the folder:
cd basic-ad - Connect to the member server:
./connect.sh client
Ensure you are in the correct directory. Run cd ~/basic-ad and try again.
If you try ./connect.sh immediately after deployment, the server might still be booting. Wait 2 minutes and try again.
Your AWS user permissions might be too restricted. Ensure you are using an Admin user or have full EC2/VPC permissions.
Do not skip this. If you leave this running, AWS will charge you for the servers.
- Go back to your CloudShell terminal.
- Run this command:
./quickstart.sh destroy
- Wait for the confirmation:
Cleanup Complete!
Tip: If you close CloudShell, your lab is NOT deleted. You must reopen CloudShell, navigate to the folder, and run the destroy command.