Resource: aws_directory_service_trust

Manages a trust relationship between two Active Directory Directories.

The directories may either be both AWS Managed Microsoft AD domains or an AWS Managed Microsoft AD domain and a self-managed Active Directory Domain.

The Trust relationship must be configured on both sides of the relationship. If a Trust has only been created on one side, it will be in the state VerifyFailed. Once the second Trust is created, the first will update to the correct state.

Example Usage

Two-Way Trust

resource "aws_directory_service_trust" "one" {
  directory_id = aws_directory_service_directory.one.id

  remote_domain_name = aws_directory_service_directory.two.name
  trust_direction    = "Two-Way"
  trust_password     = "Some0therPassword"

  conditional_forwarder_ip_addrs = aws_directory_service_directory.two.dns_ip_addresses
}

resource "aws_directory_service_trust" "two" {
  directory_id = aws_directory_service_directory.two.id

  remote_domain_name = aws_directory_service_directory.one.name
  trust_direction    = "Two-Way"
  trust_password     = "Some0therPassword"

  conditional_forwarder_ip_addrs = aws_directory_service_directory.one.dns_ip_addresses
}

resource "aws_directory_service_directory" "one" {
  name = "one.example.com"
  type = "MicrosoftAD"
  # ...
}

resource "aws_directory_service_directory" "two" {
  name = "two.example.com"
  type = "MicrosoftAD"
  # ...
}

One-Way Trust

resource "aws_directory_service_trust" "one" {
  directory_id = aws_directory_service_directory.one.id

  remote_domain_name = aws_directory_service_directory.two.name
  trust_direction    = "One-Way: Incoming"
  trust_password     = "Some0therPassword"

  conditional_forwarder_ip_addrs = aws_directory_service_directory.two.dns_ip_addresses
}

resource "aws_directory_service_trust" "two" {
  directory_id = aws_directory_service_directory.two.id

  remote_domain_name = aws_directory_service_directory.one.name
  trust_direction    = "One-Way: Outgoing"
  trust_password     = "Some0therPassword"

  conditional_forwarder_ip_addrs = aws_directory_service_directory.one.dns_ip_addresses
}

resource "aws_directory_service_directory" "one" {
  name = "one.example.com"
  type = "MicrosoftAD"
  # ...
}

resource "aws_directory_service_directory" "two" {
  name = "two.example.com"
  type = "MicrosoftAD"
  # ...
}

Argument Reference

This resource supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import the Trust relationship using the directory ID and remote domain name, separated by a /. For example:

import {
  to = aws_directory_service_trust.example
  id = "d-926724cf57/directory.example.com"
}

Using terraform import, import the Trust relationship using the directory ID and remote domain name, separated by a /. For example:

% terraform import aws_directory_service_trust.example d-926724cf57/directory.example.com