SSO Setup Considerations

Before you Begin please note the prerequisites

  • For this walkthrough, you should have the following prerequisites:
    • An AWS account.
    • AWS permissions to provision Amazon EC2 instances and default VPC, deploy AWS CloudFormation templates, and create an IAM role and policy.
    • For the purposes of this post, this could be a dev or test environment. Check with your administrator to ensure that you have access to these prerequisites.
    • The ability to access remotely using Remote Desktop Protocol (RDP) for the Windows 2016 EC2 instance.
    • Some familiarity with working on an Microsoft Windows environment, such as running MS PowerShell to follow along with this post.

Setting up the domain controller and AD FS

To set up your domain controller and AD FS, complete the following steps:

Launch the following CloudFormation template

This template provisions the EC2 instance and sets up a domain controller.

  • Enter a name for the stack, such as AD FS2016Redshift.
  • Provide the following parameters:
  • Amild – Keep as default
  • DomainDNSName – adfsredshift.com
  • DomainNetBIOSName – adfsredshift
  • InstanceType – Keep as default (m5.large)
  • KeyName: The .pem key pair in the Region for your IAM user.For instructions on creating a key pair, see Creating or importing a key pair.
  • RestoreModePassword – Enter a strong and memorable password of your choice
  • SourceCidrForRDP – Open (you restrict it through your security group later)
  • Choose Next.
  • Select the check-box acknowledging that the template might cause AWS CloudFormation to create IAM resources on your behalf.
  • Choose Next.
  • Choose Create stack.
  • On the Amazon EC2 console, choose the Windows 2016 EC2 instance created by Cloudformation template.
  • In the description below, click on the security group, which will open it up.
  • From the Actions drop-down menu, choose Edit inbound rules.
  • Edit the inbound rules to restrict the IP range for RDP access and add a rule for HTTPS using your own IP range.
  • To find your IP in the rule, for Source, choose MyIP from the drop-down menu.
  • Choose Save.
  • After updating security group, go back to the Windows 2016 EC2 instance, from the Actions drop-down menu, choose Get Windows Password using the key pair you used when you launched the instance.

Detailed steps for AD FS configuration