使用 API 在 AWS Workspaces 上创建用户
[英]Create a user on AWS Workspaces with API
问题描述
When creating a Workspace, I can create one or more users providing email and other information.
创建工作区时,我可以创建一个或多个提供电子邮件和其他信息的用户。
I am trying to do the same using AWS API or boto3 in python.我正在尝试在 python 中使用 AWS API 或 boto3 来做同样的事情。 None of WorkSpaces and DirectoryService in boto3 provide a way to create a user in AWS Simple AD. boto3 中的WorkSpaces和DirectoryService都没有提供在 AWS Simple AD 中创建用户的方法。
How do I create a user on AWS Simple AD programmatically?如何以编程方式在 AWS Simple AD 上创建用户?
3 个解决方案
解决方案1
2 2020-02-17 20:41:54
Actually, it looks like you might be able to do this.实际上,您似乎可以做到这一点。 Check out the API documentation for workdocs.查看工作文档的 API 文档。 It says "Creates a user in a Simple AD or Microsoft AD directory."它说“在 Simple AD 或 Microsoft AD 目录中创建用户”。
https://docs.aws.amazon.com/workdocs/latest/APIReference/API_CreateUser.html https://docs.aws.amazon.com/workdocs/latest/APIReference/API_CreateUser.html
POST /api/v1/users HTTP/1.1
Authentication: AuthenticationToken
Content-type: application/json
{
"EmailAddress": "string",
"GivenName": "string",
"OrganizationId": "string",
"Password": "string",
"StorageRule": {
"StorageAllocatedInBytes": number,
"StorageType": "string"
},
"Surname": "string",
"TimeZoneId": "string",
"Username": "string"
}
boto3 doc: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/workdocs.html#WorkDocs.Client.create_user boto3 文档: https ://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/workdocs.html#WorkDocs.Client.create_user
解决方案2
1 2019-07-17 05:58:56
Simple answer is that you cannot create a user 'programmatically'.简单的答案是您不能“以编程方式”创建用户。 You cannot even create just a user in Simple AD, you can only create it when creating a Workspace.您甚至不能在 Simple AD 中只创建一个用户,您只能在创建工作区时创建它。
To create AD users you will need to start up a Windows EC2 instance and add it to the AWS Directory domain.要创建 AD 用户,您需要启动 Windows EC2 实例并将其添加到 AWS Directory 域。 Then, install AD management tools in that instance and use that to create/manage users.然后,在该实例中安装 AD 管理工具并使用它来创建/管理用户。 You can read about it in details for here, https://docs.aws.amazon.com/directoryservice/latest/admin-guide/simple_ad_how_to.html您可以在此处详细了解它, https://docs.aws.amazon.com/directoryservice/latest/admin-guide/simple_ad_how_to.html
You can run a powershell script in that EC2 instance to automate.您可以在该 EC2 实例中运行 powershell 脚本以实现自动化。 Maybe even create a lambda function to run it.甚至可以创建一个 lambda 函数来运行它。
解决方案3
0 2020-07-17 04:36:35
The answer from @JapethMarvel is probably the closest to what you're looking for, but it's subject to a variety of conditions that I documented in my comment. @JapethMarvel 的答案可能与您要寻找的最接近,但它受我在评论中记录的各种条件的影响。
It's worth noting that this Amazon blog post demonstrates a Lambda that makes API calls directly to the Directory Service using the ldap3 library.值得注意的是, 这篇亚马逊博客文章展示了一个 Lambda,它使用ldap3库直接对目录服务进行 API 调用。 I haven't investigated it in depth, but it seems likely that users could be managed in this way.我没有深入研究过,但似乎可以通过这种方式管理用户。 Of course, this solution comes with other constraints since the system (or Lambda) running this script must be able to access the Directory (not just the AWS APIs).当然,此解决方案还存在其他限制,因为运行此脚本的系统(或 Lambda)必须能够访问目录(而不仅仅是 AWS API)。 If that directory is private, the Lambda would need to be given access to the VPC (eg by attaching it).如果该目录是私有的,则需要授予 Lambda 访问 VPC 的权限(例如,通过附加它)。
This prevent us from using it eg in a Custom CloudFormation Resource Provider without additional layers of complexity.这阻止我们在没有额外复杂层的情况下在自定义 CloudFormation 资源提供程序中使用它。 For example, it might be possible to have the CF Resource create a VPC-bound lambda to proxy requests to the Directory.例如,可能让 CF 资源创建一个 VPC 绑定的 lambda 来代理对目录的请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.