stackoom
  简体   繁体   中英

Create a user on AWS Workspaces with API

 原文  2019-07-11 18:46:29       amazon-web-services/ aws-sdk/ boto3/ amazon-workspaces

Question

When creating a Workspace, I can create one or more users providing email and other information.

在此处输入图片说明

I am trying to do the same using AWS API or boto3 in python. None of WorkSpaces and DirectoryService in boto3 provide a way to create a user in AWS Simple AD.

How do I create a user on AWS Simple AD programmatically?

3 answers

solution1
 2  2020-02-17 20:41:54

Actually, it looks like you might be able to do this. Check out the API documentation for workdocs. It says "Creates a user in a Simple AD or Microsoft AD directory."

https://docs.aws.amazon.com/workdocs/latest/APIReference/API_CreateUser.html 

POST /api/v1/users HTTP/1.1
Authentication: AuthenticationToken
Content-type: application/json

{
   "EmailAddress": "string",
   "GivenName": "string",
   "OrganizationId": "string",
   "Password": "string",
   "StorageRule": { 
      "StorageAllocatedInBytes": number,
      "StorageType": "string"
   },
   "Surname": "string",
   "TimeZoneId": "string",
   "Username": "string"
}

boto3 doc: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/workdocs.html#WorkDocs.Client.create_user

solution2
 1  2019-07-17 05:58:56

Simple answer is that you cannot create a user 'programmatically'. You cannot even create just a user in Simple AD, you can only create it when creating a Workspace.

To create AD users you will need to start up a Windows EC2 instance and add it to the AWS Directory domain. Then, install AD management tools in that instance and use that to create/manage users. You can read about it in details for here, https://docs.aws.amazon.com/directoryservice/latest/admin-guide/simple_ad_how_to.html

You can run a powershell script in that EC2 instance to automate. Maybe even create a lambda function to run it.

solution3
 0  2020-07-17 04:36:35

The answer from @JapethMarvel is probably the closest to what you're looking for, but it's subject to a variety of conditions that I documented in my comment.

It's worth noting that this Amazon blog post demonstrates a Lambda that makes API calls directly to the Directory Service using the ldap3 library. I haven't investigated it in depth, but it seems likely that users could be managed in this way. Of course, this solution comes with other constraints since the system (or Lambda) running this script must be able to access the Directory (not just the AWS APIs). If that directory is private, the Lambda would need to be given access to the VPC (eg by attaching it).

This prevent us from using it eg in a Custom CloudFormation Resource Provider without additional layers of complexity. For example, it might be possible to have the CF Resource create a VPC-bound lambda to proxy requests to the Directory.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS workspaces user and password definition Amazon Workspaces create image with user setting AWS Workspaces - Unable to provide Console Access to IAM user How to filter AWS workspaces as per last user activity? AWS WorkSpaces With Windows 10 AWS Workspaces CLI: Syntax for `Start - Workspaces` AWS WorkMail Create User API throwing `OrganizationNotFoundException` error AWS Cognito - Create a user via API Endpoint in Postman API credentials as federated aws user? API to query AWS User Documentation
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM