選取您的 Cookie 偏好設定

我們使用提供自身網站和服務所需的基本 Cookie 和類似工具。我們使用效能 Cookie 收集匿名統計資料,以便了解客戶如何使用我們的網站並進行改進。基本 Cookie 無法停用,但可以按一下「自訂」或「拒絕」以拒絕效能 Cookie。

如果您同意,AWS 與經核准的第三方也會使用 Cookie 提供實用的網站功能、記住您的偏好設定,並顯示相關內容,包括相關廣告。若要接受或拒絕所有非必要 Cookie,請按一下「接受」或「拒絕」。若要進行更詳細的選擇,請按一下「自訂」。

偏好設定
聯絡我們
意見回饋
AWS Documentation
建立 AWS 帳戶
AddIpRoutes - AWS Directory Service
Request SyntaxRequest ParametersResponse ElementsErrorsExamplesSee Also
此頁面尚未翻譯為您的語言。 請求翻譯

AddIpRoutes

PDF

If the DNS server for your self-managed domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services. AddIpRoutes adds this address block. You can also use AddIpRoutes to facilitate routing traffic that uses public IP ranges from your Microsoft AD on AWS to a peer VPC.

Before you call AddIpRoutes, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the AddIpRoutes operation, see AWS Directory Service API Permissions: Actions, Resources, and Conditions Reference.

Request Syntax

{
   "DirectoryId": "string",
   "IpRoutes": [ 
      { 
         "CidrIp": "string",
         "Description": "string"
      }
   ],
   "UpdateSecurityGroupForDirectoryControllers": boolean
}

Request Parameters

The request accepts the following data in JSON format.

DirectoryId

Identifier (ID) of the directory to which to add the address block.

Type: String

Pattern: ^d-[0-9a-f]{10}$

Required: Yes

IpRoutes

IP address blocks, using CIDR format, of the traffic to route. This is often the IP address block of the DNS server used for your self-managed domain.

Type: Array of IpRoute objects

Required: Yes

UpdateSecurityGroupForDirectoryControllers

If set to true, updates the inbound and outbound rules of the security group that has the description: "AWS created security group for directory ID directory controllers." Following are the new rules:

Inbound:

  • Type: Custom UDP Rule, Protocol: UDP, Range: 88, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom UDP Rule, Protocol: UDP, Range: 123, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom UDP Rule, Protocol: UDP, Range: 138, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom UDP Rule, Protocol: UDP, Range: 389, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom UDP Rule, Protocol: UDP, Range: 464, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom UDP Rule, Protocol: UDP, Range: 445, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom TCP Rule, Protocol: TCP, Range: 88, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom TCP Rule, Protocol: TCP, Range: 135, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom TCP Rule, Protocol: TCP, Range: 445, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom TCP Rule, Protocol: TCP, Range: 464, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom TCP Rule, Protocol: TCP, Range: 636, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom TCP Rule, Protocol: TCP, Range: 1024-65535, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: Custom TCP Rule, Protocol: TCP, Range: 3268-33269, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: DNS (UDP), Protocol: UDP, Range: 53, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: DNS (TCP), Protocol: TCP, Range: 53, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: LDAP, Protocol: TCP, Range: 389, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

  • Type: All ICMP, Protocol: All, Range: N/A, Source: AWS Managed Microsoft AD VPC IPv4 CIDR

Outbound:

  • Type: All traffic, Protocol: All, Range: All, Destination: 0.0.0.0/0

These security rules impact an internal network interface that is not exposed publicly.

Type: Boolean

Required: No

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

ClientException

A client exception has occurred.

HTTP Status Code: 400

DirectoryUnavailableException

The specified directory is unavailable.

HTTP Status Code: 400

EntityAlreadyExistsException

The specified entity already exists.

HTTP Status Code: 400

EntityDoesNotExistException

The specified entity could not be found.

HTTP Status Code: 400

InvalidParameterException

One or more parameters are not valid.

HTTP Status Code: 400

IpRouteLimitExceededException

The maximum allowed number of IP addresses was exceeded. The default limit is 100 IP address blocks.

HTTP Status Code: 400

ServiceException

An exception has occurred in AWS Directory Service.

HTTP Status Code: 500

Examples

The following examples are formatted for legibility.

Example Request

This example illustrates one usage of AddIpRoutes.

POST / HTTP/1.1
Host: ds.us-west-2.amazonaws.com
Accept-Encoding: identity
Content-Length: 98
X-Amz-Target: DirectoryService_20150416.AddIpRoutes
X-Amz-Date: 20161212T212029Z
User-Agent: aws-cli/1.11.24 Python/2.7.9 Windows/7 botocore/1.4.81
Content-Type: application/x-amz-json-1.1
Authorization: AWS4-HMAC-SHA256 
 Credential=AKIAI7E3BYXS3example/20161212/us-west-2/ds/aws4_request, 
 SignedHeaders=content-type;host;x-amz-date;x-amz-target, 
 Signature=477f3a2802dcc303f69499723eb2e29a455fe3d1b646df0dacfd7c005a3a9509

 {
   "DirectoryId":"d-926example",
   "IpRoutes":[
      {
         "Description":"my IpRoute",
         "CidrIp":"12.12.12.12/32"
      }
   ]
 }

Example Response

This example illustrates one usage of AddIpRoutes.

HTTP/1.1 200 OK
x-amzn-RequestId: cfc1cbc8-c0b0-11e6-aa44-41d91ee57463
Content-Type: application/x-amz-json-1.1
Content-Length: 2
Date: Mon, 12 Dec 2016 21:20:31 GMT

 {
 }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

下一個主題:

AddRegion

上一個主題:

AcceptSharedDirectory

需要協助?

隱私權網站條款Cookie 偏好設定
© 2025, Amazon Web Services, Inc.或其附屬公司。保留所有權利。