1. Create new role "EC2RoleforSSM" in AWS IAM
AWS->IAM->Roles->Create role->Select EC2, EC2 Role for Simple Systems Manager->AmazonEC2RoleforSSM->Role Name "EC2RoleforSSM"->Create Role
2. Create a new document "join_domain_doc" in AWS System Manager Shared Resources
AWS->EC2->System Manager Shared Resources->Documents->Create Document name "join_domain_doc"
{ "schemaVersion": "1.0", "description": "Join an instance to a domain", "runtimeConfig": { "aws:domainJoin": { "properties": { "directoryId": "d-8267xxxxxx", "directoryName": "ad.domain.com", "dnsIpAddresses": [ "10.200.221.118", "10.200.223.119" ] } } } }
3. Create a new Windows EC2 instance and Attach role "EC2RoleforSSM"
AWS->EC2->Launch Instance->Select Windows 2016 base AMI->Instance Type->Storage->Network->SG->Launch
AWS->EC2->Select new EC2->Action->Attach role "EC2RoleforSSM"
4. Run a Command to the new Windows EC2 instance in AWS System Manager Services
AWS->System Manager Services->Run a Command->Owned By me document->Select "join_domain_doc"->Select Instances->Run
Refer:
https://amazonaws-china.com/cn/premiumsupport/knowledge-center/ec2-systems-manager-dx-domain/
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/prereq_connector.html#connect_verification
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up.html