...
Prior to being able to join an AWS Windows instance to Cornell AD you must verify two things: 1) that your VPC's
- The subnet(s) where you wish to run domain-joined instance must use CIDR blocks officially allocated to you from the Cornell private network.
- Your VPC is connected to the private Cornell network using Direct Connect. (See Cornell AWS Direct Connect.)
If your AWS account onboarding included Direct Connect fall within an allowable range and, 2) that your VPC is peered with the "core VPC". If your group was formally onboarded by the Cloudification team, then you should meet both requirements already. The subnet requirement is there to ensure that there are no IP address conflicts and that all hosts are properly registered. The VPC peering Direct Connect access allows communication to the VPC where IDM has built domain controllers at AWS.
...
At its most basic, after fulfilling the two prerequisites above, you can use the GUI within the Windows instance to manually join Cornell AD following the normal process you would use on campus. IDM has written instructions available here (https://it.cornell.edu/cornellad/join-windows-computer-cornellad-domain). One thing to keep in mind is that since AWS instances do not conform to Cornell AD's naming convention you will need to rename the instance prior to domain joining. You could also use Powershell PowerShell to script the computer object creation, the instance rename, and the domain join.