Prerequisites
Prior to being able to join an AWS Windows instance to Cornell AD you must verify two things : 1) that your VPC's subnet(s) fall within an allowable range and, 2) that your VPC is peered with the "core VPC". If your group was formally onboarded by the Cloudification team, then you should meet both requirements already. The subnet requirement is there to ensure that there are no IP address conflicts and that all hosts are properly registered. The VPC peering allows communication to the VPC where IDM has built domain controllers at AWS.
Join After Launch
At its most basic, after fulfilling the two requirements above, you can use the GUI within the Windows instance to manually join Cornell AD following the normal process you would use on campus. IDM has written instructions available here (https://it.cornell.edu/cornellad/join-windows-computer-cornellad-domain). One thing to keep in mind is that since AWS instances do not conform to Cornell AD's naming convention you will need to rename the instance prior to domain joining. You could also use Powershell to script the computer object creation, the instance rename, and the domain join.
Join At Launch
If you wanted your EC2 instances to be automatically joined to Cornell AD then you would have to utilize the AWS AD Connector (http://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_ad_connector.html). The AD Connector is a proxy to Cornell AD utilizing a holdingID which has permissions to create and join computer objects. To utilize this solution you would need to contact IDM to have a special OU created, in addition to the holdingID, since the AWS instance names do not, at the time of their launch, conform to AD's naming conventions. A setup such as this would allow you to take instances that were created both via a scripted process and via the GUI and join them to Cornell AD at the time of their launch.
Use of some AWS resources, like WorkSpaces, require an AWS AD Connector and may incur an additional charge