Barnaby Baron. Exploring AWS.

  • Building a VPC and promoting an EC2 instance to a Domain Controller using Terraform!

Building a VPC and promoting an EC2 instance to a Domain Controller using Terraform!

2024-11-29 2 min read Projects Barny Baron

Journey: 📊 Community Builder 📊

Subject matter: Building on AWS

Task: Building a VPC and promoting an EC2 instance to a Domain Controller using Terraform!!

This week, I used Terraform to create a VPC with a single EC2 instance and then promoted the instance to a Domain Controller.

In this scenario, I configured the VPC with multiple availability zones and promoted EC2 instance to a Domain Controller using userdata parameters, all done via Terraform.

Resource credit: This architecture was created using guidance from fopingn’s GitHub repository Here.

What did I use to build this environment?

  • Visual Studio Code platform
  • Terraform
  • AWS CLI
  • AWS Management Console

What is built?

  • A single VPC with multiple AZs
  • Public and Private Subnets
  • Custom Route Tables
  • Internet Gateway
  • NACLs and Security Groups
  • An EC2 instance, promoted to a Domain Controller

In this task, I used Terraform modules and tfvars to create a VPC with two public subnets and three private subnets. In one of the subnets, I requested an EC2 instance be provisioned inside one of the public subnets at random.

Once this had come online, I added userdata parameters within the Terraform code to install products and services onto the instance and then to promote it to a Domain Controller.

I locked down DC Ingress on port 3389 to my IP address only and was able to successfully RDP and log into my Domain Controller.

I am planning on using this configuration in the future to learn more about PKI and subordinate CAs so being able to quickly spin up a small environment with a DC is great!

On the basis of continual improvment initiatives, I have already made some changes to the userdata parameters to install ADCS next time.

I also have some other ideas for a future project to migrate the existing Terraform state file from my local backend to S3 using the Terraform and the AWS CLI.

Improvements:

  • Avoid using a t2.micro as a domain controller! The DC needs more access to compute resources.
  • Possibly use Ansible to build out the DC instead of Powershell.
  • Utilise the environment more as I have three unused private subnets currently.

Some of the highlights…

Terraform structure:

Terraform code:

Terraform Network Module example:

Terraform applying:

Terraform completed:

VPC resource map:

Internet Gateway resource map:

VPC subnets:

VPC route table:

Subnet associations:

Custom inbound rules:

DC instance:

RDP success:

Logged into DC:

Managing DC:

Instance attached storage:

Terraform destroy:

My interpretation of the architecture:

Architecture

I hope you have enjoyed the article!

Cloud

Community Builder Terraform
© 2025 by Barny Baron
Powered by Bilberry Hugo Theme