Simple AD configuration

We now need to go through the process of enabling user accounts in the directory to log in to the AWS management console.

1. Point your browser to the AWS Directory Service Console and edit the configuration of your Simple AD directory. Enter the access URL you've chosen:

2. We now want to enable the AWS Management Console for this service. Click on it to proceed to the next step:

3. We've already created roles and assigned a policy to them. So select Use Existing Role, as shown in the following screenshot:

4. Start with the CanAssumePowerUser role. We need to map it to the AWSPowerUser group we created in AD (the one Lucille resides in):

5. Search for AWSPowerUser and then proceed to the next step:

6. You now need to repeat these steps for the CanAssumeReadOnly role. Map it to the AWSReadOnly role we created in AD: