I have an AWS Organization with four accounts.
I have an AWS Directory Service in one of these accounts. (NOTE: Not in the main one, important)
I'm using this AWS DS to auth my linux machines. I read https://docs.aws.amazon.com/directoryservice/latest/admin-guide/join_linux_instance.html to complete this task.
It's working fine into the account who created the AWS DS
But the instances on the other accounts doesn't reach the AWS DS
Then, I read https://docs.aws.amazon.com/directoryservice/latest/admin-guide/usecase6.html and all the stuff related.
So, as the AWS DS is not into the main account, I only have a chance. Use Share this directory with other AWS accounts, the handshake.
I Enabled AWS Organizations -> Settings -> Trusted access for AWS services -> AWS Directory Service.
I created a Share Invitation in the owner of the AWS DS. I accepted the invitation. At this point I don't know if a Peering Connetion is needed but I don't care because I have it and works fine.
I tried to join a machine in the account with the invitation without success.
I don't reach, at least, the DNS.
In the machines in acoount who owns the AWS DS...
root@cthulhu:~# nslookup google.es 18.0.0.75
Server: 13.0.0.55
Address: 13.0.0.55#53
Non-authoritative answer:
Name: google.es
Address: 74.125.193.94
Name: google.es
Address: 2a00:1450:400b:c01::5e
root@cthulhu:~#
In the machine in autorized account...
root@test-dev01:~# nslookup google.es 13.0.0.55
;; connection timed out; no servers could be reached
root@test3-dev01:~#
Any idea?
NOTE: I don't want create the AWS DS in the main account in order to use the other method ( "Share this directory with AWS accounts inside your organization").
Sorry guys.
It was a route problem. My Peering Conections were fine. My route tables weren't.
Fixed.