:doc:`DirectoryService <../../ds>` / Client / create_trust

************
create_trust
************



.. py:method:: DirectoryService.Client.create_trust(**kwargs)

  

  Directory Service for Microsoft Active Directory allows you to configure trust relationships. For example, you can establish a trust between your Managed Microsoft AD directory, and your existing self-managed Microsoft Active Directory. This would allow you to provide users and groups access to resources in either domain, with a single set of credentials.

   

  This action initiates the creation of the Amazon Web Services side of a trust relationship between an Managed Microsoft AD directory and an external domain. You can create either a forest trust or an external trust.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/CreateTrust>`_  


  **Request Syntax**
  ::

    response = client.create_trust(
        DirectoryId='string',
        RemoteDomainName='string',
        TrustPassword='string',
        TrustDirection='One-Way: Outgoing'|'One-Way: Incoming'|'Two-Way',
        TrustType='Forest'|'External',
        ConditionalForwarderIpAddrs=[
            'string',
        ],
        ConditionalForwarderIpv6Addrs=[
            'string',
        ],
        SelectiveAuth='Enabled'|'Disabled'
    )
    
  :type DirectoryId: string
  :param DirectoryId: **[REQUIRED]** 

    The Directory ID of the Managed Microsoft AD directory for which to establish the trust relationship.

    

  
  :type RemoteDomainName: string
  :param RemoteDomainName: **[REQUIRED]** 

    The Fully Qualified Domain Name (FQDN) of the external domain for which to create the trust relationship.

    

  
  :type TrustPassword: string
  :param TrustPassword: **[REQUIRED]** 

    The trust password. The trust password must be the same password that was used when creating the trust relationship on the external domain.

    

  
  :type TrustDirection: string
  :param TrustDirection: **[REQUIRED]** 

    The direction of the trust relationship.

    

  
  :type TrustType: string
  :param TrustType: 

    The trust relationship type. ``Forest`` is the default.

    

  
  :type ConditionalForwarderIpAddrs: list
  :param ConditionalForwarderIpAddrs: 

    The IP addresses of the remote DNS server associated with RemoteDomainName.

    

  
    - *(string) --* 

    

  :type ConditionalForwarderIpv6Addrs: list
  :param ConditionalForwarderIpv6Addrs: 

    The IPv6 addresses of the remote DNS server associated with RemoteDomainName.

    

  
    - *(string) --* 

    

  :type SelectiveAuth: string
  :param SelectiveAuth: 

    Optional parameter to enable selective authentication for the trust.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'TrustId': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 

      The result of a CreateTrust request.

      
      

      - **TrustId** *(string) --* 

        A unique identifier for the trust relationship that was created.

        
  
  **Exceptions**
  
  *   :py:class:`DirectoryService.Client.exceptions.EntityAlreadyExistsException`

  
  *   :py:class:`DirectoryService.Client.exceptions.EntityDoesNotExistException`

  
  *   :py:class:`DirectoryService.Client.exceptions.InvalidParameterException`

  
  *   :py:class:`DirectoryService.Client.exceptions.ClientException`

  
  *   :py:class:`DirectoryService.Client.exceptions.ServiceException`

  
  *   :py:class:`DirectoryService.Client.exceptions.UnsupportedOperationException`

  