I am attempting to join a VM to a domain using a SSM document containing the aws:domainJoin command. My outbound security group is closed to the internet and there is no VPC endpoint for Active directory. The AWS endpoint is ds.us-east-2.amazonaws.com and I can see in the logs:
Domain Join failed, ... A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 52.95.18.130:443
on another attempt I see:
Domain Join failed, ... A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 52.95.16.150:443
The question is, what is the IP address range that supports the various endpoints such as ds.us-east-2.amazonaws.com.