Amazon CloudDirectory

Name: Amazon CloudDirectory API
Brand: Amazon Cloud Directory
Availability: InStock

★ Only Publicly Available SpecIdentity AuthDirectory ServicesapiKey66 EndpointsREST

For Agents

Define schemas, create directories, and manage hierarchical or graph-based objects, attributes, and typed links for application directory data such as device fleets, org charts, and policy graphs.

Quickstart

Get started with Amazon CloudDirectory in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"create an Amazon Cloud Directory object"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Amazon CloudDirectory API.

Create development, published, and applied schemas with object facets, attributes, and typed-link facets

Create directories backed by an applied schema and tag them for organisation

Attach and detach objects in parent-child or arbitrary typed-link relationships, supporting tree and graph models

Run BatchRead to fetch many object attributes and lookups in a single request

GET STARTED

Start building with Amazon CloudDirectory API

Explore with Jentic

View OpenAPI Spec

Jentic publishes the only available OpenAPI specification for Amazon CloudDirectory, keeping it validated and agent-ready.

Amazon Cloud Directory is a fully managed, hierarchical and graph-based directory store that scales to hundreds of millions of objects. The API lets you define one or more schemas with object facets and typed-link facets, create directories from those schemas, attach and detach objects in parent-child or graph relationships, build indexes for fast lookup, and run BatchRead and BatchWrite for high-throughput composite operations. Common uses include device registries, organisational hierarchies, course catalogs, network topologies, and policy graphs that need richer relationships than a flat user directory.

Use Cases

Patterns agents use Amazon CloudDirectory API for, with concrete tasks.

★ Device Fleet Hierarchy

Model a fleet of IoT devices grouped by site, building, and floor without forcing the relationships into a relational schema. Define a schema with Device, Floor, Building, and Site facets, create the directory, and attach Device objects under their Floor under Building under Site. Cloud Directory's hierarchy operations let you fetch all devices in a building in a single call, regardless of fleet size.

CreateDirectory from schemaArn=arn:aws:clouddirectory:...:schema/published/DeviceFleet/1.0, then AttachObject linking each Device object under its Floor parent in BatchWrite blocks of 20.

Organisational Chart with Policy Inheritance

Store an organisational chart with policy inheritance, so that granting a permission at the Engineering level applies to every team and person under it. Use Cloud Directory's policy facets, AttachPolicy at the desired node, and LookupPolicy at the leaf to retrieve the effective set. This is the same pattern AWS Organizations uses for SCPs and matches how IAM access often needs to flow in regulated organisations.

AttachPolicy with PolicyReference pointing at object /Engineering and ObjectReference at the policy object, then call LookupPolicy at /Engineering/Platform/jane.doe to confirm inheritance.

Indexed Attribute Lookup

Find an object by an attribute (serial number, email, IP address) in milliseconds rather than walking the hierarchy. CreateIndex on a facet attribute, AttachToIndex for each object that should be discoverable, then ListIndex to query by attribute value. Useful for any domain where users will search by an identifier rather than navigate a tree.

CreateIndex with OrderedIndexedAttributeList=[{FacetName: Device, Name: serialNumber}], then AttachToIndex for each Device, then ListIndex with RangesOnIndexedValues to query by serial number prefix.

Agent-Driven Directory Operator

Let an agent reconcile a directory with an external source of truth (a CMDB, an HR system, an MQTT registry) by streaming differences into BatchWrite calls. The agent calls Cloud Directory through Jentic so AWS credentials never leave the vault and the same reconciliation logic runs across multiple directories.

Search Jentic for 'batch write to a Cloud Directory', execute it with operations=[{CreateObject: ...}, {AttachObject: ...}] derived from the diff between the source system and ListObjectChildren on each affected parent.

Key Endpoints

66 endpoints — amazon cloud directory is a fully managed, hierarchical and graph-based directory store that scales to hundreds of millions of objects.

METHOD

PATH

DESCRIPTION

PUT

/amazonclouddirectory/2017-01-11/directory/create#x-amz-data-partition

Create a directory from a published schema

PUT

/amazonclouddirectory/2017-01-11/object#x-amz-data-partition

Create an object in a directory

PUT

/amazonclouddirectory/2017-01-11/object/attach#x-amz-data-partition

Attach an object as a child of another object

POST

/amazonclouddirectory/2017-01-11/batchread#x-amz-data-partition

Run a batch read

PUT

/amazonclouddirectory/2017-01-11/batchwrite#x-amz-data-partition

Run a batch write

PUT

/amazonclouddirectory/2017-01-11/index#x-amz-data-partition

Create an index on a facet attribute

PUT

/amazonclouddirectory/2017-01-11/policy/attach#x-amz-data-partition

Attach a policy to an object

PUT

/amazonclouddirectory/2017-01-11/typedlink/attach#x-amz-data-partition

Attach a typed link between two objects

PUT

/amazonclouddirectory/2017-01-11/directory/create#x-amz-data-partition

Create a directory from a published schema

PUT

/amazonclouddirectory/2017-01-11/object#x-amz-data-partition

Create an object in a directory

PUT

/amazonclouddirectory/2017-01-11/object/attach#x-amz-data-partition

Attach an object as a child of another object

POST

/amazonclouddirectory/2017-01-11/batchread#x-amz-data-partition

Run a batch read

PUT

/amazonclouddirectory/2017-01-11/batchwrite#x-amz-data-partition

Run a batch write

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

AWS access key ID and secret access key for Amazon CloudDirectory are stored encrypted in the Jentic vault. Agents receive scoped, short-lived signing credentials and the raw IAM secrets never enter the agent context. Jentic computes the AWS Signature Version 4 signature server-side for every request.

Intent-based discovery

Agents search Jentic by intent (for example, 'create a Cloud Directory object') and Jentic returns matching Amazon CloudDirectory operations with their input schemas, the correct AWS service endpoint, and the required IAM action, so the agent can invoke the right call without crawling the AWS docs.

Time to first call

Direct Amazon CloudDirectory integration: 1-3 days for AWS SDK setup, IAM role configuration, Sigv4 signing, and error handling. Through Jentic: under 1 hour, search, load schema, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Alternative

AWS Identity Store

Backing store for IAM Identity Center users and groups; the right choice for human end-user identity rather than application data.

Choose Identity Store when the agent needs to manage SSO users; choose Cloud Directory for application directory data outside the SSO domain.

Complementary

Amazon CloudWatch

Provides metrics for Cloud Directory request volume and throttling so the agent can right-size capacity.

Use CloudWatch when the agent needs to observe Cloud Directory health; use Cloud Directory for the data plane itself.

Complementary

AWS CloudTrail

Audit log of every Cloud Directory API call for compliance review.

Use CloudTrail when the agent needs to investigate who modified a directory; use Cloud Directory for the live state.

FAQs

Specific to using Amazon CloudDirectory API through Jentic.

What authentication does the Amazon Cloud Directory API use?

All requests are signed with AWS Signature Version 4 using an AWS access key ID and secret access key. Through Jentic, those credentials live encrypted in the vault and Jentic computes the signature server-side, so the agent only ever holds a scoped Jentic credential.

How does Cloud Directory differ from AWS Directory Service or AWS Identity Store?

Directory Service offers managed Microsoft Active Directory and Simple AD for user authentication; Identity Store backs IAM Identity Center for SSO. Cloud Directory is an application-layer directory for arbitrary hierarchical or graph data, including device fleets, org charts, and course catalogs, not an authentication store for end users.

Can I model graph relationships, not just trees?

Yes. Beyond parent-child attachments, Cloud Directory supports typed links: named, attribute-bearing relationships between two objects. Use AttachTypedLink and ListIncomingTypedLinks or ListOutgoingTypedLinks to traverse graph-shaped data.

How do I do many writes in one call through Jentic?

Search Jentic for 'batch write to a Cloud Directory', load the BatchWrite schema, and execute it with an array of operations (CreateObject, AttachObject, UpdateObjectAttributes, etc.). The operation maps to PUT /amazonclouddirectory/2017-01-11/batchwrite and Cloud Directory applies the operations as a single composite request.

What are the rate limits for the Amazon Cloud Directory API?

Cloud Directory enforces directory-level read and write request rates that scale with directory usage; ThrottlingException is returned when exceeded. High-throughput workloads should use BatchRead and BatchWrite to amortise per-request overhead, and apply exponential backoff on retries.

Is Amazon Cloud Directory free to use?

Cloud Directory charges per object stored, per request (read and write), and a small charge for each typed link and index. There is no upfront cost or minimum commitment; you pay only for the directory data and traffic you generate.