Set up a Domain Controller + DNS server inside your VPC:
Note: planning a complex Active Directory scheme is outside the scope of this guide. It's possible to do more advanced configurations including setting up both Primary and Secondary controllers, integrating with other Domains both inside and outside of the current AWS region (or with your corporate in-house Domain) but for simplicity this guide assumes you're setting up a single standalone Domain.
Following the same steps as you did before with your Tableau Server, launch a new Windows Server AMI instance into the same VPC as your existing Tableau Server.
For this guide we'll be using Windows 2008R2 Server, 64 bit. Select a "m1.medium" instance type.
Follow the steps detailed in this document: http://awsmedia.s3.amazonaws.com/pdf/EC2_AD_How_to.pdf
For this guide, we're configuring a new standalone AD forest called "tabaws.ec2.internal"
create a domain user to be used as the shared Tableau Server "run-as" account: http://onlinehelp.tableausoftware.com/v8.0/server/en-us/runas.htm
For this guide, we're creating domain user "TABAWS\tabawsrunas"
grant "run as service" to the run-as account: http://onlinehelp.tableausoftware.com/v8.0/server/en-us/runas_security.htm
For this guide, we're going to add this user to the Domain Administrator group