Directory Service

  • Managed service, create directories and let AWS experts manage HA, monitoring, backups, etc.
  • Can use AD un/pw to log into AWS accounts and access AWS resources
  • Microsoft AD
    • Powered by actual Microsoft AD
    • Standard (up to 5000 users) and Enterprise editions
  • Simple AD
    • Free, AD compatible, powered by Samba 4
    • No federation
    • Supports user accounts, groups, joining Linux and Windows instances, Kerberos SSO, and group policies
    • Does not support trust relationships, DNS dynamic update, schema extensions, MFA, LDAPS communication, PowerShell AD cmdlets, or FSMO role transfer
  • AD Connector
    • Proxy to connect to on-premises Microsoft AD
    • Users log in and AD Connector forwards request to on-premises AD domain controllers for authentication
    • Small supports up to 500 users, large up to 5000
  • In AD, domain to domain communication occurs through Trusts, secured authenticated communication channel between entities such as domains
    • Allows granting access to resources to users, groups, and computers across entities
    • Can be one or two-way
    • Can use Trusts to migrate AD-aware workloads to AWS without synchronizing users, groups, or passwords

Stay up to date

Get notified when I publish. Unsubscribe at any time.