What is AWS Cloud Directory Service?

Microsoft Active Directory (AD) can be used in a variety of ways with other AWS cloud directory services thanks to the AWS Cloud Directory Service. Directories are used by administrators to manage who has access to what data and resources. Directories include data on people, groups, and hardware.

Customers that want to use existing Microsoft AD or LDAP-aware apps in the cloud can choose from a variety of directories through AWS Directory Service. Developers that require a directory to manage users, groups, devices, and access have the same options accessible to them. In this article, newlifedn.com will explore What is AWS Cloud Directory Service?

Which to choose cloud directory service

You can pick directory services based on the functionality and scalability that best suit your requirements. Using the table below, select the AWS Cloud Directory Service directory option that best fits your business.

AWS Cloud Directory Service options

There are various directory kinds to choose from in AWS Cloud Directory Service. Choose one of the following tabs for additional details:

The authentic Microsoft Windows Server Active Directory (AD) that powers AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, is managed by AWS in the AWS Cloud. It allows you to transfer a number of Active Directory-aware applications to the AWS Cloud directory. AWS Managed Microsoft AD is compatible with many.NET applications, including Microsoft SharePoint, Microsoft SQL Server Always On Availability Groups, and many others.

Additionally, it supports the Amazon Relational Database Service for Microsoft SQL Server (Amazon RDS for SQL Server, Amazon RDS for Oracle, and Amazon RDS for PostgreSQL), Amazon WorkSpaces, Amazon WorkDocs, Amazon QuickSight, Amazon Chime, and Amazon Connect.

Managed by AWS When you enable compliance for your directory, Microsoft AD is accepted for AWS Cloud applications that must adhere to the Payment Card Industry Data Security Standard (PCI DSS) or the U.S.

With user credentials that you store in AWS Managed Microsoft AD, all compatible applications will function. Alternatively, you can establish a trust connection to your current AD infrastructure and use user credentials from an Active Directory that is running on-premises or on an EC2 Windows server. Your users can access Windows workloads in the AWS Cloud with the same Windows single sign-on (SSO) experience as when they access workloads in your on-premises network if you join EC2 instances to your AWS Managed Microsoft AD.

Using Active Directory credentials, AWS Managed Microsoft AD also allows federated use cases. You can log into the AWS Management Console using only AWS Managed Microsoft AD. You can also get temporary credentials for usage with the AWS SDK and CLI with AWS IAM Identity Center (the replacement for AWS Single login-On), and use predefined SAML connectors to login in to various cloud services. You can use AWS Managed Microsoft AD to sign in to Microsoft Office 365 and other cloud services by adding Azure AD Connect and, optionally, Active Directory Federation Service (AD FS).

You can extend your schema, manage password policies, and allow secure LDAP communications over Secure Socket Layer (SSL)/Transport Layer Security (TLS) using the service’s key features. When users access AWS applications via the Internet, you may add an extra layer of security by enabling multi-factor authentication (MFA) for AWS Managed Microsoft AD. You can use AWS Managed Microsoft AD for Linux Secure Shell (SSH) authentication and other LDAP-enabled apps because Active Directory is an LDAP directory.

You can add users and groups to AWS Managed Microsoft AD and manage Group Policy using well-known Active Directory tools running on a Windows PC connected to the AWS Managed Microsoft AD domain. AWS offers recovery, daily snapshots, and monitoring as part of the service. By deploying more domain controllers, you may scale the directory and boost application performance by distributing requests among more domain controllers.

There are two editions of AWS Managed Microsoft AD: Standard and Enterprise.

Version Standard: AWS Managed With up to 5,000 employees, Microsoft AD (Standard Edition) is designed to be the main directory for small and midsize companies. You can support up to 30,000* directory objects, such as users, groups, and computers, with the storage space it gives you.
According to the manufacturer, AWS Managed Microsoft AD (large Edition) is designed to manage large organizations with up to 500,000* directory objects.

Upper bounds are approximate. Depending on the size of your objects and the functionality and performance requirements of your applications, your directory may accommodate more or fewer directory objects.

When To Use AWS Cloud Directory Service?

If you require authentic Active Directory functionalities to support Windows workloads or AWS applications, such as Amazon Relational Database Service for Microsoft SQL Server, AWS Managed Microsoft AD is your best option. Additionally, if you require an LDAP directory to support your Linux apps or if you want a standalone AD in the AWS Cloud that supports Office 365, this is the best option. Observe AWS Managed Microsoft AD for more details.

For a list of supported directory types by Region, see Region availability for AWS Directory Service.