[AWS Architect] (24) AWS Directory Service

AWS Directory Service is a managed service that connects AWS resources with on-premise Active Directory (AD).

  • Existing cooperate credentials are used to access AWS resources using Single Sign-On (SSO).

Types of services

  • AWS Managed Microsoft AD
    • AWS takes care of multi-AZ deployment (high availability), patching, snapshots, and instance rotation.
    • Customers are responsible for users and groups, trusts, and certificate authorities.
  • Simple AD
    • Standalone managed AD with basic features
    • Small: <= 500, Large: < 5,000 users
    • Does not support trusts (cannot join to on-premise AD)
  • AD Connector
    • Directory gateway for on-premises AD

Some AWS identity services are compatible with AD, but some are not.

  • AD Compatible Services
    • Managed Microsoft AD
    • AD Connector
    • Simple AD
  • Non-AD Compatible Services
    • Cloud Directory
    • Cognito user pools

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s