AWS Directory Service is a managed service that connects AWS resources with on-premise Active Directory (AD).
- Existing cooperate credentials are used to access AWS resources using Single Sign-On (SSO).
Types of services
- AWS Managed Microsoft AD
- AWS takes care of multi-AZ deployment (high availability), patching, snapshots, and instance rotation.
- Customers are responsible for users and groups, trusts, and certificate authorities.
- Simple AD
- Standalone managed AD with basic features
- Small: <= 500, Large: < 5,000 users
- Does not support trusts (cannot join to on-premise AD)
- AD Connector
- Directory gateway for on-premises AD
Some AWS identity services are compatible with AD, but some are not.
- AD Compatible Services
- Managed Microsoft AD
- AD Connector
- Simple AD
- Non-AD Compatible Services
- Cloud Directory
- Cognito user pools