AWS Directory Service is a managed service that connects AWS resources with Microsoft Active Directory (AD) or Lightweight Directory Access Protocol (LDAP)-aware applications.
- Existing cooperate credentials are used to access AWS resources using Single Sign-On (SSO).
Types of services
- AWS Managed Microsoft AD
- Running actual Microsoft Active Directory in the AWS Cloud
- AWS takes care of multi-AZ deployment (high availability), patching, snapshots, and instance rotation.
- Customers are responsible for users and groups, trusts, and certificate authorities.
- Simple AD
- Standalone managed AD with basic features
- low-scale, low-cost solution with basic AD compatibility
- Small: <= 500, Large: < 5,000 users
- Does not support trusts (cannot join to on-premise AD)
- Standalone managed AD with basic features
- AD Connector
- Directory gateway for on-premises AD