Directory Service
Introduction
Managed Microsoft Active Directory in the AWS Cloud
To run directories in the AWS Cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory.
Feature
Types:
AWS Managed Microsoft AD (standalone / 2 way forest trust with on-premise AD through DX / VPN)
Microsoft Active Directory in the AWS Cloud.
AD Connector
A proxy for redirecting directory requests to your existing Microsoft Active Directory.
No caching capability
Manage users solely on-premise, no trust relationship.
through VPN or Direct Connect (DX)
Doesn't work with SQL Server, doesn't do seamlessly joining, can't share directory.
Simple AD
A standalone managed directory that is powered by a Linux-Samba Active Directory–compatible server.
Supports joining EC2 instances, manage users and groups.
Not support MFA, RDS SQL Server, AWS SSO.
For 500, 5000 users with small, large model.
No trust relationship.
Amazon Cognito User Pools (User pools are user directories to provide sign-up and sign-in options. And Cognito Identity pools are to provide AWS credentials.)
Can add user registration and sign-in features to your apps.
Can sign in with an email address, phone number, or user name rather than use an external identity provider.
Can create custom registration fields and store metadata in your user directory, verification for email addresses and phone numbers, passwords recovery, MFA, etc.
Supports:
Multi-AZ deployment, automated backups.
Seamlessly Domain join EC2 instances from multiple AWS accounts and VPCs.
Can be integrated with: RDS, Workspace, QuickSight, Amazon SSO, etc.
Standalone repository in AWS or joined to on-premise AD
Connection with 3 kinds of trust:
1-way trust (AWS to on-premise)
1-way trust (on-premise to AWS)
2-way forest trust (but not replication)
Scenario
AD Replication between AWS Managed Microsoft AD and on-premise:
Create another Microsoft AD EC2 for self-replication from on-premise Microsoft AD.
Establish trust between the AWS Managed Microsoft AD and EC2.
Last updated