AWS Active Directory

Chloe McAree
2 min readFeb 22, 2021

--

This is part of a blog series giving a high level overview of the different services examined on the AWS Solution Architect Associate exam, to view the whole series click here.

Managed Microsoft Active Directory

  • Also known as AWS Directory Service
  • Allows you to administer all of your users and devices
  • Allows your directory aware AWS resources to use managed active directory in AWS
  • Easily migrate on-premise workloads as it is built on actual Microsoft AD, so does not require any replication of existing directory to the cloud.
  • Allows you to use features like Group Policy and Single-Sign-On
  • Highly available as directories are deployed across multiple Availability Zones and failovers are detected automatically.
  • A common use case would be to extend your on-premise using AD Trust with AWS Managed Microsoft AD so that both your on-premises and cloud directories remain separated, but it allows your users access AWS as needed.

Simple Active Directory

  • Standalone managed directory powered by Sambda 4 Active Directory
  • Enables a subset of the features Managed Mircosoft AD offers for example: managing user accounts, group permissions, connecting to EC2 instances stc.
  • Comes in small (up to 500 users) or large (up to 5000 users)
  • Easier to manage EC2 and deploy windows applications to the cloud
  • Takes daily automated snapshots, so can enable point in time recovery.
  • Can be used for Linux workloads that need LDAP
  • However, some features it does not support include multi-factor authentication, trusts with on-premises or group managed service accounts.

Active Directory Connector

  • A directory gateway for directing requests to your on-premise, without caching information in the cloud.
  • Allows on premise users to log into AWS
  • Can use multiple AD Connectors to spread the load to match performance needs
  • Cannot be used across different AWS accounts

Cloud Directory

  • Hierarchical data store fully managed by AWS
  • Can have multiple hierarchies with hundreds/millions of objects
  • Some common use cases include: directories for organisational charts, course catalogs, and device registries.
  • Integrated with CloudTrail and resource tagging

Amazon Cognito

  • Enables user sign-up and sign-in to web/mobile applications
  • Can scale to millions of users
  • Works with social identity providers like Apple, Facebook, Google etc.
  • Cognito user pools are secure directories for users and are fully managed

Conclusion

  • Services that are compatible with Active Directory are: Managed Microsoft AD, AD Connector and Simple AD.
  • Services that are not compatible with Active Directory are: Cloud Directory and Cognito user pools.

--

--