AWS Directory Service
💡 Definition
AWS Directory Service provides multiple ways to use Microsoft Active Directory (AD) and other directory services on AWS. It allows you to run directory-aware workloads in the cloud and connect AWS resources with existing on-premises directories.
🔑 Key Concepts
- Managed Microsoft AD: A fully managed Active Directory domain hosted on AWS. Best for compatibility with AD-aware applications.
- Simple AD: A standalone, managed directory powered by Samba 4 Active Directory Compatible Server.
- AD Connector: A directory gateway that redirects directory requests to your on-premises Active Directory without caching any information in the cloud.
- Identity Source: Acts as a central identity source for authenticating users and computers.
⚙️ How it Works
You choose the directory type that fits your needs. * For Managed Microsoft AD, AWS provisions and manages domain controllers for you. * For AD Connector, you provide network connectivity (via VPN or Direct Connect) to your on-premises domain controllers. Your AWS applications (like WorkSpaces or RDS for SQL Server) can then use this directory for authentication and authorization.
🎯 Use Cases
- Windows Authentication: Authenticating users to Windows-based workloads running on EC2.
- Amazon WorkSpaces: Providing user authentication for cloud desktops.
- Federated Access: Allowing on-premises users to log into the AWS Management Console using their corporate credentials.
💰 Pricing Model
- Hourly Fee: Charged based on the type and size of the directory service you run. There is no charge for AD Connector itself, only for the resources it uses.
📝 Exam Tips (CLF-C02)
- Keywords: "Active Directory", "Managed AD", "Directory services".
- AD Connector is used to link your on-premises AD to AWS.
- Managed Microsoft AD is for when you want a full AD hosted in the cloud.
See Also: * IAM * AWS SSO * WorkSpaces * VPN