Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How does AWS Directory Service offer security benefits?

AWS has begun providing Active Directory management in the cloud. Expert Dan Sullivan explains this new Amazon service and what it means for users.

I saw that Amazon Web Services recently introduced its own implementation of Microsoft's Active Directory service....

How does AWS Directory Service work, and what are the security implications for AWS users?

Amazon's recently announced AWS Directory Service complements Simple AD and Active Directory Connector, but it does not replace them. The new service allows customers to set up Active Directories in the cloud and connect them to on-premises Active Directories. Users can implement the same kinds of functions in the cloud as they can on premises, such as defining users and groups, establishing policies and performing domain joins on servers.

It should be noted that Simple AD is based on Samba 4 Active Directory Compatible Server while the new AWS Directory Service is based on Microsoft Active Directory. The same tools you use to manage an on-premises AD can be used to manage an AD in the cloud.

Administrators can create an Active Directory in AWS using either the management console or the AWS API. EC2 instances can be added to a domain using either the console or API as well. Operations performed on the Active Directory service are logged with CloudTrail, so administrators can monitor changes to the directory in the same way they monitor other AWS API calls.

To ensure high availability, Amazon deploys Microsoft Active Directories across two availability zones. These are isolated data centers in a geographical region with independent power and telecommunications infrastructure. AWS Directory Service Enterprise edition is priced at $0.40 per hour in U.S. regions and slightly higher in Asia regions.

By providing AWS Directory Service, Amazon may be able to entice enterprise applications that require AD integration, such as SharePoint, to the AWS cloud. Applications that do not need full Active Directory functionality may prefer to opt for the other lower cost directory options available in AWS.

Next Steps

Learn how to use new AWS APIs to boost cloud security

Find out if cloud identity management can take over Active Directory

Compare Amazon Simple AD and Microsoft Active Directory

This was last published in April 2016

Dig Deeper on Cloud Provisioning and Cloud Identity Management Issues

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What security benefits does AWS Directory Service offer your company?
Cancel
It wasn’t made very clear in the article, but AWS Directory Service is a managed service which means, among other things, that AWS monitors the service and can replace failed domain controllers, as well as managing the patching and software updates for this controllers.
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close