alphaspirit - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How does AWS Directory Service offer security benefits?

AWS has begun providing Active Directory management in the cloud. Expert Dan Sullivan explains this new Amazon service and what it means for users.

I saw that Amazon Web Services recently introduced its own implementation of Microsoft's Active Directory service. How does AWS Directory Service work, and what are the security implications for AWS users?

Amazon's recently announced AWS Directory Service complements Simple AD and Active Directory Connector, but it does not replace them. The new service allows customers to set up Active Directories in the cloud and connect them to on-premises Active Directories. Users can implement the same kinds of functions in the cloud as they can on premises, such as defining users and groups, establishing policies and performing domain joins on servers.

It should be noted that Simple AD is based on Samba 4 Active Directory Compatible Server while the new AWS Directory Service is based on Microsoft Active Directory. The same tools you use to manage an on-premises AD can be used to manage an AD in the cloud.

Administrators can create an Active Directory in AWS using either the management console or the AWS API. EC2 instances can be added to a domain using either the console or API as well. Operations performed on the Active Directory service are logged with CloudTrail, so administrators can monitor changes to the directory in the same way they monitor other AWS API calls.

To ensure high availability, Amazon deploys Microsoft Active Directories across two availability zones. These are isolated data centers in a geographical region with independent power and telecommunications infrastructure. AWS Directory Service Enterprise edition is priced at $0.40 per hour in U.S. regions and slightly higher in Asia regions.

By providing AWS Directory Service, Amazon may be able to entice enterprise applications that require AD integration, such as SharePoint, to the AWS cloud. Applications that do not need full Active Directory functionality may prefer to opt for the other lower cost directory options available in AWS.

Next Steps

Learn how to use new AWS APIs to boost cloud security

Find out if cloud identity management can take over Active Directory

Compare Amazon Simple AD and Microsoft Active Directory

Dig Deeper on Cloud Provisioning and Cloud Identity Management Issues

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What security benefits does AWS Directory Service offer your company?
It wasn’t made very clear in the article, but AWS Directory Service is a managed service which means, among other things, that AWS monitors the service and can replace failed domain controllers, as well as managing the patching and software updates for this controllers.