alphaspirit - Fotolia
I saw that Amazon Web Services recently introduced its own implementation of Microsoft's Active Directory service. How does AWS Directory Service work, and what are the security implications for AWS users?
Amazon's recently announced AWS Directory Service complements Simple AD and Active Directory Connector, but it does not replace them. The new service allows customers to set up Active Directories in the cloud and connect them to on-premises Active Directories. Users can implement the same kinds of functions in the cloud as they can on premises, such as defining users and groups, establishing policies and performing domain joins on servers.
It should be noted that Simple AD is based on Samba 4 Active Directory Compatible Server while the new AWS Directory Service is based on Microsoft Active Directory. The same tools you use to manage an on-premises AD can be used to manage an AD in the cloud.
Administrators can create an Active Directory in AWS using either the management console or the AWS API. EC2 instances can be added to a domain using either the console or API as well. Operations performed on the Active Directory service are logged with CloudTrail, so administrators can monitor changes to the directory in the same way they monitor other AWS API calls.
To ensure high availability, Amazon deploys Microsoft Active Directories across two availability zones. These are isolated data centers in a geographical region with independent power and telecommunications infrastructure. AWS Directory Service Enterprise edition is priced at $0.40 per hour in U.S. regions and slightly higher in Asia regions.
By providing AWS Directory Service, Amazon may be able to entice enterprise applications that require AD integration, such as SharePoint, to the AWS cloud. Applications that do not need full Active Directory functionality may prefer to opt for the other lower cost directory options available in AWS.
Learn how to use new AWS APIs to boost cloud security
Find out if cloud identity management can take over Active Directory
Dig Deeper on Cloud Provisioning and Cloud Identity Management Issues
Related Q&A from Dan Sullivan
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan ... Continue Reading
Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of ... Continue Reading
Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks ... Continue Reading