AWS Directory Service clarity

277 Views Asked by At

We're a growing shop that has no real user management. It's come the time to have single-sign-on. We host everything in AWS with the exception of an in-house desktop server that basically just hosts a NAS.

I'm only slightly familiar enough with Active Directory that I could set up an in-house domain and have it federate users. I've read the FAQs on AWS Directory Service and just looking to get clarity at what it can and cannot do.

My goal is to have an AD that can manage users in AWS as well as in-house. I'm unsure if I can do both in AWS DS or if it's just to handle the AWS portion.

Per the FAQ: AWS Directory Service makes it easy for you to setup and run directories in the AWS cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory

Does this mean that even if I ran AWS DS I'd still have to host an in-house AD and join them to manage users in AWS as well as in-house? I'd like to avoid having to run one on-premesis since my goal is to get everything into AWS.

1

There are 1 best solutions below

0
On

You can use AWS SSO to manage authentication to the AWS console and AWS CLI and it integrates directly with AWS Managed Directory Services, so you can have all your authentication in one place. Take care to create a "break glass" IAM account in case you have issues in AD, lest you lock yourself out of AWS and therefore can't manage the AD servers.

https://docs.aws.amazon.com/singlesignon/latest/userguide/connectawsad.html