Posted On: Mar 8, 2017
Today, AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as AWS Microsoft AD, simplified on-premises user sign-in to the AWS Management Console. Now, you can enable your users to access and manage AWS resources by signing in to the AWS Management Console with their on-premises Active Directory (AD) credentials. This enables you to reuse your on-premises AD security policies such as password expiration and account lockout while still controlling access to the AWS Management Console and AWS resources.
AWS Microsoft AD uses an interforest trust that you can use for other AWS solutions, such as Amazon QuickSight and Amazon WorkSpaces, and other AD-aware applications that you run in the AWS Cloud. This eliminates the need to configure and manage separate SAML infrastructure to access the AWS Management Console. Instead, you can use AWS Microsoft AD to assign on-premises users and groups to AWS Identity and Access Management (IAM) roles and grant your users access to the AWS Management Console and AWS resources.
To learn more about how to use AWS Microsoft AD to enable your on-premises AD users to access and manage AWS resources by signing in to the AWS Management Console, see How to Access the AWS Management Console Using AWS Microsoft AD and Your On-Premises Credentials and Manage Access to AWS Management Console.