Posted On: Dec 4, 2019

Amazon Elastic Container Service (ECS) now supports Windows group Managed Service Account (gMSA), a new capability that allows ECS customers to authenticate and authorize their Windows containers with network resources using an Active Directory (AD). Customers can now easily use Integrated Windows Authentication with their Windows containers on ECS to secure services.

ECS support for Windows gMSA allows customers to keep user account identity configuration separated from the container image while at the same time easily adopt an Active Directory security context across multiple services in the customer’s application. Customers that wish to containerize and deploy .NET applications on ECS can use gMSA for service to service authentication to application like SQL server without having to provide the password.

Customers can configure their containers to use one or more gMSA already registered with their AD by passing the credential spec file through the dockerSecurityOptions field in ECS task Definition. See our blog post for more information on using ECS Support for Windows gMSA.

ECS customers can use this feature on ECS instances launched with any Windows Server AMI's 1909 Core, 2019 Full, 2019 Core, 2016 Full released on or after 2019.11.25 across all public AWS Regions. To learn more, please visit the Amazon ECS documentation page.