Posted On: Jan 22, 2020

Amazon RDS for MySQL now supports authentication of database users using AWS Managed Microsoft Active Directory Service.

Microsoft Active Directory authentication provides the benefits of single sign-on and centralized authentication of MySQL users. Keeping all user credentials in the same Active Directory will save you time and effort as you have a centralized location for storing and managing them for multiple DB instances. 

You can enable database users to authenticate against Amazon RDS for MySQL using either the credentials stored in the AWS Directory Service for Microsoft Active Directory, or the credentials stored in your on-premises Microsoft Active Directory, with forest trust relationship established between your on-premise Active Directory and an AWS Managed Active Directory. You can use the same Active Directory for different VPCs within the same AWS region. You can also join Amazon RDS for MySQL instances to shared Active Directory domains owned by different accounts. Authentication with Microsoft Active Directory is supported on RDS for MySQL 5.7.24 and higher 5.7 versions and 8.0.13 and higher 8.0 versions. Refer our documentation for more information. 

To use your existing on premise Microsoft Active Directory, follow the steps above to set up an AWS managed Active Directory first, then set up a forest trust relationship between your on premise directory and the AWS Managed AD by following the steps described here

Amazon RDS for MySQL makes it easy to set up, operate, and scale MySQL deployments in the cloud. See Amazon RDS for MySQL pricing page for details on pricing and regional availability.