Posted On: May 7, 2020
Earlier this year, we launched support for Aurora PostgreSQL user authentication with Kerberos and Microsoft Active Directory. In the original release, this support was based on AWS Directory Service for Microsoft Active Directory. We have now added support for user authentication using external Kerberos and Microsoft Active Directories, including those running on premises.
Aurora PostgreSQL support for Kerberos and Microsoft Active Directory provides the benefits of single sign-on and centralized authentication of Aurora PostgreSQL database users. Keeping all of your user credentials in the same Active Directory will save you time and effort, as you will now have a centralized place for storing and managing them for multiple DB instances.
In addition to password-based authentication and authentication with AWS Identity and Access Management (IAM), you can authenticate using AWS Managed Microsoft AD Service or your self-managed or on-premises Microsoft Active Directory. You can enable your database users to authenticate against Aurora PostgreSQL using the credentials stored in the AWS Directory Service for Microsoft Active Directory.
To reduce the number of Active Directories that you need to manage, you can use a single one for different Amazon Virtual Private Clouds (VPCs) within the same AWS region. You can also join Aurora PostgreSQL instances to shared Active Directory domains owned by different accounts.
Active Directory integration is supported with Aurora PostgreSQL versions 10.11 and newer, and 11.6 and newer. Read the documentation for details.
Amazon Aurora combines the performance and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. It provides up to five times better performance than the typical MySQL database and three times the performance of the typical PostgreSQL database, together with increased scalability, durability, and security. For more information, please visit the Amazon Aurora product page.