Posted On: Apr 23, 2024

Amazon RDS for Oracle now supports external authentication of database users using Kerberos and Microsoft Active Directory in additional regions. This feature provides the benefits of single sign-on and centralized authentication of Oracle Database users. Keeping all of your user credentials in the same Active Directory will save you time and effort as you will now have a centralized place for storing and managing them for multiple DB instances.

You can enable your database users to authenticate against Amazon RDS for Oracle using either the credentials stored in the AWS Directory Service for Microsoft Active Directory, or the credentials stored in your on-premise Microsoft Active Directory, with forest trust relationship established between your on-premise Active Directory and an AWS Managed Active Directory. You can use the same Active Directory for different VPCs within the same AWS region. You can also join Amazon RDS for Oracle instances to shared Active Directory domains owned by different accounts.

Kerberos authentication with Amazon RDS for Oracle can be used without additional cost or licensing. It is supported for 19c and 21c versions of Oracle Database Enterprise Edition and Standard Edition 2.

This feature is now available in the following additional regions: Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Asia Pacific (Melbourne), Europe (Milan), Europe (Spain), Europe (Zurich), Israel (Tel Aviv), Middle East (Bahrain), and Middle East (UAE).

To learn more about Kerberos authentication with Amazon RDS for Oracle, please visit the documentation.