AWS Directory Service adds user and group management using APIs and Console
AWS Directory Service for Managed Microsoft Active Directory, also known as AWS Managed Microsoft AD, now adds new capabilities to manage users and groups. Now, you can perform Create, Read, Update, and Delete (CRUD) operations on users and groups directly through AWS CLI, APIs, and AWS Management Console.
DevOps engineers, developers, and IT administrators can leverage these new APIs to automate synchronization of users and groups from external identity sources and HR systems, using AWS Lambda functions or AWS SDK supported programming languages.
You can also react faster to security alerts. For example, you may create automation to remove compromised user accounts or remove them from privileged security groups. In addition, IT administrators can manage Active Directory users and groups right from the AWS Management Console without the need to deploy bastion hosts or open network ports to the internet.
This new feature is available with no additional costs. Please refer to the AWS Directory Service documentation for the list of AWS Regions where CRUD APIs and Console for User and Group management is available.
To learn more about using these new APIs, please consult the Directory Store API reference section in both the AWS Directory Service Administration Guide and the AWS Directory Service Data API Guide.