Microsoft Workloads on AWS
Category: Security, Identity, & Compliance
Secure API authorization in Amazon API Gateway using Microsoft Entra ID
In this blog post, we will guide you through the process of setting up an AWS Lambda authorizer with Microsoft Entra ID (formerly Azure Active Directory) using OpenID Connect (OIDC). This will allow you to use the authentication from Entra ID as an identity provider for your Amazon API Gateway. Securing your APIs is crucial […]
Accelerate Amazon EC2 Auto Scaling for Microsoft Windows workloads
In this blog post, we will present a sample solution and provide recommendations on how to reduce both the cost and time associated with a Microsoft Windows Server instance joining an Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling group up to 78%. Customers using Amazon EC2 Auto Scaling often desire faster scale-out times to […]
Automate rotating IAM credentials for SQL Server backups to Amazon S3
In this blog post, we will look at how to automate the rotation of the AWS Identity and Access Management (IAM) credentials synchronized with Microsoft SQL Server credentials to meet password rotation requirements. Solution overview The IAM Access key and Secret access key are used to create a SQL Server credential; therefore, to rotate the […]
Use custom attributes for Attribute-Based Access Control (ABAC) with Microsoft Entra ID and AWS IAM Identity Center
In this blog post, you will learn how to use custom attributes for Attribute-Based Access Control (ABAC) with Microsoft Entra ID (formerly known as Azure Active Directory) as the single sign-on (SSO) identity provider integrated with AWS IAM Identity Center (formerly known as AWS SSO). ABAC allows you to control access or fine-grained permissions to […]
Integrate multiple Microsoft Entra ID tenants with AWS IAM Identity Center
In this blog post, we will guide you through configuring cross-tenant synchronization with multiple Microsoft Entra ID tenants using AWS IAM Identity Center. By following the steps outlined in this post, you can simplify access to your Amazon Web Services (AWS) resources while enabling collaboration efforts between Entra ID tenants within your organization. Background Organizations […]
It’s end of support time again. Are your Microsoft Windows Servers secure?
With the upcoming end of support for Microsoft Windows Server 2012/2012 R2 on October 10, 2023, and the ongoing challenges faced by those on Windows Server 2008/2008 R2, many organizations find themselves in a delicate position. Transitioning away from these older versions isn’t always straightforward. Some organizations are running third-party software that is not yet […]
How to simplify certificate provisioning in Active Directory with AWS Private Certificate Authority
In this blog post, we will explore a new feature for AWS Private Certificate Authority (AWS Private CA), Connector for Active Directory, that can help you more easily provision certificates for users and machines within your Microsoft Active Directory (AD) environment with just a few clicks. AWS Private CA can accelerate your provisioning and reduce […]
Automate disaster recovery for your self-managed Active Directory on AWS
In this blog post, I will show how you can leverage Amazon Web Services (AWS) for disaster recovery (DR) for your self-managed Microsoft Active Directory (AD). I will also provide an automated solution to help you run on-demand, periodic DR tests of your AD infrastructure as part of your larger business continuity strategy. Introduction Most […]
Rotate Active Directory credentials stored in AWS Secrets Manager
In this blog post, I will show you how to use AWS Systems Manager (SSM) Automation to keep a service account’s password synchronized in Microsoft Active Directory (AD) and a Secret in AWS Secrets Manager encrypted with an AWS Key Management Service (KMS) customer managed key (CMK). This blog post uses AWS Secrets Manager, but […]
Synchronize Active Directory users to AWS IAM Identity Center using SCIM and PowerShell
In this blog post, I will show you how to use PowerShell to synchronize changes to Microsoft Active Directory (AD) users and groups for federated access to Amazon Web Services (AWS). Introduction Some customers have a well-established Active Directory Federation Service (ADFS) implementation and would like to leverage it for federated access to AWS via […]