AWS Security Blog

Category: AWS Directory Service

How to migrate your on-premises domain to AWS Managed Microsoft AD using ADMT

February 2, 2024: We’ve updated this post to fix broken links and added a note on migrating passwords. Customers often ask us how to migrate their on-premises Active Directory (AD) domain to AWS so they can be free of the operational management of their AD infrastructure. Frequently they are unsure how to make the migration […]

AWS Logo

How to Connect Your On-Premises Active Directory to AWS Using AD Connector

August 17, 2023: We updated the instructions and screenshots in this post to align with changes to the AWS Management Console. April 25, 2023: We’ve updated this blog post to include more security learning resources. AD Connector is designed to give you an easy way to establish a trusted relationship between your Active Directory and […]

Everything you wanted to know about trusts with AWS Managed Microsoft AD

Many Amazon Web Services (AWS) customers use Active Directory to centralize user authentication and authorization for a variety of applications and services. For these customers, Active Directory is a critical piece of their IT infrastructure. AWS offers AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, to provide a highly […]

Manage your AWS Directory Service credentials using AWS Secrets Manager

AWS Secrets Manager helps you protect the secrets that are needed to access your applications, services, and IT resources. With this service, you can rotate, manage, and retrieve database credentials, API keys, OAuth tokens, and other secrets throughout their lifecycle. The secret value rotation feature has built-in integration for services like Amazon Relational Database Service […]

How to monitor and track failed logins for your AWS Managed Microsoft AD

AWS Directory Service for Microsoft Active Directory provides customers with the ability to review security logs on their AWS Managed Microsoft AD domain controllers by either using a domain management Amazon Elastic Compute Cloud (Amazon EC2) instance or by forwarding domain controller security event logs to Amazon CloudWatch Logs. You can further improve visibility by […]

Highlights from the latest AWS Identity launches

August 10, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. Here is the latest from AWS Identity from November 2020 through February 2021. The features highlighted in this blog post can help you manage […]

Secure and automated domain membership management for EC2 instances with no internet access

In this blog post, I show you how to deploy an automated solution that helps you fully automate the Active Directory join and unjoin process for Amazon Elastic Compute Cloud (Amazon EC2) instances that don’t have internet access. Managing Active Directory domain membership for EC2 instances in Amazon Web Services (AWS) Cloud is a typical […]

Use a single AWS Managed Microsoft AD for Amazon RDS for SQL Server instances in multiple Regions

Many Amazon Web Services (AWS) customers use Active Directory to centralize user authentication and authorization for a variety of applications and services. For these customers, Active Directory is a critical piece of their IT infrastructure. AWS offers AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, to provide a highly […]

Automate domain join for Amazon EC2 instances from multiple AWS accounts and Regions

As organizations scale up their Amazon Web Services (AWS) presence, they are faced with the challenge of administering user identities and controlling access across multiple accounts and Regions. As this presence grows, managing user access to cloud resources such as Amazon Elastic Compute Cloud (Amazon EC2) becomes increasingly complex. AWS Directory Service for Microsoft Active […]

Enable Office 365 with AWS Managed Microsoft AD without user password synchronization

In this post, we explain how you can use AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) to enable your users to access Microsoft Office 365 without synchronizing passwords using Azure Active Directory (Azure AD) Pass-through Authentication (PTA). This makes it easier to configure Microsoft Office 365 with AWS Managed Microsoft AD. […]