AWS Security Blog

Tag: Active Directory

Join Us for AWS IAM Day on Monday, October 9, in San Francisco

Join us in San Francisco at the AWS Pop-up Loft for AWS IAM Day on Monday, October 9, from 9:30 A.M.–4:15 P.M. Pacific Time. At this free technical event, you will learn AWS Identity and Access Management (IAM) concepts from IAM product managers, as well as tools and strategies you can use for controlling access to your AWS […]

Read More

How to Enable LDAPS for Your AWS Microsoft AD Directory

Starting today, you can encrypt the Lightweight Directory Access Protocol (LDAP) communications between your applications and AWS Directory Service for Microsoft Active Directory, also known as AWS Microsoft AD. Many Windows and Linux applications use Active Directory’s (AD) LDAP service to read and write sensitive information about users and devices, including personally identifiable information (PII). […]

Read More

How to Establish Federated Access to Your AWS Resources by Using Active Directory User Attributes

To govern federated access to your AWS resources, it’s a common practice to use Microsoft Active Directory (AD) groups. When using AD groups, establishing federation requires the number of AD groups to be equal to the number of your AWS accounts multiplied by the number of roles in each of your AWS accounts. As you […]

Read More

How to Configure Even Stronger Password Policies to Help Meet Your Security Standards by Using AWS Directory Service for Microsoft Active Directory

With AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as AWS Microsoft AD, you can now create and enforce custom password policies for your Microsoft Windows users. AWS Microsoft AD now includes five empty password policies that you can edit and apply with standard Microsoft password policy tools such as Active Directory […]

Read More

How to Enable the Use of Remote Desktops by Deploying Microsoft Remote Desktop Licensing Manager on AWS Microsoft AD

AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as AWS Microsoft AD, now supports Microsoft Remote Desktop Licensing Manager (RD Licensing). By using AWS Microsoft AD as the directory for your Remote Desktop Services solution, you reduce the time it takes to deploy remote desktop solutions on Amazon EC2 for Windows Server […]

Read More

How to Easily Log On to AWS Services by Using Your On-Premises Active Directory

AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as Microsoft AD, now enables your users to log on with just their on-premises Active Directory (AD) user name—no domain name is required. This new domainless logon feature makes it easier to set up connections to your on-premises AD for use with applications such […]

Read More

How to Enable Windows Integrated Authentication for RDS for SQL Server Using On-Premises Active Directory

On March 23, 2016, AWS announced that Amazon Relational Database Service for SQL Server (RDS for SQL Server) now supports authentication to AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as Microsoft AD. On April 7, 2016, AWS launched a new console feature for Microsoft AD that makes it easy for you […]

Read More

How to Use Shibboleth for Single Sign-On to the AWS Management Console

In a previous blog post (Enabling Federation to AWS using Windows Active Directory, ADFS, and SAML 2.0), we described how you can enable single sign-on (SSO) to the AWS Management Console using Active Directory Federation Services (ADFS) 2.0 and Security Assertion Markup Language (SAML) 2.0. SAML-based federation eliminates the need to maintain separate user identities […]

Read More

Enabling Federation to AWS Using Windows Active Directory, ADFS, and SAML 2.0

At this year’s re:Invent I had the opportunity to present on the topic of delegating access to your AWS environment. One use case I demonstrated was enterprise federation to AWS using Windows Active Directory (AD), Active Directory Federation Services (ADFS) 2.0, and SAML (Security Assertion Markup Language) 2.0. The presentation must have struck a nerve, because a […]

Read More

Enable Single Sign-On to the AWS Management Console via Shibboleth

<Repost from AWS Blog, here in its entirety> One of the most powerful features of AWS Identity and Access Management (IAM) is its ability to issue temporary security credentials and grant controlled access to people in a network without having to define individual identities for each user (i.e., identity federation). This enables customers to extend their existing authentication […]

Read More