AWS Directory Service

Managed Microsoft Active Directory in the AWS Cloud

AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud. AWS Managed Microsoft AD is built on actual Microsoft Active Directory and does not require you to synchronize or replicate data from your existing Active Directory to the cloud. You can use standard Active Directory administration tools and take advantage of built-in Active Directory features, such as Group Policy and single sign-on (SSO). With AWS Managed Microsoft AD, you can easily join Amazon EC2 and Amazon RDS for SQL Server instances to your domain, and use AWS Enterprise IT applications such as Amazon WorkSpaces with Active Directory users and groups.

Introduction to AWS Directory Service

Benefits

Easily migrate directory-aware, on-premises workloads

AWS Managed Microsoft AD makes it easy to migrate Active Directory–dependent applications and Windows workloads to the AWS Cloud. With AWS Managed Microsoft AD, you can use Group Policies to manage EC2 instances and run AD-dependent applications in the AWS Cloud without the need to deploy your own AD infrastructure.

Use actual Microsoft Active Directory

Take advantage of actual Microsoft Active Directory to manage your users, groups, and devices. Use familiar Active Directory administration tools and Active Directory features, such as Group Policy objects (GPOs), domain trusts, fine-grain password policies, and Kerberos-based single sign-on. You can also delegate administrative tasks and authorize access using Active Directory security groups.

Share a single directory for cloud workloads

Share a single directory for all your Active Directory-aware Amazon EC2 instances, Amazon RDS for SQL Server instances, and AWS Enterprise IT applications such as Amazon WorkSpaces. You can also share your AD with multiple accounts. Using AWS Managed Microsoft AD helps avoid the complexity of replicating and synchronizing data across multiple directories.

Easily extend existing domains

AWS Managed Microsoft AD makes it easy to extend your existing Active Directory to the AWS Cloud. It enables you to leverage your existing on-premises user credentials to access cloud resources such as AWS Management console, Amazon Workspaces, Amazon Chime etc. and, Windows workloads in the cloud.

Centrally manage application access and devices in the AWS Cloud

Join your computers, laptops, and printers to a managed Active Directory domain. AWS Managed Microsoft AD makes it easy to extend your existing Active Directory to the AWS Cloud. It enables you to leverage your existing on-premises user credentials to access cloud resources such as AWS Management console, Amazon Workspaces, Amazon Chime etc. and, Windows workloads in the cloud. Microsoft AD provides you the option to administer your on-premises users, groups, applications, and systems without the complexity of running and maintaining an on-premises, highly available Active Directory.

Simplify administration with a managed service

AWS Managed Microsoft AD is built on highly available, AWS-managed infrastructure. Each directory is deployed across multiple Availability Zones, and monitoring automatically detects and replaces domain controllers that fail. In addition, data replication and automated daily snapshots are configured for you. You do not have to install software, and AWS handles all patching and software updates.

How it works

directory_service_howitworks

Use cases

Use Active Directory Group Policy objects (GPOs)

Many organizations use Active Directory GPOs to manage servers and workstations. With AWS Managed Microsoft AD, you can use GPOs to manage Amazon EC2 instances and Amazon WorkSpaces virtual desktops that are joined to your AWS Managed Microsoft AD domain.

Single sign-on (SSO) with Active Directory credentials

By configuring a trust from AWS Managed Microsoft AD to your existing Active Directory, AWS Managed Microsoft AD can serve as a resource domain. This enables your users to sign in with SSO using their existing corporate credentials to AWS services such as Amazon RDS for SQL Server, custom .NET applications, and AWS Enterprise IT applications such as Amazon WorkSpaces.

Highly available Active Directory in the AWS Cloud

By using a Virtual Private Network (VPN) or AWS Direct Connect from your Amazon Virtual Private Cloud (VPC) to your network, you can use AWS Managed Microsoft AD as the Active Directory for your on-premises environment. You can join computers to your domain, administer users and groups, and manage policies, all without the expense and effort of maintaining a highly available Active Directory.

Seamlessly Domain Join Amazon EC2 Instances from Multiple Accounts & VPCs

By sharing your AWS Managed Microsoft AD directory, you can domain join Amazon EC2 instances seamlessly using the Amazon EC2 console or AWS Systems Manager (SSM). This enables you to easily deploy your directory-aware workloads on Amazon EC2 instances by reducing the manual configuration to domain join your instances and, the need to deploy directories in each account and VPC.

Learn more about AWS Directory Service

Visit the features page
Ready to build?
Get started with AWS Directory Service
Have more questions?
Contact us