AWS Directory Service
Managed Microsoft Active Directory in the AWS Cloud
AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud. AWS Managed Microsoft AD is built on actual Microsoft Active Directory and does not require you to synchronize or replicate data from your existing Active Directory to the cloud. You can use standard Active Directory administration tools and take advantage of built-in Active Directory features, such as Group Policy and single sign-on (SSO). With AWS Managed Microsoft AD, you can easily join Amazon EC2 and Amazon RDS for SQL Server instances to your domain, and use AWS Enterprise IT applications such as Amazon WorkSpaces with Active Directory users and groups.
Easily migrate directory-aware, on-premises workloads
AWS Managed Microsoft AD makes it easy to migrate Active Directory–dependent applications and Windows workloads to the AWS Cloud. With AWS Managed Microsoft AD, you can use Group Policies to manage EC2 instances and run AD-dependent applications in the AWS Cloud without the need to deploy your own AD infrastructure.
Use actual Microsoft Active Directory
Take advantage of actual Microsoft Active Directory to manage your users, groups, and devices. Use familiar Active Directory administration tools and Active Directory features, such as Group Policy objects (GPOs), domain trusts, fine-grain password policies, and Kerberos-based single sign-on. You can also delegate administrative tasks and authorize access using Active Directory security groups.
Share a single directory for cloud workloads
Share a single directory for all your Active Directory-aware Amazon EC2 instances, Amazon RDS for SQL Server instances, and AWS Enterprise IT applications such as Amazon WorkSpaces. You can also share your AD with multiple accounts. Using AWS Managed Microsoft AD helps avoid the complexity of replicating and synchronizing data across multiple directories.
Easily extend existing domains
AWS Managed Microsoft AD makes it easy to extend your existing Active Directory to the AWS Cloud. It enables you to leverage your existing on-premises user credentials to access cloud resources such as AWS Management console, Amazon Workspaces, Amazon Chime etc. and, Windows workloads in the cloud.
Centrally manage application access and devices in the AWS Cloud
Join your computers, laptops, and printers to a managed Active Directory domain. AWS Managed Microsoft AD makes it easy to extend your existing Active Directory to the AWS Cloud. It enables you to leverage your existing on-premises user credentials to access cloud resources such as AWS Management console, Amazon Workspaces, Amazon Chime etc. and, Windows workloads in the cloud. Microsoft AD provides you the option to administer your on-premises users, groups, applications, and systems without the complexity of running and maintaining an on-premises, highly available Active Directory.
Simplify administration with a managed service
AWS Managed Microsoft AD is built on highly available, AWS-managed infrastructure. Each directory is deployed across multiple Availability Zones, and monitoring automatically detects and replaces domain controllers that fail. In addition, data replication and automated daily snapshots are configured for you. You do not have to install software, and AWS handles all patching and software updates.
How it works
Use Active Directory Group Policy objects (GPOs)
Single sign-on (SSO) with Active Directory credentials
By configuring a trust from AWS Managed Microsoft AD to your existing Active Directory, AWS Managed Microsoft AD can serve as a resource domain. This enables your users to sign in with SSO using their existing corporate credentials to AWS services such as Amazon RDS for SQL Server, custom .NET applications, and AWS Enterprise IT applications such as Amazon WorkSpaces.
Highly available Active Directory in the AWS Cloud
By using a Virtual Private Network (VPN) or AWS Direct Connect from your Amazon Virtual Private Cloud (VPC) to your network, you can use AWS Managed Microsoft AD as the Active Directory for your on-premises environment. You can join computers to your domain, administer users and groups, and manage policies, all without the expense and effort of maintaining a highly available Active Directory.
Seamlessly Domain Join Amazon EC2 Instances from Multiple Accounts & VPCs
By sharing your AWS Managed Microsoft AD directory, you can domain join Amazon EC2 instances seamlessly using the Amazon EC2 console or AWS Systems Manager (SSM). This enables you to easily deploy your directory-aware workloads on Amazon EC2 instances by reducing the manual configuration to domain join your instances and, the need to deploy directories in each account and VPC.