Now You Can Encrypt LDAP Communication with AWS Directory Service for Microsoft Active Directory

Posted on: Sep 26, 2017

Starting today, you can encrypt Lightweight Directory Access Protocol (LDAP) communication between your applications and AWS Directory Service for Microsoft Active Directory, also known as AWS Microsoft AD. Many Windows and Linux applications use LDAP to read and update information about users and devices, including personally identifiable information (PII). Now you can enable LDAP over Secure Sockets Layer (SSL)/Transport Layer Security (TLS), also called LDAPS, to encrypt your LDAP communications end to end. This helps you protect PII and other sensitive information exchanged with AWS Microsoft AD over untrusted networks.

To enable LDAPS, add a Microsoft enterprise Certification Authority (CA) server to your AWS Microsoft AD domain and configure certificate templates for your AWS Microsoft AD domain controllers. After you enable LDAPS, AWS Microsoft AD encrypts communications with many Windows applications, Linux computers that use Secure Shell (SSH), and applications such as Jira and Jenkins. 

AWS Microsoft AD is available in the US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Canada (Central), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), EU (Ireland), EU (Frankfurt), EU (London), and South America (São Paulo) Regions. 

To learn more about AWS Microsoft AD and how to enable LDAPS for your managed directory, see How to Enable LDAPS for Your AWS Microsoft AD Directory.