Q: What is AWS Directory Service?

AWS Directory Service is a managed service offering, providing directories that contain information about your organization, including users, groups, computers, and other resources. As a managed offering, AWS Directory Service is designed to reduce management tasks, thereby allowing you to focus more of your time and resources on your business. There is no need to build out your own complex, highly-available directory topology because each directory is deployed across multiple Availability Zones, and monitoring automatically detects and replaces domain controllers that fail. In addition, data replication and automated daily snapshots are configured for you. There is no software to install and AWS handles all of the patching and software updates.

You can learn more about AWS Directory Service on the AWS Directory Service website.

Q: What can I do with AWS Directory Service?

AWS Directory Service makes it easy for you to setup and run directories in the AWS cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory. Once your directory is created, you can use it to manage users and groups, provide single sign-on to applications and services, create and apply group policy, join Amazon EC2 instances to a domain, as well as simplify the deployment and management of cloud-based Linux and Microsoft Windows workloads. AWS Directory Service enables your end users to use their existing corporate credentials when accessing AWS applications, such as Amazon WorkSpaces, Amazon WorkDocs and Amazon WorkMail, as well as directory-aware Microsoft workloads, including custom .NET and SQL Server-based applications. Finally, you can use your existing corporate credentials to administer AWS resources via AWS Identity and Access Management (IAM) role-based access to the AWS Management Console, so you do not need to build out more identity federation infrastructure.

Q: How are AWS Managed Microsoft AD directories deployed?

AWS Managed Microsoft AD directories are deployed across two Availability Zones in a region by default and connected to your Amazon Virtual Private Cloud (VPC). Backups are automatically taken once per day, and the Amazon Elastic Block Store (EBS) volumes are encrypted to ensure that data is secured at rest. Domain controllers that fail are automatically replaced in the same Availability Zone using the same IP address, and a full disaster recovery can be performed using the latest backup.

Q: How do I manage users and groups for AWS Managed Microsoft AD?

You can use your existing Active Directory tools—running on Windows computers that are joined to the AWS Managed Microsoft AD domain—to manage users and groups in AWS Managed Microsoft AD directories. No special tools, policies, or behavior changes are required.

Q: Where can I access AWS Directory Service technical documentation?

You can access Amazon WorkSpaces technical documentation here. You can access AWS Directory Service technical documentation here.

Q: How much does AWS Directory Service cost?

Please see the AWS Directory Service pricing page for the latest information.

Q: What do I do once I’ve completed this project?

All of the resources in your environment are launched under your account. You can continue to use the resources you’ve created, you can provision additional resources, or you can remove them at any time. You will incur charges for any usage of AWS services.

Q: How can I get in touch with someone to discuss Amazon WorkSpaces or AWS Directory Service?

Contact us by filling out the form on this page.