- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
If you want to extend an on-premises Active Directory (AD) to AWS, you may deploy an AD service on EC2 instances, however in that case you will need to manage the Operating System and the AD on these EC2 instances yourself.
An alternative option is to use AWS Managed Microsoft AD, which is an AWS-managed AD in the Cloud.
EC2 instances can be dynamically configured to use the required DNS server with the help of DHCP options sets to direct DNS queries to the on-premises AD or AWS Managed Microsoft AD if required.
You can also utilise Amazon Route 53 Resolver for DNS resolution between the on-premises network and AWS.
This AWS Architecture Blog post describes in detail how to run a hybrid AD service with AWS Managed Microsoft AD (it includes DNS resolution design options).
Hi, you may have a much more integrated way with IAM Identity center: https://aws.amazon.com/iam/identity-center/
It will easily integrate your on-prem AD: https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-ad.html
You can then federate your AD identities into IAM to define policies for them by remapping AD attributes: https://docs.aws.amazon.com/singlesignon/latest/userguide/attributemappingsconcept.html
What I like most for large-scale systems is native integration with AWS Organizations: https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html
Re. Route53, IAM Identity Center is well integrated: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/auth-and-access-control.html
Best,
Didier
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
hi sir thanks for reply
But in nutshell, should i install native Microsoft AD with DNS on AWS, or is there any other better option?
Thanks
Noel