• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 295
  • Last Modified:

Does AWS have a replacement for Active Directory?

I have a small network that I want to use Dropbox for storage.
I need to be able to centrally authenticate my users and also push out policies like GPO's.

Does AWS have this sort of service?
All my users computers will be on premise, not in the cloud.
0
ie0
Asked:
ie0
  • 2
1 Solution
 
George KhairallahCTOCommented:
AWS does have a directory service, which is Microsoft Active Directory compatible, and does support GPO.
You can read more about it here:
https://aws.amazon.com/directoryservice/

Though from what you're asking, it sounds like you would need to establish a VPC with a VPN gateway to your on-prem environment to authenticate that way. Typically for this type of scenario, it's more customary to use an on-prem AD service with an AWS EC2 instance with AD on it, to extend your on-prem environment. The Active Directory service provided by AWS, IMHO is more suited for workloads that are implemented within the AWS structure or within a specific VPC.

Hope this helps,
1
 
ie0Author Commented:
Sorry, I should have explained, I do not have an on premise AD server.
0
 
George KhairallahCTOCommented:
Correct. I understood that you didn't.
I was simply suggesting that it's usually best practice to have your AD server on premise and have RODC or even a normal DC in the cloud.
But, for an answer directly to your concern, you should be able to use AWS's directory service and connect it to your on-prem machines, but for that, you will need to use AWS's VPN service within the VPC, to connect your on-prem network, and your AWS network.  You will likely be ok as far as cost with the AWS Directory Service, as it's not too expensive, especially if you're good with just a small instance, but there is also a cost associated with the VPN service to keep in mind.

You might also want to look at the SimpleAD FAQ here:
https://aws.amazon.com/directoryservice/faqs/ 

As it will show you what SimpleAD can and cannot do. If it does meet your needs, then great, otherwise, you may be better served with installing AD on an AWS EC2 instance, and connecting it to your environment in the same way. (i.e: VPN)

Hope this helps :)
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now