Does AWS have a replacement for Active Directory?

I have a small network that I want to use Dropbox for storage.
I need to be able to centrally authenticate my users and also push out policies like GPO's.

Does AWS have this sort of service?
All my users computers will be on premise, not in the cloud.
ie0Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

George KhairallahCTOCommented:
AWS does have a directory service, which is Microsoft Active Directory compatible, and does support GPO.
You can read more about it here:
https://aws.amazon.com/directoryservice/

Though from what you're asking, it sounds like you would need to establish a VPC with a VPN gateway to your on-prem environment to authenticate that way. Typically for this type of scenario, it's more customary to use an on-prem AD service with an AWS EC2 instance with AD on it, to extend your on-prem environment. The Active Directory service provided by AWS, IMHO is more suited for workloads that are implemented within the AWS structure or within a specific VPC.

Hope this helps,
ie0Author Commented:
Sorry, I should have explained, I do not have an on premise AD server.
George KhairallahCTOCommented:
Correct. I understood that you didn't.
I was simply suggesting that it's usually best practice to have your AD server on premise and have RODC or even a normal DC in the cloud.
But, for an answer directly to your concern, you should be able to use AWS's directory service and connect it to your on-prem machines, but for that, you will need to use AWS's VPN service within the VPC, to connect your on-prem network, and your AWS network.  You will likely be ok as far as cost with the AWS Directory Service, as it's not too expensive, especially if you're good with just a small instance, but there is also a cost associated with the VPN service to keep in mind.

You might also want to look at the SimpleAD FAQ here:
https://aws.amazon.com/directoryservice/faqs/ 

As it will show you what SimpleAD can and cannot do. If it does meet your needs, then great, otherwise, you may be better served with installing AD on an AWS EC2 instance, and connecting it to your environment in the same way. (i.e: VPN)

Hope this helps :)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AWS

From novice to tech pro — start learning today.