Back to Catalog
Security & Compliance

AWS Directory Service

"Managed Microsoft Active Directory in the AWS Cloud."

What is AWS Directory Service?

AWS Directory Service provides managed directories for those who need Microsoft Active Directory (AD) in the cloud. It allows you to use your existing corporate credentials (username/password) to access AWS applications like Amazon WorkSpaces, QuickSight, or log in to Windows EC2 instances.

Key Concepts

1. AWS Managed Microsoft AD

  • Actual Microsoft AD running on AWS infrastructure.
  • Best for "Trusts" with on-prem AD and complex AD features (Group Policy).

2. AD Connector

  • A proxy/gateway. It doesn't store users in the cloud; it just redirects authentication requests to your on-prem AD.
  • Use this to keep users only on-prem.

3. Simple AD

  • Stand-alone Samba 4 directory compatible with Active Directory.
  • Low cost, basic features. No "Trust" relationships.

Exam Tips

[!IMPORTANT] "Microsoft Active Directory in AWS" or "Use existing corporate credentials for AWS": The answer is AWS Directory Service.

[!NOTE] If the scenario mentions establishing a Trust relationship with on-prem AD, choose AWS Managed Microsoft AD. If it mentions "low cost" or "Samba", choose Simple AD.

Common Use Cases

  • Single Sign-On (SSO): Letting employees use their Windows login for AWS Console.
  • Windows Workloads: Domain-joining Windows EC2 instances.
Certificate Manager (ACM)
AWS STS
SWIPE ZONE
< DRAG ME >