Amazon announced earlier this week that they have released a new identity management service that will allow systems administrators to connect their on premises domain controllers into the AWS cloud so that applications that run in the cloud can be secured using your organization’s native active directory infrastructure. This type of authentication was previously achieved by setting up a federated active directory server that synced with the on premises domain controller. While this setup works, the implementation is clunky and error prone.
AWS has simplified this implementation by releasing the AWS Directory Service. The FAQ located on the AWS site mentions that the new AD connector “enables you to easily connect your existing Microsoft Active Directory to the AWS Cloud without requiring complex directory synchronization technologies and avoiding the cost and complexity of hosting a SAML-based federation infrastructure.” The splash page for AWS directory service notes that the solution is a “managed service that allows you to connect your AWS resources with an existing on-premises Microsoft Active Directory or to set up a new, stand-alone directory in the AWS Cloud.”
The benefits of an Active Directory based authentication system opens a world of possibilities for those who build corporate applications and publish them in the AWS cloud. Being able to provide seamless administration and integration of your AWS resources is a key benefit to this new system. Amazon goes on to mention that since AWS Directory Service is a managed service, there are no updates or patches that administrators will have to worry about. Amazon continues explaining their new service as being billed hourly, therefore organizations are only charged for what they use. Amazon mentions that the AWS Directory Service can service multinational organizations with an infinite amount of employees just as easily as they can service a start up using this new innovative public cloud feature.