Amazon Web Services (AWS) is an Infrastructure-as-a-Service (IaaS) platform that offers a wide range of cloud based IT resources like compute services, applications, data storage, and infrastructure for modern organizations. With over 1mm business customers, there is no doubt that AWS is the most dominant IaaS provider currently available [TechCrunch].
AWS is so powerful that it has made on-prem data centers and servers a thing of the past for many of organizations. Yet, while AWS has proven to be a valuable asset, it does present some significant challenges when it comes to identity management. That’s why many IT admins are looking for an AWS server user management as a service solution.
The good news is that better user management with AWS is possible when you leverage a complementary identity and access management (IAM) solution called Directory-as-a-Service®. Before explaining how, it is important to understand why AWS is necessary in current IT environments.
Why Organizations Choose AWS
IT organizations all over the world are making the leap to cloud infrastructure. Instead of building their own data centers or leveraging colocation centers, IT admins and DevOps engineers are leveraging AWS. Why? The IaaS model enables IT organizations to purchase only what they need and pay for it on a monthly basis. This avoids the need for massive cap-x spend, implementation, and management overhead of building a similar infrastructure on-prem.
AWS has also made tremendous inroads with a wide range of infrastructure services including compute, storage, and a laundry list of others. As a result, IT organizations are closer to being able to focus solely on their own core applications and needs rather than building infrastructure.
Why AWS Server User Management is a Challenge for IT
Unfortunately, one area where IT organizations using AWS are forced to spend significant time is identity and access management. Traditionally, IAM has lived on-prem with legacy software solutions. For most organizations, that has meant Microsoft Active Directory® (AD), which has been the directory service of choice and dominant IAM solution since the year 2000.
AD was tailored for an on-prem world with Microsoft Windows® at the core. Yet, as a major part of the IT infrastructure is moving to the cloud, the question quickly becomes whether Active Directory can work with AWS.
The truth is it can, but it is painful to make work. That’s why AWS has introduced their directory service solution which is effectively an Active Directory instance at AWS. The trouble with this approach is that IT organizations must now manage two AD servers and either sync them together or deal with two separate directories.
Either path is painful and neither accomplishes what IT admins and DevOps engineers are looking for – an AWS server user management as a service. Thus, bringing us back to the solution to this problem.
AWS Server User Management as a Service from JumpCloud
Directory-as-a-Service is a comprehensive IAM solution from the cloud. It offers a wide range of use cases that suit many organizations. One use case is as an AWS server user management as a service platform. In this use case, the cloud directory service is tuned to be a central identity provider independent of location, provider, protocol, and platform. It is also possible to extend an existing AD instance to AWS using this platform (see guide).
Directory-as-a-Service securely manages and connects user identities with systems (Windows, Mac, Linux), cloud and on-prem servers (AWS, Azure, GCP, and internal data centers), web and on-prem applications via LDAP and SAML, physical and virtual storage (Samba file servers, NAS devices, cloud storage systems such as Box / Dropbox), and wired and WiFi networks via RADIUS. In short, IT organizations need to only have one central identity provider and that can be utilized for on-prem IT resources as well as AWS cloud servers.
To learn more about how JumpCloud provides AWS server user management as a service, drop us a note. You can also sign up for a Directory-as-a-Service account and start managing your AWS users today. Your first ten users are free forever to help you demo the full functionality of our product for free.
This is a Security Bloggers Network syndicated blog post authored by Vince Lujan. Read the original post at: JumpCloud