Can you extend Microsoft® Azure® identities to AWS® cloud infrastructure? It’s an intriguing question, considering that Azure and AWS are fierce competitors in the Infrastructure-as-a-Service (IaaS) market.
Many IT organizations leverage Azure Active Directory® (AAD) to manage Azure users and AWS IAM to manage AWS accounts (and manually manage access to AWS cloud servers). So, it would be convenient if admins could leverage the same identity for both platforms.
Unfortunately, neither platform has the ability to connect with the other in a native sense. The good news is that it is possible to integrate both IaaS solutions with a neutral cloud directory and provide users with the same identity for both Azure and AWS.
Before the Neutral Cloud Directory
In the past, IT admins have primarily leveraged the Microsoft Active Directory® (AD) platform as a starting point for extending user identities to both Azure and AWS. AD is an on-prem directory services platform that was originally designed to manage on-prem networks of Windows®-based IT resources.
Through the use of add-on utilities such as AWS Directory Services and AWS Direct Connect, IT admins can integrate AWS with AD and extend on-prem AD identities to Windows-based cloud resources hosted at AWS. AD can also integrate with Azure AD via Azure AD Connect and extend on-prem user identities to Azure cloud resources.
So, by integrating both Azure AD and AWS Directory Service with AD, admins can potentially leverage the same user identity (i.e., the on-prem AD user identity) to connect users to both cloud platforms. However, there are a few significant challenges to consider with this approach.
Challenges with Traditional AD Setups
Traditional AD setups can result in complicated on-prem implementations. Not only must IT admins procure the right equipment, but they also must integrate AD throughout their environment and deal with the ongoing maintenance.
Additionally, traditional AD setups are primarily designed for on-prem, Windows-based domains. So, IT admins often find themselves locked in the Windows ecosystem and methodology, which can be limiting.
Another issue is that cloud infrastructure solutions represent one (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/extend-azure-identities-to-aws/