Sync Active Directory with AWS

By Megan Anderson Posted December 23, 2019

AWS® has gained popularity as one of the best Infrastructure-as-a-Service (IaaS) providers in the world, allowing many companies to replace their on-prem data centers. Oftentimes, though, Microsoft® Active Directory® (AD) remains the preferred tool for identity and access management.

Cybersecurity Live - Boston

Many organizations are looking for ways to extend their AD identities to AWS as a result. Connecting AD to cloud resources is a constant headache, however. Fortunately, there’s a more efficient way to do so.

Rooted in Active Directory

When on-prem infrastructures and Windows® computers were standard, Active Directory was the best tool for identity and access management (IAM). It consolidated users’ identities into one set of credentials so that no matter what on-prem Windows applications they used, they could access it with one login.

This was a blessing for IT admins because it meant they didn’t need to manage multiple identities for one user anymore. Soon, AD became the core resource for managing Windows users and access permissions. However, that blissful time came to an end as “the cloud” accumulated. Organizations started to realize they could benefit from cloud infrastructure and applications more than on-prem resources, in many instances.

This is where the headaches began. While organizations shifted their infrastructures to the cloud, they continued to rely on AD for IAM. However, AD only managed user access to on-prem Windows applications via on-prem Windows devices (as it still does today). Other tools were needed to connect AD to cloud-hosted services.

Previously, data centers were connected via VPN to the on-prem AD instance to access their servers, but the preference for cloud providers (like AWS) to replace internal data centers led to a challenge for how to connect AD to these now public cloud servers. As such, alternative solutions were called for.

AWS Directory Service for Active Directory

Today, admins may use AWS Directory Service to sync on-prem Active Directory identities with AWS. The good news is that AWS handles the cloud Active Directory maintenance, but the bad news is that you still need to put in all of the (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Megan Anderson. Read the original post at: