I really like the types of Services Amazon is concentrating these days – Directory Services, Zocalo, Containers, Lambda etc.; this clearly shows the length and breadth of Innovation Areas in AWS. Lets look into what is AWS Directory Service AD Connector, this time.
What is AD Connector ?
- AD Connector is SaaS-like offering – Plug and Play Service; fully managed by Amazon
- Make use of existing Active Directory Running On-Premises / Cloud to Authenticate and Authorize AWS Console and AWS Resources; this means you don’t need to create & manage IAM users from AWS Console, but make use of the AD which is already configured in your data center.
- Continue using centralized credentials, users, access, policy from the same Corporate Directory; but this time for the AWS Console & AWS Resources.
- The Directory Synchronization, Availability, Connectivity, Federation are taken care by the service
- The MFA authentication can also be enabled if required.
What are the Prerequisites ?
- VPC with 2 Subnets in different Availability Zone
- Hardware VPN Connection to AWS VPC
- Firewall & Ports opened for 53 (DNS), 88 (Kerberos), 389(LDAP) – TCP / UDP appropriately
What are your Responsibilities ?
- Creation of IAM Roles to map the Active Directory Users / Groups
- Ensure the Uptime & Connectivity of the On-Premises Active Directory
What are the AWS Resources created by AD Connector in the Account ?
- 2 ENIs ( Places in the specified Subnets )
- 2 Security Groups ( Each having All Traffic enabled between themselves )
Can it be used for AD already running in EC2 ?
- Yes, Actually this post illustrates that exact use case.
Installation & Setup
- Once the Active Directory Domain Services are installed in the EC2 instance; you will need the details like user name & password, Net BIOS name, Directory DNS name.
- The important thing to note here is to use the PRIVATE IP of the EC2 Instance ( for this scenario )
- Once the the Setup is completed you get to see the status.