AWS Directory Service のアイコン

AWS Directory Service Specialized2014年〜

A service that provides managed Active Directory on AWS

About 3 min read

What It Does

AWS Directory Service provides Microsoft Active Directory (AD) as a managed service in the cloud. It offers three directory types: AWS Managed Microsoft AD, AD Connector, and Simple AD. You can use the same capabilities as on-premises Active Directory - user and computer authentication, authorization, and Group Policy application - all in the cloud.

Use Cases

It is used as the user authentication foundation when migrating Windows workloads to AWS, for AD integration with AWS services like Amazon WorkSpaces and RDS for SQL Server, and for establishing trust relationships between on-premises AD and AWS environments. Enterprises with existing AD environments can continue using their user management systems as-is during cloud migration.

Everyday Analogy

Think of it like a company's employee badge system. If you have a badge (AD account), you can open office doors (access services). Directory Service runs this badge system in the cloud. You can even set it up so the same badge works at both headquarters (on-premises AD) and branch offices (AWS).

What Is Directory Service?

AWS Directory Service is a service for using Active Directory in the cloud. Active Directory (AD) is a system for centrally managing user accounts, computers, groups, and more in Windows environments. Many enterprises run AD on-premises, but with Directory Service, you can let AWS handle the setup, operation, and patching of AD.

Three Directory Types

AWS Managed Microsoft AD provides a fully featured Microsoft AD as a managed service. All AD capabilities including Group Policy, trust relationships, and LDAP are available. AD Connector acts as a proxy to your existing on-premises AD, allowing AWS services to reference your on-premises directory. Simple AD is a lightweight Samba-based directory suitable for small-scale environments.

Integration with AWS Services

Directory Service integrates with many AWS services. You can use AD-based authentication across AWS for Amazon WorkSpaces (virtual desktops) user authentication, RDS for SQL Server Windows authentication, Amazon FSx for Windows File Server access control, and single sign-on through AWS IAM Identity Center. For practical know-how on AWS service integration, books on Amazon are also helpful.

Getting Started

To get started with Directory Service, select a directory type in the console and create a directory. For AWS Managed Microsoft AD, specify a VPC and subnets, set the directory name and admin password, and your directory will be ready in minutes. If you need to establish a trust relationship with on-premises AD, a VPN or Direct Connect connection is required.

Things to Watch Out For

  • AWS Managed Microsoft AD places domain controllers in two AZs, so at least two subnets are required
  • AD Connector does not hold a directory itself - it acts as a proxy to on-premises AD, so a stable network connection to on-premises AD is a prerequisite
  • Simple AD does not support all Microsoft AD features, so choose AWS Managed Microsoft AD if you need Group Policy or trust relationships
共有するXB!

Related Services

Amazon WorkSpaces iconAmazon WorkSpacesA managed service providing cloud-based virtual desktops (VDI)Amazon FSx iconAmazon FSxFully managed file systems for Windows File Server, Lustre, NetApp ONTAP, and OpenZFSAmazon VPC iconAmazon VPCBuild a logically isolated virtual network on AWSAWS IAM Identity Center iconAWS IAM Identity CenterA service that provides single sign-on to multiple AWS accounts and SaaS applications

Related Articles

Active Directory Integration - Extending Your On-Premises Identity Infrastructure to the Cloud with AWS Directory ServiceLearn how to integrate Active Directory with the cloud using AWS Directory Service. This article covers how to choose between AWS Managed Microsoft AD, AD Connector, and Simple AD, and how to integrate with WorkSpaces, RDS, and FSx.Building Managed Active Directory with AWS Directory Service - Identity Management for Hybrid EnvironmentsSet up AWS Managed Microsoft AD and design trust relationships with on-premises AD. This article covers hybrid identity management through integration with WorkSpaces, RDS, and FSx.Virtual Desktop Strategy with Amazon WorkSpaces - VDI Migration Criteria and Cost DesignCovers Amazon WorkSpaces pricing models, protocol selection, directory integration, and security design, along with migration criteria from on-premises VDI and practical cost optimization techniques.Building Cloud Desktops with Amazon WorkSpaces - DaaS Design and Cost OptimizationOptimize costs based on usage patterns with AlwaysOn and AutoStop pricing models. Strengthen security with Active Directory integration, MFA, and IP access controls.

More in This Category

IAM Access Analyzer iconIAM Access Analyzer SpecializedA service that detects externally accessible resources and unused access permissionsAWS Certificate Manager iconAWS Certificate Manager EssentialA service that automates provisioning, management, and deployment of SSL/TLS certificatesAWS Artifact iconAWS Artifact SpecializedA service for on-demand access to AWS compliance reports and agreementsAWS Audit Manager iconAWS Audit Manager SpecializedA service that automates evidence collection and assessment for compliance auditsAWS CloudHSM iconAWS CloudHSM SpecializedA service for managing encryption keys using dedicated hardware security modulesAmazon Cognito iconAmazon Cognito PopularA service that provides authentication, authorization, and user management for web and mobile applicationsAmazon Detective iconAmazon Detective SpecializedA service that automatically analyzes security findings and investigates root causesAWS Firewall Manager iconAWS Firewall Manager SpecializedA service for centrally managing firewall rules across your entire AWS Organization

Similar Articles and Services

Active Directory Integration - Extending Your On-Premises Identity Infrastructure to the Cloud with AWS Directory ServiceLearn how to integrate Active Directory with the cloud using AWS Directory Service. This article covers how to choose between AWS Managed Microsoft AD, AD Connector, and Simple AD, and how to integrate with WorkSpaces, RDS, and FSx.Building Managed Active Directory with AWS Directory Service - Identity Management for Hybrid EnvironmentsSet up AWS Managed Microsoft AD and design trust relationships with on-premises AD. This article covers hybrid identity management through integration with WorkSpaces, RDS, and FSx.Amazon WorkSpacesA cloud DaaS (Desktop as a Service) that provides fully managed Windows or Linux virtual desktops accessible securely from any deviceBuilding Cloud Desktops with Amazon WorkSpaces - DaaS Design and Cost OptimizationOptimize costs based on usage patterns with AlwaysOn and AutoStop pricing models. Strengthen security with Active Directory integration, MFA, and IP access controls.