Integrating On-Premise Active Directory with AWS
Question
Your company has an on-premise Active Directory setup in place.
The company has extended their footprint on AWS , but still want to have the ability to use their on-premise Active Directory for authentication.
Which of the following AWS services can be used to ensure that AWS resources such as AWS Workspaces can continue to use the existing credentials stored in the on-premise Active Directory.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
The AWS Documentation mentions the following.
AD Connector is a directory gateway with which you can redirect directory requests to your on-premises Microsoft Active Directory without caching any information in the cloud.
AD Connector comes in two sizes, small and large.
A small AD Connector is designed for smaller organizations of up to 500 users.
A large AD Connector can support larger organizations of up to 5,000 users.
For more information on the AD connector, please refer to the below URL:
http://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_ad_connector.htmlThe correct answer is C. Use the Active Directory connector service on AWS.
When you have an on-premise Active Directory setup and want to extend it to AWS, there are different options available, but you need to ensure that the AWS resources such as AWS Workspaces can continue to use the existing credentials stored in the on-premise Active Directory.
Option A is not valid because the Active Directory service on AWS is a managed service that creates its own directory domain and is not meant to extend an existing on-premise Active Directory.
Option B is not recommended because Simple AD is a standalone directory service and does not support integration with an existing on-premise Active Directory.
Option D is not valid because ClassicLink is a feature that allows you to connect an EC2-Classic instance to a VPC, but it does not provide any integration with Active Directory.
Option C is the best option because it allows you to connect your on-premise Active Directory to AWS using a secure connection and establish a trust relationship between the on-premise Active Directory and AWS. This enables AWS resources such as AWS Workspaces to authenticate against the on-premise Active Directory without the need to replicate the entire directory to AWS.
To set up the Active Directory connector service, you need to deploy the AWS Directory Service Connector in your on-premise environment and configure it to establish a secure connection with AWS. You also need to configure the trust relationship between the on-premise Active Directory and AWS using the AWS Management Console or AWS CLI. Once the trust is established, you can use your existing credentials to authenticate to AWS resources such as AWS Workspaces.
