You run a 2000-engineer organization.
You are about to begin using AWS on a large scale for the first time.
You want to integrate with your existing identity management system running on Microsoft Active Directory because your organization is a power-user of Active Directory.
How should you manage your AWS identities in the most simple manner?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B.
AD Connector is a directory gateway with which you can redirect directory requests to your on-premises Microsoft Active Directory without caching any information in the cloud.
Once set up, AD Connector offers the following benefits:
Your end-users and IT administrators can use their existing corporate credentials to log on to AWS applications such as Amazon WorkSpaces, Amazon WorkDocs, or Amazon WorkMail.
You can manage AWS resources like Amazon EC2 instances or Amazon S3 buckets through IAM role-based access to the AWS Management Console.
You can consistently enforce existing security policies (such as password expiration, password history, and account lockouts) whether users or IT administrators access resources in your on-premises infrastructure or the AWS Cloud.
You can use AD Connector to enable multi-factor authentication by integrating with your existing RADIUS-based MFA infrastructure to provide an additional layer of security when users access AWS applications.
For more information on the AD Connector, please visit the below URL:
http://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_ad_connector.htmlAs you are already using Microsoft Active Directory, the best option would be to integrate AWS with Active Directory. This would ensure that all the users and groups are managed in a central location and eliminates the need for creating and managing separate AWS identities.
AWS offers multiple options for integrating with Active Directory:
A. AWS Directory Service Simple AD: This option provides a standalone, managed directory service that is compatible with Microsoft Active Directory. It is a cost-effective option and is best suited for smaller organizations or for applications that require basic Active Directory features.
B. AWS Directory Service AD Connector: This option allows you to connect your on-premises Active Directory to AWS. This enables users to access AWS resources using their existing Active Directory credentials, without the need for creating separate AWS identities. This option is ideal for larger organizations that have complex Active Directory infrastructures.
C. AWS Directory Service for Microsoft Active Directory: This option provides a managed, highly available Active Directory that is compatible with Microsoft Active Directory. This option is ideal for organizations that require advanced Active Directory features and want to manage their Active Directory in the cloud.
D. AWS Directory Service for LDAP: This option allows you to connect your existing LDAP-compatible directory to AWS. This option is best suited for organizations that have legacy applications that rely on LDAP for authentication.
Based on the options provided, the best option would be B. Use AWS Directory Service AD Connector. This option allows you to connect your existing Active Directory to AWS and eliminates the need for creating separate AWS identities. This option is also ideal for larger organizations that have complex Active Directory infrastructures.