Use Case 1: Sign in to AWS applications and services with AD credentials - AWS Directory Service
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

Use Case 1: Sign in to AWS applications and services with AD credentials

You can enable multiple AWS applications and services such as AWS 客户端 VPN, AWS 管理控制台, AWS Single Sign-On, Amazon Chime, Amazon Connect, Amazon FSx, Amazon QuickSight, Amazon RDS for SQL Server, Amazon WorkDocs, Amazon WorkMail, and Amazon WorkSpaces to use your AWS Managed Microsoft AD directory. 当您启用目录中的一个 AWS 应用程序或服务时,您的用户可使用其 AD 凭证访问此应用程序或服务。

例如,您可以允许您的用户使用 AD 凭证登录 AWS 管理控制台. 为此,请在您的目录中将 AWS 管理控制台作为应用程序启用,然后为您的 AD 用户和组分配 IAM 角色。当您的用户登录 AWS 管理控制台时,他们将代入 IAM 角色来管理 AWS 资源。这使您可以轻松为您的用户授予对 AWS 管理控制台的访问权限,而无需配置和管理单独的 SAML 基础设施。

To further enhance the end user experience you can enable Single sign-on (SSO) capabilities for Amazon WorkDocs, which provides your users the ability to access Amazon WorkDocs from a computer joined to the directory without having to enter their credentials separately.

You can grant access to user accounts in your directory or in your on-premises AD, so they can sign in to the AWS 管理控制台 or through the AWS CLI using their existing credentials and permissions to manage AWS resources by assigning IAM roles directly to the existing user accounts.

Amazon FSx for Windows File Server integration with AWS Managed Microsoft AD

Integrating Amazon FSx for Windows File Server with AWS Managed Microsoft AD provides a fully managed native Microsoft Windows based Server Message Block (SMB) protocol file system that allows you to easily move your Windows-based applications and clients (that utilize shared file storage) to AWS. Although Amazon FSx for Windows File Server can be integrated with a self-managed Microsoft Active Directory, we do not discuss that scenario here.

Common Amazon FSx use cases and resources

This section provides a reference to resources on common Amazon FSx for Windows File Server integrations with AWS Managed Microsoft AD use cases. Each of the use cases in this section start with a basic AWS Managed Microsoft AD and Amazon FSx for Windows File Server configuration. For more information about how to create these configurations, see:

Amazon Elastic Container Service (ECS) supports Windows containers on container instances that are launched with the Amazon ECS-optimized Windows AMI. Windows 容器实例使用其自己的 Amazon ECS 容器代理版本。On the Amazon ECS-optimized Windows AMI, the Amazon ECS container agent runs as a service on the host.

Amazon ECS 通过称为组托管服务账户 (gMSA) 的特殊类型服务账户支持 Windows 容器的 Active Directory 身份验证。由于 Windows 容器无法加入域,因此必须将 Windows 容器配置为使用 gMSA 运行。

Related Items

Amazon AppStream 2.0 is a fully managed application streaming service. It provides a range of solutions for users to save and access data through their applications. Amazon FSx with AppStream 2.0 provides a personal persistent storage drive using Amazon FSx and can be configured to provide a shared folder to access common files.

Related Items

Amazon FSx for Windows File Server can be used as a storage option for Microsoft SQL Server 2012 (starting with 2012 version 11.x) and newer system databases (including Master, Model, MSDB, and TempDB), and for Database Engine user databases.

Related Items

Amazon FSx for Windows File Server can be used to store data from Active Directory user home folders and My Documents in a central location. Amazon FSx for Windows File Server can also be used to store data from Roaming User Profiles.

Related items

Networked file shares on an Amazon FSx for Windows File Server provide a managed and scalable file sharing solution. One use case is mapped drives for clients that can be created manually or via Group Policy.

Related items

Because the size and performance of the SYSVOL folder is limited, you should as a best practice, avoid storing data such as software installation files in that folder. As a possible solution to this, Amazon FSx for Windows File Server can be configured to store all software files that are installed using Group Policy.

Related items

Amazon FSx for Windows File Server can be configured as a target drive in Windows Server Backup using the UNC file share. In this case, you would specify the UNC path to your Amazon FSx for Windows File Server instead of to the attached EBS volume.

Related Items

Amazon FSx also supports AWS Managed Microsoft AD Directory Sharing. For more information, see:

Amazon RDS integration with AWS Managed Microsoft AD

Amazon RDS supports external authentication of database users using Kerberos with Microsoft Active Directory. Kerberos is a network authentication protocol that uses tickets and symmetric-key cryptography to eliminate the need to transmit passwords over the network. Amazon RDS support for Kerberos and Active Directory provides the benefits of single sign-on and centralized authentication of database users so you can keep your user credentials in Active Directory.

To get started with this use case you'll first need to set up a basic AWS Managed Microsoft AD and Amazon RDS configuration.

All of the use cases referenced below will start with a base AWS Managed Microsoft AD and Amazon RDS and cover how to integrate Amazon RDS with AWS Managed Microsoft AD .

Amazon RDS also supports AWS Managed Microsoft AD Directory Sharing. For more information, see:

.NET application using Amazon RDS for SQL Server with group Managed Service Accounts

You can integrate Amazon RDS for SQL Server with a basic .NET application and group Managed Service Accounts (gMSAs). For more information, see How AWS Managed Microsoft AD Helps to Simplify the Deployment and Improve the Security of Active Directory–Integrated .NET Applications