Use Case 1: Sign In to AWS Applications and Services with AD Credentials - AWS Directory Service
AWS services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with AWS services in China.

Use Case 1: Sign In to AWS Applications and Services with AD Credentials

You can enable multiple AWS applications and services such as AWS Client VPN, AWS Management Console, AWS Single Sign-On, Amazon Chime, Amazon Connect, Amazon FSx, Amazon QuickSight, Amazon RDS for SQL Server, Amazon WorkDocs, Amazon WorkMail, and Amazon WorkSpaces to use your AWS Managed Microsoft AD directory. When you enable an AWS application or service in your directory, your users can access the application or service with their AD credentials.

For example, you can enable your users to sign in to the AWS Management Console with their AD credentials. To do this, you enable the AWS Management Console as an application in your directory, and then assign your AD users and groups to IAM roles. When your users sign in to the AWS Management Console, they assume an IAM role to manage AWS resources. This makes it easy for you to grant your users access to the AWS Management Console without needing to configure and manage a separate SAML infrastructure.

To further enhance the end user experience you can enable Single Sign-On (SSO) capabilities for Amazon WorkDocs, which provides your users the ability to access Amazon WorkDocs from a computer joined to the directory without having to enter their credentials separately.

You can grant access to user accounts in your directory or in your on-premises AD, so they can sign in to the AWS Management Console or through the AWS CLI using their existing credentials and permissions to manage AWS resources by assigning IAM roles directly to the existing user accounts.

Amazon FSx for Windows File Server Integration with AWS Managed Microsoft AD

Integrating Amazon FSx for Windows File Server with AWS Managed Microsoft AD provides a fully managed native Microsoft Windows based Server Message Block (SMB) protocol file system that allows you to easily move your Windows-based applications and clients (that utilize shared file storage) to AWS. Although Amazon FSx for Windows File Server can be integrated with a self-managed Microsoft Active Directory, we do not discuss that scenario here.

Common Amazon FSx use cases and resources

This section provides a reference to resources on common Amazon FSx for Windows File Server integrations with AWS Managed Microsoft AD use cases. Each of the use cases in this section start with a basic AWS Managed Microsoft AD and Amazon FSx for Windows File Server configuration. For more information about how to create these configurations, see:

Amazon Elastic Container Service (ECS) supports Windows containers on container instances that are launched with the Amazon ECS-optimized Windows AMI. Windows container instances use their own version of the Amazon ECS container agent. On the Amazon ECS-optimized Windows AMI, the Amazon ECS container agent runs as a service on the host.

Amazon ECS supports Active Directory authentication for Windows containers through a special kind of service account called a group Managed Service Account (gMSA). Because Windows containers cannot be domain-joined, you must configure a Windows container to run with gMSA.

Related Items

Amazon AppStream 2.0 is a fully managed application streaming service. It provides a range of solutions for users to save and access data through their applications. Amazon FSx with AppStream 2.0 provides a personal persistent storage drive using Amazon FSx and can be configured to provide a shared folder to access common files.

Related Items

Amazon FSx for Windows File Server can be used as a storage option for Microsoft SQL Server 2012 (starting with 2012 version 11.x) and newer system databases (including Master, Model, MSDB, and TempDB), and for Database Engine user databases.

Related Items

Amazon FSx for Windows File Server can be used to store data from Active Directory user home folders and My Documents in a central location. Amazon FSx for Windows File Server can also be used to store data from Roaming User Profiles.

Related Items

Networked file shares on an Amazon FSx for Windows File Server provide a managed and scalable file sharing solution. One use case is mapped drives for clients that can be created manually or via Group Policy.

Related Items

Because the size and performance of the SYSVOL folder is limited, you should as a best practice, avoid storing data such as software installation files in that folder. As a possible solution to this, Amazon FSx for Windows File Server can be configured to store all software files that are installed using Group Policy.

Related Items

Amazon FSx for Windows File Server can be configured as a target drive in Windows Server Backup using the UNC file share. In this case, you would specify the UNC path to your Amazon FSx for Windows File Server instead of to the attached EBS volume.

Related Items

Amazon FSx also supports AWS Managed Microsoft AD Directory Sharing. For more information, see:

Amazon RDS Integration with AWS Managed Microsoft AD

Amazon RDS supports external authentication of database users using Kerberos with Microsoft Active Directory. Kerberos is a network authentication protocol that uses tickets and symmetric-key cryptography to eliminate the need to transmit passwords over the network. Amazon RDS support for Kerberos and Active Directory provides the benefits of single sign-on and centralized authentication of database users so you can keep your user credentials in Active Directory.

To get started with this use case you'll first need to set up a basic AWS Managed Microsoft AD and Amazon RDS configuration.

All of the use cases referenced below will start with a base AWS Managed Microsoft AD and Amazon RDS and cover how to integrate Amazon RDS with AWS Managed Microsoft AD .

Amazon RDS also supports AWS Managed Microsoft AD Directory Sharing. For more information, see:

.NET application using Amazon RDS for SQL Server with a group Managed Service Accounts

You can integrate Amazon RDS for SQL Server with a basic .NET application and group Managed Service Accounts (gMSAs). For more information, see How AWS Managed Microsoft AD Helps to Simplify the Deployment and Improve the Security of Active Directory–Integrated .NET Applications