本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
Use Case 1: Sign in to AWS applications and services with AD credentials
You can enable multiple AWS applications and services such as AWS 客户端 VPN
例如,您可以允许您的用户使用 AD 凭证登录 AWS 管理控制台
To further enhance the end user experience you can enable Single sign-on
You can grant access to user accounts in your directory or in your on-premises AD, so they can sign in to the AWS 管理控制台 or through the AWS CLI using their existing credentials and permissions to manage AWS resources by assigning IAM roles directly to the existing user accounts.
Amazon FSx for Windows File Server integration with AWS Managed Microsoft AD
Integrating Amazon FSx for Windows File Server with AWS Managed Microsoft AD provides a fully managed native Microsoft Windows based Server Message Block (SMB) protocol file system that allows you to easily move your Windows-based applications and clients (that utilize shared file storage) to AWS. Although Amazon FSx for Windows File Server can be integrated with a self-managed Microsoft Active Directory, we do not discuss that scenario here.
Common Amazon FSx use cases and resources
This section provides a reference to resources on common Amazon FSx for Windows File Server integrations with AWS Managed Microsoft AD use cases. Each of the use cases in this section start with a basic AWS Managed Microsoft AD and Amazon FSx for Windows File Server configuration. For more information about how to create these configurations, see:
Amazon Elastic Container Service (ECS)
Amazon ECS 通过称为组托管服务账户 (gMSA) 的特殊类型服务账户支持 Windows 容器的 Active Directory 身份验证。由于 Windows 容器无法加入域,因此必须将 Windows 容器配置为使用 gMSA 运行。
Related Items
Amazon AppStream 2.0
Related Items
Amazon FSx for Windows File Server can be used as a storage option for Microsoft SQL Server 2012 (starting with 2012 version 11.x) and newer system databases (including Master, Model, MSDB, and TempDB), and for Database Engine user databases.
Related Items
Amazon FSx for Windows File Server can be used to store data from Active Directory user home folders and My Documents in a central location. Amazon FSx for Windows File Server can also be used to store data from Roaming User Profiles.
Related items
Networked file shares on an Amazon FSx for Windows File Server provide a managed and scalable file sharing solution. One use case is mapped drives for clients that can be created manually or via Group Policy.
Related items
Because the size and performance of the SYSVOL folder is limited, you should as a best practice, avoid storing data such as software installation files in that folder. As a possible solution to this, Amazon FSx for Windows File Server can be configured to store all software files that are installed using Group Policy.
Related items
Amazon FSx for Windows File Server can be configured as a target drive in Windows Server Backup using the UNC file share. In this case, you would specify the UNC path to your Amazon FSx for Windows File Server instead of to the attached EBS volume.
Related Items
Amazon FSx also supports AWS Managed Microsoft AD Directory Sharing. For more information, see:
Amazon RDS integration with AWS Managed Microsoft AD
Amazon RDS supports external authentication of database users using Kerberos with Microsoft Active Directory. Kerberos is a network authentication protocol that uses tickets and symmetric-key cryptography to eliminate the need to transmit passwords over the network. Amazon RDS support for Kerberos and Active Directory provides the benefits of single sign-on and centralized authentication of database users so you can keep your user credentials in Active Directory.
To get started with this use case you'll first need to set up a basic AWS Managed Microsoft AD and Amazon RDS configuration.
All of the use cases referenced below will start with a base AWS Managed Microsoft AD and Amazon RDS and cover how to integrate Amazon RDS with AWS Managed Microsoft AD .
Amazon RDS also supports AWS Managed Microsoft AD Directory Sharing. For more information, see:
.NET application using Amazon RDS for SQL Server with group Managed Service Accounts
You can integrate Amazon RDS for SQL Server with a basic .NET application and group
Managed Service Accounts (gMSAs). For more information, see How AWS Managed Microsoft AD Helps to Simplify the Deployment and Improve the Security
of Active Directory–Integrated .NET Applications