Best practices for running Microsoft Active Directory Services on AWS
To extend Active Directory Services from on-prem to AWS - that is the question
I watched a very informative video by Boris Nisenbaum at AWS
These are my video notes , with some added questions\ comments . Full video at bottom
Options for running MS Active Directory (AD) on AWS
Primary reason to deploy AD is to support Windows workloads running on AWS. A standard use case - might be deploying AWS RDS SQL Server with Single-Sign on with on-prem resources
Option 1 : self managed AWS EC2. Deploy domain controllers and add to forest
--expand on-premises and extend the corporate AD
--retain full admin access
Option 2: AWS Managed Microsoft AD
- based on MS AD
-single tenant , dedicated to customer
- default of 2 domain controllers
- provides delegated admin authority
- supports standard AD management tools
-AWS managed infrastructure
-seamless integration with AWS services such as RDS
Common deployment patterns
-extending your AD to AWS on Amazon EC2
- 2 DC to 2 Regions
-AWS AD - deploy a separate active forest with one or two -way truct
- will allow\support access to on-prem resources
Patterns for architecture
- common single region - AD on Amazon EC2
- Multi-region design - AD on Amazon EC2
-AWS managed AD - single region
-AWS managed AD - multi region
benefits of managed AD
- seamless integration with AD
- reduce management overhead
- faster deployments using APIs
- High Availability
SQL Server RDS will only work with AWS AD managed services to work with SSO . A one-way or two-way trust is required
Watch the full video