By Greg Keller Posted July 1, 2017
As the Infrastructure-as-a-Service provider AWS has grown substantially, there has been a great deal of interest in how to manage it well. There are a number of factors in being able to manage AWS cloud servers. Among the most critical items on this list is how to tightly control and manage AWS authentication.
What is AWS Authentication?
Authentication to AWS can mean a number of things, and it’s important to clearly define the places that IT admins and DevOps engineers need to access and manage. The AWS console, which is an important part of the platform, is generally managed by the AWS Identity Access Management (IAM) product. Beyond IAM, access to the local server is critical. For example, this refers to the Linux and Windows cloud servers hosted at AWS. But, it also includes specific services like RDS, RedShift, and others. Each of these services also have logins that users may need, adding to the amount of authentication needed.
As you can see, AWS authentication can refer to a large number of different functions. One of the key challenges that IT admins and DevOps engineers face with this is that AWS is often treated as an island. The on-prem AWS authentication platform is kept separate from the core directory service. This is a hassle that AWS has tried to address with their Directory Services solution, but unfortunately it really is just a bridge from the on-prem Active Directory instance that a client has. The approach doesn’t streamline an organization’s approach to AWS authentication, but rather complicates it.
AWS Directory Service Issues
The trouble with AWS Directory Service’s approach is that it presumes two things – one, that Microsoft Active Directory® is in use; and, two, that the client wants to have their identity provider on-prem. Both of those assumptions in the era of the cloud are not easy to guarantee. In fact, many IT organizations are shifting away from on-prem directory services in favor of cloud identity management. The challenge that AWS Directory Service presents is that the authentication platform exists as an island, and won’t be integrated with services such as G Suite, Google Cloud, Office 365, and more. This creates the question: “How will organizations manage their on-prem desktop authentication?”
The Directory-as-a-Service Solution
The solution for AWS authentication lives in the form of a cloud identity management platform called Directory-as-a-Service®. As a modern IDaaS solution, the unified cloud directory service has a multitude of functions. DaaS is one central user management solution for AWS servers, SSO into the AWS IAM console, desktop authentication, and integration with services such as G Suite, Office 365, Google Cloud, and more. Directory-as-a-Service can be the central authentication solution for users to connect to virtually any IT resource – systems, applications, or networks – regardless of protocol, provider, platform, or location.
For IT and DevOps organizations, this cloud-based IAM approach is a replacement for the on-prem Active Directory instance and eliminates the silo of AWS Directory Service.
Directory-as-a-Service and AWS Authentication
If you would like to learn more about AWS authentication and how our cloud directory can support your needs, drop us a note. Or, sign-up for a free virtual identity provider account and check it out for yourself. Your first 10 users are free forever.