Can I Extend Active Directory® To AWS?

By Natalie Bluhm Posted August 18, 2017

IT admins and DevOps engineers know that it is painful to manage user access to Amazon Web Services cloud servers. There aren’t great user management options for organizations that have an established cloud IT infrastructure. Microsoft Active Directory® has been a leading user management platform, so many IT admins and DevOps engineers find themselves asking, “Is it possible to extend Active Directory to AWS?”

Active Directory was Built for a Different Era

old office

The idea has a lot of merit. You already have an identity for an individual internally. Generally that identity is stored within Microsoft Active Directory internally. However, Active Directory was built in an era where infrastructure and applications remained on-prem, and users primarily used Windows systems. AD worked great in this kind of IT ecosystem. But the modern office has moved on from on-prem and Windows endpoints. Today, IT struggles to connect AD with modern IT resources like cloud infrastructure, web applications, and non-Windows devices.

Active Directory doesn’t Work well with AWS

With over 1 million businesses shifting their network infrastructure to AWS, it is a real problem figuring out how to connect on-prem identities stored within AD to AWS (Ars Technica).

Active Directory fails in the cloud

IT admins and DevOps engineers have a few options:

  • Manually manage users in AWS and don’t connect access back to the on-prem AD instance
  • Create another AD instance at AWS and connect that back to the on-prem AD instance
  • Extend the on-prem AD instance to AWS via a cloud identity bridge

Manually managing access to AWS cloud servers is challenging with any DevOps organization of any reasonable size. There are too many issues that can occur such as not provisioning the right access or accidentally deleting access.

Creating another AD instance in the cloud ends up being a significant amount of extra work with more moving parts, and not to mention the cost of another AD implementation.

Use JumpCloud’s AD Integration and Extend AD Identities to AWS  

Extending AD to the cloud via a cloud identity bridge keeps the on-prem Active Directory instance as the authoritative identity provider, but through AD Integration it federates those identities to AWS cloud servers as required.

With AD Integration, there is no extra AD server, hardware to implement, or additional software to run and manage. You simply leverage the cloud identity bridge as a SaaS-based platform. You can connect your AD credentials to AWS, Linux and Windows cloud servers, on-prem Mac laptops, G Suite, or even Google Cloud Platform.

If you’d like to see how AD Integration could centralize access to modern IT resources in your AD environment, request a demonstration or drop us a note for more information. We also invite you to start testing our cloud identity bridge by signing up for a free account. Your first ten users are free forever.

Natalie Bluhm

Natalie is a writer for JumpCloud, an Identity and Access Management solution designed for the cloud era. Natalie graduated with a degree in professional and technical writing, and she loves learning about cloud infrastructure, identity security, and IT protocols.

Recent Posts