By Rajat Bhargava Posted May 30, 2017
AWS has made such significant inroads in the IT space that it is changing not only how IT organizations are managing their cloud networks, but their internal networks as well.
Historically, identity management was handled on-prem, but with cloud IAM platforms available, there is a change going on when it comes to integrating Infrastructure-as-a-Service (IaaS) providers. Specifically, IT admins and DevOps engineers are trying to figure out how the cloud IAM feature for AWS integration can help with their IDaaS strategy.
AWS and User Management
AWS is now over 1mm business customers (2016). Organizations large and small are rapidly shifting to the cloud, moving their on-prem infrastructure to the cloud and eliminating their collocated data centers in favor of hosting at AWS. AWS’s business is continuing to grow at an unprecedented rate.
One of the critical challenges that IT and DevOps engineers face in the move to the cloud is how to handle user management for cloud servers and infrastructure. These situations provide IT organizations with four major options on how to manage user access with their AWS infrastructure – manual user management, use of config management tools, LDAP or Active Directory®, or cloud IAM.
Let’s walk through each of these IAM options:
Manual User Management
For small AWS deployments and minimal integration effort, manual user management can work. IT and DevOps will simply provision, deprovision, and modify user access on each individual server. Note that with this approach, there isn’t integration with the on-prem directory service (if there even is one).
This is quick, easy, and cheap – but only for a very limited set of servers. As things expand, with either users or IT infrastructure, manual user management for AWS breaks down quickly. The result is increased risk of error, a large investment in time/effort from IT staff, and ongoing cost.
Config Management Tools
Another popular option a few years ago was to leverage tools such as Chef, Puppet, Ansible, Salt, and others to manage user access. This was also an easy approach because a DevOps engineer could quickly script control over access to servers.
This is another model that can work for simple environments, but stumbles as the IT infrastructure falls under compliance regulations or grows in number of users / IT resources. User access starts to be more granular and it breaks down.
Active Directory / LDAP
The two historical directory services leaders are options for AWS identity management. The biggest issue with this approach is that it isn’t delivered as-a-service, like AWS is. IT and DevOps engineers need to do the heavy lifting of installing, configuring, and managing the LDAP or AD infrastructure.
With this model, AWS essentially becomes yet another directory server. The on-prem identity provider either has to integrate with the cloud version or it must be managed separately. Unfortunately, with both Active Directory and OpenLDAP, the ability to integrate with cloud infrastructure like AWS is limited.
Another alternative is to leverage a cloud identity management platform such as Directory-as-a-Service®. This approach shifts the organization’s entire identity provider to the cloud, and it is delivered as a SaaS solution. Cloud IAM for AWS integration becomes one directory across both cloud and on-prem infrastructure. The cloud IAM platform securely manages and connects users to on-prem systems (Windows, Mac, and Linux), cloud or on-prem servers (e.g. AWS), on-prem and web applications, and wired or WiFi networks.
JumpCloud and AWS Integration
As the world shifts to the cloud, more and more IT organizations are leveraging cloud IAM with AWS integration for their choice of identity management in the cloud. If you would like to learn more about how you can leverage Directory-as-a-Service with AWS integration for your organization, drop us a note. Alternatively, sign-up for a free cloud IAM account and integrate it with your AWS infrastructure. Let us know how it goes. Your first 10 users are free forever.