JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Connecting AWS Servers to LDAP



Managing users on Amazon Web Services (AWS) servers is painful.

There have been a number of approaches to make it easier, but they all leave a lot to be desired. Some IT admins leverage scripts that they run every time a user in on-boarded or terminated; others leverage configuration automation solutions such as Chef or Puppet; still others will create a directory in the cloud and manage it themselves. These solutions could include OpenLDAP, AWS’s Simple AD service (based on SAMBA), or Microsoft Active Directory itself. They are good attempts to simplify the process, but they all require a great deal of work for IT admins.

There is another way that IT organizations can gain control over their AWS users without the heavy lifting: SaaS-based LDAP. Hosted LDAP eliminates a business’s need to write code, build out additional infrastructure, or manage multiple servers.  It’s a strong alternative for system admins. The concept works as follows:

Step 1: A business builds its user database in the SaaS, virtual LDAP service. Users can be manually entered or imported into the database. Groups can be created or imported into the system.

Step 2: The outsourced LDAP service—based in the cloud—provides a highly available, secure virtual LDAP server endpoint for AWS servers to authenticate against.

Step 3:  Every server within the AWS infrastructure is configured to authenticate to the cloud LDAP service’s endpoint. An easy way to configure the devices is to maintain it within Chef or Puppet.

Step 4: Users can login normally to whichever servers they have access to, and they are granted appropriate permissions including groups.

Step 5: IT admins now simply go to the hosted LDAP’s Web console and provision or deprovision users as appropriate.

Hosted LDAP Service

Leveraging a cloud LDAP service for AWS servers ends up being far simpler than the alternatives. Further, this approach ends up scaling to a much larger infrastructure while also providing strong controls over user access. Auditing of user access is simpler as well.

A hosted LDAP service is a core part of JumpCloud’s Directory-as-a-Service® offering. IT organizations can off-load the headaches of managing AWS users through a simple, cloud-based service. Give it a try! Your first 10 users are free.


Recent Posts
Use the JumpCloud Windows App now for easy, native, and secure password management for employees on Windows OS.

Blog

Introducing the JumpCloud Windows App for Workflow Simplicity and Security

Use the JumpCloud Windows App now for easy, native, and secure password management for employees on Windows OS.

Find a single identity and access management solution that supports all the authentication protocols you need. Try JumpCloud free today.

Blog

Which Protocols Should Be Used for IAM?

Find a single identity and access management solution that supports all the authentication protocols you need. Try JumpCloud free today.

Read this blog to see why a domainless approach to identity management is the future of IT, and how you can implement it easily in your environment.

Blog

Breaking Down the Domainless Enterprise

Read this blog to see why a domainless approach to identity management is the future of IT, and how you can implement it easily in your environment.