By Rajat Bhargava Posted December 10, 2014
Managing users on Amazon Web Services (AWS) servers is painful.
There have been a number of approaches to make it easier, but they all leave a lot to be desired. Some IT admins leverage scripts that they run every time a user in on-boarded or terminated; others leverage configuration automation solutions such as Chef or Puppet; still others will create a directory in the cloud and manage it themselves. These solutions could include OpenLDAP, AWS’s Simple AD service (based on SAMBA), or Microsoft Active Directory itself. They are good attempts to simplify the process, but they all require a great deal of work for IT admins.
There is another way that IT organizations can gain control over their AWS users without the heavy lifting: SaaS-based LDAP. Hosted LDAP eliminates a business’s need to write code, build out additional infrastructure, or manage multiple servers. It’s a strong alternative for system admins. The concept works as follows:
Step 1: A business builds its user database in the SaaS, virtual LDAP service. Users can be manually entered or imported into the database. Groups can be created or imported into the system.
Step 2: The outsourced LDAP service—based in the cloud—provides a highly available, secure virtual LDAP server endpoint for AWS servers to authenticate against.
Step 3: Every server within the AWS infrastructure is configured to authenticate to the cloud LDAP service’s endpoint. An easy way to configure the devices is to maintain it within Chef or Puppet.
Step 4: Users can login normally to whichever servers they have access to, and they are granted appropriate permissions including groups.
Step 5: IT admins now simply go to the hosted LDAP’s Web console and provision or deprovision users as appropriate.
Hosted LDAP Service
Leveraging a cloud LDAP service for AWS servers ends up being far simpler than the alternatives. Further, this approach ends up scaling to a much larger infrastructure while also providing strong controls over user access. Auditing of user access is simpler as well.
A hosted LDAP service is a core part of JumpCloud’s Directory-as-a-Service® offering. IT organizations can off-load the headaches of managing AWS users through a simple, cloud-based service. Give it a try! Your first 10 users are free.