Extend Azure® Identities To AWS®

By Vince Lujan Posted May 13, 2019

Can you extend Microsoft® Azure® identities to AWS® cloud infrastructure? It’s an intriguing question, considering that Azure and AWS are fierce competitors in the Infrastructure-as-a-Service (IaaS) market.

Many IT organizations leverage Azure Active Directory® (AAD) to manage Azure users and AWS IAM to manage AWS accounts (and manually manage access to AWS cloud servers). So, it would be convenient if admins could leverage the same identity for both platforms.  

Unfortunately, neither platform has the ability to connect with the other in a native sense. The good news is that it is possible to integrate both IaaS solutions with a neutral cloud directory and provide users with the same identity for both Azure and AWS.

Before the Neutral Cloud Directory

In the past, IT admins have primarily leveraged the Microsoft Active Directory® (AD) platform as a starting point for extending user identities to both Azure and AWS. AD is an on-prem directory services platform that was originally designed to manage on-prem networks of Windows®-based IT resources.

Through the use of add-on utilities such as AWS Directory Services and AWS Direct Connect, IT admins can integrate AWS with AD and extend on-prem AD identities to Windows-based cloud resources hosted at AWS. AD can also integrate with Azure AD via Azure AD Connect and extend on-prem user identities to Azure cloud resources.

So, by integrating both Azure AD and AWS Directory Service with AD, admins can potentially leverage the same user identity (i.e., the on-prem AD user identity) to connect users to both cloud platforms. However, there are a few significant challenges to consider with this approach.

Challenges with Traditional AD Setups

Traditional AD setups can result in complicated on-prem implementations. Not only must IT admins procure the right equipment, but they also must integrate AD throughout their environment and deal with the ongoing maintenance.

Additionally, traditional AD setups are primarily designed for on-prem, Windows-based domains. So, IT admins often find themselves locked in the Windows ecosystem and methodology, which can be limiting.

Another issue is that cloud infrastructure solutions represent one of many identity management challenges with AD and modern networks. In fact, admins often need additional extensions for macOS® and Linux® systems, web applications, third-party file storage, and remote networks.

Finally, the cost and complexity of traditional AD implementations can be prohibitive for many smaller organizations and startups. Even with the implementation described above there are at least 4 independent add-on solutions required. Not only that, but most IT admins that are invested in cloud infrastructure don’t want the hassle of maintaining anything on-prem.

Active Directory Reimagined

Due to these challenges and others, admins are often forced to cut corners and accept less than the best IT resources for their users. As a result, they are reevaluating their traditional AD setup and how to extend Azure identities to AWS.

The good news is that JumpCloud® Directory-as-a-Service® is effectively Active Directory and LDAP reimagined. With respect to Azure AD and AWS, Directory-as-a-Service effectively replaces on-prem AD and becomes a cloud-based bridge between the two with no add-on tools required.

However, Directory-as-a-Service goes a few steps further and enables admins to extend the same user identity to virtually any IT resource, not just Azure and AWS. This includes Windows, macOS, and Linux systems, web and on-prem applications, IaaS solutions at other locations such as GCP and Digital Ocean, physical and virtual file storage alternatives, and networks spanning multiple locations.

In doing so, IT admins can extend Azure identities to AWS and to just about anything else in their environment, via JumpCloud. You can also approach this challenge from a different angle and extend AWS identities to Azure infrastructure via Directory-as-a-Service. It really is a flexible, next-generation platform.  

Extend Azure Identities to AWS via JumpCloud

Sign up for an account, and you can extend 10 Azure identities to AWS for free. We offer the full functionality of the Directory-as-a-Service platform free for up to 10 users. You can also learn more by contacting the JumpCloud team and scheduling a personalized demo. Lastly, check out  our Knowledge Base and YouTube channel for supplemental information.

Vince Lujan

Vince is a writer and videographer at JumpCloud. Originally from a small village just outside of Albuquerque, he now calls Boulder home. When Vince is not developing content for JumpCloud, he can usually be found doing creek stuff.

Recent Posts