AD Intro Notes - Kahuna915/Capstone-Cloud-Integration GitHub Wiki

https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-aws-using-ad-connector/

Purpose: https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-ad.html After connecting your corporate directory to IAM Identity Center, you can then grant your AD users or groups access to AWS accounts, cloud applications, or both. The point is have the champlain user linked to AWS accounts created by us and given appropriate permissions this way.

AD Logic:

image

Works for three services: Workspaces: https://us-east-1.console.aws.amazon.com/workspaces/v2/home?region=us-east-1# Amazon WorkSpaces enables you to provision virtual, cloud-based Microsoft Windows, Amazon Linux, or Ubuntu Linux desktops for your users, known as WorkSpaces. WorkSpaces eliminates the need to procure and deploy hardware or install complex software. You can quickly add or remove users as your needs change. Users can access their virtual desktops from multiple devices or web browsers.

Amazon WorkDocs: https://aws.amazon.com/workdocs/ Amazon WorkDocs is a fully managed platform for creating, sharing, and enriching digital content.

Amazon Work:

Enables you to reuse your existing Active Directory security policies such as password expiration, password history, and account lockout policies. When you configure AD Connector, you provide it with service account credentials that are securely stored by AWS. This account is used by AWS to enable seamless domain join, single sign-on (SSO), and AWS Applications (WorkSpaces, WorkDocs, and WorkMail) functionality. In order to create an AD Connector, you must also provide a pair of DNS IP addresses during setup. AD Connector comes in two sizes: small and large. A large AD Connector runs on more powerful compute resources and is more expensive than a small AD Connector. Depending on the volume of traffic to be proxied by AD Connector, you’ll want to select the appropriate size for your needs.

Step by Step Process:

Enable console access To allow users to sign in with their Active Directory credentials, you need to explicitly enable console access. You can do this by opening the Directory Service console and clicking the Directory ID name. This opens the Directory Details page where you’ll find a button on the Apps & Services tab to enable the directory for AWS Management Console access. To do this, click the Manage Access link in the Apps & Services section.

Important information: AD Connector cannot be used with your custom applications, as it is only used for secure AWS integration for the three use-cases mentioned above. Custom applications relying on your on-premises Active Directory should communicate with your domain controllers directly.

image

Here is in my account any IAM user associated with me an sign in at that alias link but I can change that link to perhaps cyber.local…

image

Which brings me to here:

image

Which I can sign in as alice…

image

Prerequisites: I created a VPC that has 4 subnets in two AZs Two private and two public 1 in each AZ

image