AWS Directory Service | General Flashcards
What is AWS Directory Service?
General
AWS Directory Service | Security, Identity & Compliance
AWS Directory Service is a managed service offering, providing directories that contain information about your organization, including users, groups, computers, and other resources. As a managed offering, AWS Directory Service is designed to reduce management tasks, thereby allowing you to focus more of your time and resources on your business. There is no need to build out your own complex, highly-available directory topology because each directory is deployed across multiple Availability Zones, and monitoring automatically detects and replaces domain controllers that fail. In addition, data replication and automated daily snapshots are configured for you. There is no software to install and AWS handles all of the patching and software updates.
What can I do with AWS Directory Service?
General
AWS Directory Service | Security, Identity & Compliance
AWS Directory Service makes it easy for you to setup and run directories in the AWS cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory. Once your directory is created, you can use it to manage users and groups, provide single sign-on to applications and services, create and apply group policy, join Amazon EC2 instances to a domain, as well as simplify the deployment and management of cloud-based Linux and Microsoft Windows workloads. AWS Directory Service enables your end users to use their existing corporate credentials when accessing AWS applications, such as Amazon WorkSpaces, Amazon WorkDocs and Amazon WorkMail, as well as directory-aware Microsoft workloads, including custom .NET and SQL Server-based applications. Finally, you can use your existing corporate credentials to administer AWS resources via AWS Identity and Access Management (IAM) role-based access to the AWS Management Console, so you do not need to build out more identity federation infrastructure.
How do I create a directory?
General
AWS Directory Service | Security, Identity & Compliance
You can use the AWS Management Console or the API to create a directory. All you need to provide is some basic information such as a fully qualified domain name (FQDN) for your directory, Administrator account name and password, and the VPC you want the directory to be attached to.
Can I join an existing Amazon EC2 instance to an AWS Directory Service directory?
General
AWS Directory Service | Security, Identity & Compliance
Yes, you can use the AWS Management Console or the API to add existing EC2 instances running Linux or Windows to a AWS Microsoft AD.
Are APIs supported for AWS Directory Service?
General
AWS Directory Service | Security, Identity & Compliance
Public APIs are supported for creating and managing directories. You can now programmatically manage directories using public APIs. The APIs are available via the AWS CLI and SDK. Learn more about the APIs in the AWS Directory Service documentation.
Does AWS Directory Service support CloudTrail logging?
General
AWS Directory Service | Security, Identity & Compliance
Yes. Actions performed via the AWS Directory Service APIs or management console will be included in your CloudTrail audit logs.
Can I receive notifications when the status of my directory changes?
General
AWS Directory Service | Security, Identity & Compliance
Yes. You can configure Amazon Simple Notification Service (SNS) to receive email and text messages when the status of your AWS Directory Service changes. Amazon SNS uses topics to collect and distribute messages to subscribers. When AWS Directory Service detects a change in your directory’s status, it will publish a message to the associated topic, which is then sent to topic subscribers. Visit the documentation to learn more.
How much does AWS Directory Service cost?
General
AWS Directory Service | Security, Identity & Compliance
See the pricing page for more information.
Can I tag my directory?
General
AWS Directory Service | Security, Identity & Compliance
Yes. AWS Directory Service supports cost allocation tagging. Tags make it easier for you to allocate costs and optimize spending by categorizing and grouping AWS resources. For example, you can use tags to group resources by administrator, application name, cost center, or a specific project.
