1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
My understanding is that the Directory Service is private so can not be directly exposed to the internet.
Easiest way would to be add a load balancer to bridge public/private subnets pointing to the DS servers/endpoints.
However, exposing AD to the internet is not a great idea with out lots of controls and security on AD and the VPC. Also bear in mind that AD also uses more than just a single "server" DNS record.
What are you trying to achieve by opening up the directory to the internet?
It might be easier/wiser to create a "multi site" AD setup and have a DC in another location/cloud that is connected to AWS via secure network (VPN, DX).
con risposta un anno fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 3 anni fa
Thanks Robin, I am trying to enable RDS authentication with kerberos, and our users are managed by FreeIPA, then I created AWS Directory Service and AWS Managed AD Server instance, want to integrate managed AD with FreeIPA by using LDAP, but facing issue while setup trust.