1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
My understanding is that the Directory Service is private so can not be directly exposed to the internet.
Easiest way would to be add a load balancer to bridge public/private subnets pointing to the DS servers/endpoints.
However, exposing AD to the internet is not a great idea with out lots of controls and security on AD and the VPC. Also bear in mind that AD also uses more than just a single "server" DNS record.
What are you trying to achieve by opening up the directory to the internet?
It might be easier/wiser to create a "multi site" AD setup and have a DC in another location/cloud that is connected to AWS via secure network (VPN, DX).
답변함 일 년 전
관련 콘텐츠
- AWS 공식업데이트됨 3년 전
Thanks Robin, I am trying to enable RDS authentication with kerberos, and our users are managed by FreeIPA, then I created AWS Directory Service and AWS Managed AD Server instance, want to integrate managed AD with FreeIPA by using LDAP, but facing issue while setup trust.