- Newest
- Most votes
- Most comments
Hello.
To securely connect your Amazon EC2 Windows instances to your on-premises Active Directory, and allow RDP access.
Fellow below steps.
1. Set Up a VPN Connection
-
Create a Site-to-Site VPN between your on-premises network and the AWS VPC. This allows your EC2 instances to communicate with your on-premises Active Directory securely.
-
Use your existing hardware to set up the VPN connection to AWS.
2. Join EC2 Instances to On-Premises AD
- After establishing the VPN, join your EC2 Windows instances to your on-premises Active Directory domain. This allows you to manage users and permissions centrally.
3. RDP Access Over VPN
- Configure your Remote Desktop (RDP) access through the VPN connection. This way, users can securely access the EC2 instances from your on-premises network.
4. Security Group Configuration
- Ensure that the security groups associated with your EC2 instances allow RDP traffic (port 3389) only from your on-premises IP range.
Hi,
I would strongly suggest that you study the solution that was designed to do what you want: AWS IAM Identity Center: https://aws.amazon.com/iam/identity-center/
Speccifically for AD, see
- https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-from-ad-ADsync.html
- https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-ad.html
- https://medium.com/cloudnloud/integrating-aws-iam-identity-center-with-azure-ad-sso-15b9be30d2f4
By doing this integration, you existing AD will become your identity manager (authentication) for your AWS security principals for policies that you define in IAM (authorizations)
Best,
Didier
Option C: Implement a VPN between the on-premises environment and the target VPC. Ensure that the target instances are joined to the on-premises Active Directory domain over the VPN connection. Configure RDP access through the VPN. Connect from the company’s network to the target instances.
Explanation:
Cost-Effectiveness: This option avoids the need to deploy additional managed services like AWS Directory Service for Microsoft Active Directory or Remote Desktop Gateway, which could incur significant costs. Instead, it uses the existing on-premises Active Directory and establishes a Site-to-Site VPN connection, which is a more cost-effective solution for securely extending the on-premises network to the VPC.
Centralized User Management: By joining the target instances directly to the on-premises Active Directory, user management and authentication can be centrally managed without needing additional AD infrastructure in AWS.
Security: RDP access is secured through the VPN connection, ensuring that RDP traffic does not traverse the public internet.
Heyy..isaac
For connecting the on-premises Active Directory (AD) to a VPC in a cost-effective way while providing secure RDP access to EC2 Windows instances, the best solution is:
C. Implement a VPN between the on-premises environment and the target VPC. Ensure that the target instances are joined to the on-premises Active Directory domain over the VPN connection. Configure RDP access through the VPN. Connect from the company’s network to the target instances.
This option leverages the existing on-premises AD for centralized user management without requiring additional AWS services like a managed AD or AD Connector, making it more cost-effective. By using the VPN, you establish a secure connection for RDP access and ensure integration with your on-premises AD.
refer for official docs https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html
