AWS Integration with On-Prem Active Directory

Question

I am very new to AWS Cloud and my ask is:
* to use federation for all types of AWS Access
* No local accounts will be created in AWS
* All accounts and permissions must be created and managed through on-prem Active Directory

Is there any document that explains the process and best practices to achieve this?

I have a landing zone with multiple accounts, what are the best practices to create permissions sets, and accounts and map them with AD Groups?

Answer

You can refer below articles and video tutorials.

1. Extend your on-premises AD to the AWS Cloud - [Doc](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/usecase5.html)
2. How to Connect Your On-Premises Active Directory to AWS Using AD Connector - [Blog](https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-aws-using-ad-connector/) , What is AD Connector ? [Refer here](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_ad_connector.html)
3. How can I authenticate On-Premise AD Users access to AWS Management Console? [Video](https://www.youtube.com/watch?v=CBum-Andk2c)
4. How to Setup AWS Single Sign On for Your On-Premise Active Directory Users [Video](https://www.youtube.com/watch?v=nuPjljOVZmU)

Hope this helps, please comment if you don't find any specific info.

AWS Integration with On-Prem Active Directory

Relevant questions

Enrolling existing AWS accounts in new OU

Transit Gateway shared with AWS Resource Access Manager (AWS RAM) identify all accounts as external

Directory Service directory migration between accounts