1 Answer
- Newest
- Most votes
- Most comments
0
My understanding is that the Directory Service is private so can not be directly exposed to the internet.
Easiest way would to be add a load balancer to bridge public/private subnets pointing to the DS servers/endpoints.
However, exposing AD to the internet is not a great idea with out lots of controls and security on AD and the VPC. Also bear in mind that AD also uses more than just a single "server" DNS record.
What are you trying to achieve by opening up the directory to the internet?
It might be easier/wiser to create a "multi site" AD setup and have a DC in another location/cloud that is connected to AWS via secure network (VPN, DX).
answered a year ago
Relevant content
- asked 3 years ago
- asked 2 years ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 17 days ago
- AWS OFFICIALUpdated a year ago
Thanks Robin, I am trying to enable RDS authentication with kerberos, and our users are managed by FreeIPA, then I created AWS Directory Service and AWS Managed AD Server instance, want to integrate managed AD with FreeIPA by using LDAP, but facing issue while setup trust.