You need to create a new Active Directory server in AWS.
The server should have enough storage capacity to support up to 2000 employees and 20000 directory objects.
It needs to support the federated access to sign in to the AWS Management Console using Active Directory credentials and support the integration with AWS managed services such as Amazon WorkSpaces, Amazon WorkDocs, and Amazon RDS Microsoft SQL Server.
Which of the following AWS services would you choose?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - B.
AWS Directory Service includes several types of directories (Microsoft Active Directory, Simple AD, AD Connector, Amazon Cognito User Pools and Amazon Cloud Directory) suitable for different use cases.
Check the details in https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html.
Option A is incorrect: Simple AD only supports basic Active Directory features.
Because of the high storage capacity required, Simple AD is not the best choice.
Option B is CORRECT: Microsoft Active Directory standard edition is ideal for small and midsize businesses with up to 5,000 employees and 30,000 directory objects.
It also supports a large number of AWS managed applications and services.
Option C is incorrect: Because Amazon Cognito User Pools are normally used for sign-up and sign-in to mobile apps or web applications.
This option is not the best solution.
Option D is incorrect: AD Connector is a proxy service that connects compatible AWS applications to the existing on-premises Microsoft Active Directory.
This question asks for an independent directory service in AWS.
Based on the requirements provided in the question, the best option would be to use the AWS Directory Service for Microsoft Active Directory (standard edition), option B.
Here's why:
Storage capacity: The standard edition of AWS Directory Service for Microsoft Active Directory comes with a default storage capacity of 500 GB which can be increased as needed. This is more than enough to support up to 2000 employees and 20000 directory objects.
Federated access: The AWS Directory Service for Microsoft Active Directory (standard edition) can be integrated with AWS Single Sign-On (SSO) to provide federated access to AWS Management Console using Active Directory credentials. This means that employees can use their existing Active Directory credentials to access AWS resources, without the need for a separate set of credentials.
Integration with AWS managed services: AWS Directory Service for Microsoft Active Directory (standard edition) can also be integrated with other AWS services such as Amazon WorkSpaces, Amazon WorkDocs, and Amazon RDS Microsoft SQL Server. This means that employees can use their Active Directory credentials to access these services as well.
Now, let's take a look at the other options:
A. Simple AD: While Simple AD is a Microsoft Active Directory compatible directory service, it is not recommended for enterprise-level use cases. It is a lightweight option and lacks some of the features that the standard edition of AWS Directory Service for Microsoft Active Directory provides, such as group policy support.
C. Amazon Cognito User Pool: While Amazon Cognito User Pool can manage directories and enable single sign-on (SSO) to AWS Management Console, it does not provide full Active Directory integration. It is a better fit for small-scale use cases.
D. AD Connector: AD Connector is a lightweight option that can be used to connect compatible AWS applications to an existing on-premises Active Directory. However, it does not provide a fully-managed Active Directory service in the cloud.
In conclusion, the best option for creating a new Active Directory server in AWS that meets the requirements specified in the question would be the AWS Directory Service for Microsoft Active Directory (standard edition).