AWS Directory Service - AWS GovCloud (US)
How AWS Directory Service Differs for AWS GovCloud (US)Documentation for AWS Directory ServiceExport-Controlled Content

AWS Directory Service

AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud. AWS Managed Microsoft AD is built on actual Microsoft Active Directory and does not require you to synchronize or replicate data from your existing Active Directory to the cloud. You can use standard Active Directory administration tools and take advantage of built-in Active Directory features, such as Group Policy and single sign-on (SSO). With AWS Managed Microsoft AD, you can easily join Amazon EC2 and Amazon RDS for SQL Server instances to your domain, and use AWS Enterprise IT applications such as Amazon WorkSpaces with Active Directory users and groups.

How AWS Directory Service Differs for AWS GovCloud (US)

The following list details the differences for using this service in AWS GovCloud (US) Regions compared to other AWS Regions:

  • Only AWS Managed Microsoft AD and AD Connector directory types are supported by AWS Directory Service.

  • The following directory types are not supported:

    • Simple AD

    • Amazon Cloud Directory

  • The following AWS apps and services are not currently supported by AWS Directory Service:

    • Amazon WorkDocs

    • Amazon WorkMail

    • Amazon Chime

    • AWS Management Console

    • Amazon Connect only in available in AWS GovCloud (US-West).

    • AWS IAM Identity Center

  • Only signature version 4 signing is supported.

  • You can use the AWS Command Line Interface (AWS CLI) to interact with AWS Directory Service and other AWS services through the command line. For more information, see AWS CLI documentation.

    Note

    If you are using the Amazon Linux AMI, the AWS CLI is already installed and configured.

  • To connect to AWS Directory Service by using the command line or APIs, use the following endpoints:

    • https://ds-fips.us-gov-west-1.amazonaws.com

    • https://ds.us-gov-west-1.amazonaws.com

    • https://ds-fips.us-gov-east-1.amazonaws.com

    • https://ds.us-gov-east-1.amazonaws.com

  • Automatic DNS forwarding is not enabled by default and must be configured.

Documentation for AWS Directory Service

AWS Directory Service documentation.

Export-Controlled Content

For AWS Services architected within the AWS GovCloud (US) Regions, the following list explains how certain components of data may leave the AWS GovCloud (US) Regions in the normal course of the service offerings. The list can be used as a guide to help meet applicable customer compliance obligations. Data not included in the following list remains within the AWS GovCloud (US) Regions.

  • AWS Directory Service metadata is not permitted to contain export-controlled data. This metadata includes all configuration data that you enter when creating and maintaining your AWS Directory Service directory except passwords.

    Do not enter export-controlled data in the following console fields:

    • Directory aliases

    • Directory description

    • Directory DNS name

    • Netbios name

    • Manual snapshot name

    • Resource tags

    • Description of schema extensions