Home › Forums › AWS › AWS Certified Security – Specialty › Active Directory Trust › Reply To: Active Directory Trust
-
Hello K-Booth and George,
Thank you for your feedback. In the given scenario, the organization is implementing a security policy requiring cloud-based users to be contained in a separate authentication domain and prevented from accessing on-premises systems.
Please note that a one-way trust is a unidirectional authentication path: Domain A trusts Domain B, but Domain B does not trust Domain A. This setup ensures that cloud users remain isolated within their own authentication domain and cannot access on-premises systems.
Hence, the correct answers are:
– Use AWS Directory Service, set up an AWS Managed Microsoft AD to manage the RDS databases and EC2 instances.
– Set up a one-way incoming trust in the existing on-premises Active Directory and a one-way outgoing trust in the new Active Directory in AWS.You can find more information at https://learn.microsoft.com/en-us/entra/identity/domain-services/concepts-forest-trust.
The one-way trust ensures security by preventing unauthorized access from the cloud to on-premises systems.
Feel free to reach out if you need further assistance!
Regards,
JR @ Tutorials Dojo