-
Hello everyone,
The option that says: Set up a one-way trust where the on-premises Active Directory trusts the new Active Directory in AWS is incorrect because if the on-premises AD trusts the AWS AD, it means on-premises users could potentially authenticate directly to AWS resources. This violates the requirement of isolating cloud-based users from on-premises systems.
Surely this is not true? Or at least ambiguous?
If the on-prem AD trusts AWS AD, it means AWS AD users could potentially authenticate to on-prem services? Where as the quote above says if the on-prem AD trusts AWS AD, on-prem users could potentially authenticate to AWS services.
