Host an Active Directory from AWS EC2 and sync users from Azure AD

Question

Is it possible to sync users from Azure AD to AWS AD going to EC2 also? I have created users with Office365 license in Microsoft and also our domain. Azure is a bit expensive on their monthly cost. There's this called AWS SSO . It's just I don't get how SSO works. Do I need to move every single users from Azure AD to AWS SSO then create an EC2 instance there?

What I want is to create an EC2 instance where the Active Directory goes and sync users from Azure AD towards it. Are there any other ways to do this? I'm new to using AWS actually.

Answer 1

To configure Azure AD integration with AWS, make sure to have these subscriptions: An Azure AD subscription and An AWS SSO-enabled subscription.

Initially, add AWS from Gallery to list of Saas apps in Azure AD. To do that, follow below steps:

• Go to Azure Portal -> Azure AD -> Enterprise Applications -> Select all applications -> Add an application -> Select new application.
• Search for AWS in "Add from Gallery" section.
• Select AWS and add the app.
• Go to properties -> Copy Object ID value.

To configure AWS SSO, please find below steps:

• Sign into AWS website as admin.
• Select AWS Home icon -> AWS Services pane -> Under Security, Identity & Compliance -> Select IAM (Identity & Access Management) .
• On left pane -> Select Identity Provider -> Select Create Provider
• In Configure Provider pane, choose required details.
• On the Verify Provider Information pane, select Create .
• select Roles , and then select Create role .

To know more in detail, please find below reference :

Tutorial: Azure Active Directory integration with Amazon Web Services to connect multiple accounts | Microsoft Docs ).