AWS DevOps Engineer Professional Practice Test

What service is used to synchronize an existing Microsoft Active Directory installation with AWS IAM identities?

• A. AWS Directory Service AD Connector
• B. AWS Identity Store
• C. AWS Security Token Service (STS)
• D. AWS Managed Microsoft AD

The correct answer is: AWS Directory Service AD Connector

The AWS Directory Service AD Connector is the appropriate service for synchronizing an existing Microsoft Active Directory installation with AWS IAM identities. This service acts as a proxy, allowing AWS services to leverage the existing on-premises Active Directory to authenticate users seamlessly. With AD Connector, organizations can use their existing credentials stored in Active Directory without the need to create and manage a new set of IAM identities within AWS. This synchronization is essential for businesses that want to maintain a unified identity management system while utilizing AWS's cloud services, enabling single sign-on (SSO) and streamlined user access management. The flexibility of AD Connector allows companies to maintain their current directory structure and policies, further easing the migration process to the AWS environment. The other options do not serve the same purpose. The AWS Identity Store is mainly for managing user identities but does not directly synchronize with existing Active Directory setups. AWS Security Token Service (STS) is focused on providing temporary security credentials for access control rather than synchronization of directories. AWS Managed Microsoft AD, while providing a fully managed Active Directory in the AWS cloud, does not synchronize with an existing on-premises Active Directory; instead, it creates a new instance of Active Directory in AWS. Thus, AD Connector is the correct choice for the intended synchronization.