AWS AD finally gets LDAPS

Feb 15th AWS announce that their AD as a service will finally support LDAPS. Which is good news for those using Storage Gateways.

https://aws.amazon.com/about-aws/whats-new/2020/02/aws-directory-service-enhances-security-between-aws-applications-and-active-directory-with-secure-ldap-improvements/

From the announcement:

“Client-side LDAPS provides additional LDAP security for customers using certificate infrastructure. LDAPS provides data integrity and confidentiality — data is only readable by the intended recipient. To enable client-side LDAPS, administrators register a certificate authority (CA) certificate with AWS Managed Microsoft AD or AD Connector using the AWS Directory Service Console or AWS Directory Service API.“

They link to the blog post which as usual does a stirling job of describing all the things you need to know:

https://aws.amazon.com/blogs/security/how-to-improve-ldap-security-in-aws-directory-service-with-client-side-ldaps/

Main take away for me is this:

Its encryption. It comes with cert fun. You will need to : “Register your certificate authority (CA) certificate into AWS Directory Service and enable client-side LDAPS (purple arrow in diagram above). “

Paul.