We're looking to move away from Fleet Manager and want to connect to our EC2 instances via RDP and SSH using our existing Microsoft Entra credentials. We've got the network connectivity all set up, but we want to avoid using a hybrid Active Directory model. What are some solutions others have found effective for this?
4 Answers
For RDP access with Entra ID, your EC2 instances typically need to join a domain. If you're trying to avoid that, there may be other solutions out there, but it would be more complicated.
Switching to Microsoft Entra ID for RDP and SSH is a great way to centralize access, but it's not a simple plug-and-play. To avoid a domain join, you can exchange your AD token for an IAM role and utilize SSM Session Manager. You might want to look into automating key or certificate pushes for your sessions if you're managing SSM policies across multiple accounts.
You can't connect to AWS directly using Entra credentials. The first step is to exchange those Entra credentials for AWS IAM credentials. Set up SAML authentication in IAM with appropriate roles to manage SSH access to your instances.
Instead of needing a bastion host, you can exchange your AD token for an IAM role that allows SSH access through Systems Manager Session Manager. If you need separate user accounts on the VM, consider temporarily pushing a key using EC2 Instance Connect or setting up SSH certificates.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures