Sean Smith 🚀

Link Active Directory to IAM Identity Center 👨‍👨‍👦

Posted on Aug 3, 2023
tl;dr: manage cluster users through IAM

In this blogpost we’ll describe how to manager POSIX user identities through IAM identity center by setting up propagation to Active Directory. This can be used to create user identities on your HPC cluster without going through the pain of creating them in Active Directory (which requires windows).

This also allows you to link the IAM user with their POSIX user and give users a 1-click login onto these instances using SSM RunAsUser support.

Setup

  1. Setup a Microsoft Managed AD using the following quick create link:

    Quickcreate: Active Directory Setup 🚀

  2. Setup IAM Identity Center following instructions in the console. Note: this must be setup in the same region as your Active Directory but can only be setup in a single region per-account. If you already have it setup in another region, just enable VPC peering to bridge the connection between regions.

  3. In IAM Identity Center go to Settings > Identity source > change identity source >

    Choose Identity Source

  4. On the next page select the directory you setup in Step 1

    Select AD

  5. Accept the scary message and proceed:

    Accept Error Message

comments powered by Disqus