Amazon's latest addition to its directory capabilities highlights the risks and rewards of going deeper on AWS...
Amazon Cloud Directory joins the list of existing database directory options available on AWS, and it adds a fully managed, cloud-native service tailored for AWS workloads. In moving away from more traditional models, it adds flexibility and extends a single directory to more resources. But it also can carry with it some of the lock-in concerns associated with being immersed in the cloud platform.
AWS customers most commonly use Active Directory Lightweight Directory Service or LDAP-based directories to manage hierarchically organized data. More traditional models, however, present limitations on scalability and flexibility with the number of relationships that can be tracked in a single directory, according to Amazon.
Customers can use Cloud Directory to define schemas, create a directory and populate it via the Cloud Directory API, which provides batch-based read and write functions. It can scale to hundreds of millions of objects and is intended to provide high availability, along with data encryption in transit and at rest.
Cloud Directory, which AWS uses internally on services such as Cognito and Organizations, also enables customers to add defined attributes to a directory as new uses arise. These attribute models, which AWS calls "facets," can be combined with various schemas to provide multiple hierarchies within a single directory. It also allows for multiple applications to share a directory.
AWS CloudFormation likely will be a much cheaper option because it's AWS-native, and it would remove the Microsoft licensing fees that come from using Active Directory, said Adam Book, principal cloud engineer at Relus Technologies LLC, an AWS consulting partner in Peachtree Corners, Ga.
On the other hand, Cloud Directory does add another piece to learn for those who are accustomed to the traditional structure and trees, Book said. Enterprises also will have to make sure it translates to their systems and be mindful of the fact it likely can't be ported off AWS.
"It's not like living in an ECS [EC2 Container Service] container, where you can pull it out and run it on premises or run it on another provider," Book said. "If you go that direction, then it's going to be a total application refactor."
As is the case with most AWS offerings, there are limited capabilities in the initial release. Amazon said it's working to add cross-region replication, Lambda integration and the ability to create new directories via CloudFormation.
As Cloud Directory matures, it will also be beneficial that it integrates with other AWS tools. But it doesn't appear there is interoperability with Active Directory, said Deepak Mohan, research director at IDC.
"If it is proprietary, and if it doesn't support easily moving content in-house, then folks again will have to make that choice about whether it is more important to have the best price and performance," he said.
This new service highlights decisions that enterprises are being forced to make as they move to the public cloud, Mohan said. They can stick to the basic services, so they can more easily move to another cloud, but the downside to that philosophy is they can't take full advantage of the existing platform.
Cloud Directory is currently limited to the U.S. East (Northern Virginia), U.S. East (Ohio), U.S. West (Oregon), EU (Ireland), Asia Pacific (Sydney) and Asia Pacific (Singapore) regions. Prices vary per region, but in the U.S. East, there is a $0.25 charge per gigabyte, per month for storage, as well as $0.004 per 10,000 reads and $0.0043 per 1,000 writes.
Trevor Jones is a news writer with SearchCloudComputing and SearchAWS. Contact him at firstname.lastname@example.org.
Ease Active Directory integration onto AWS
Security benefits of the AWS Directory Service
Consider these limitations when running Active Directory on AWS