Customer-managed process for configuring Kerberos authentication on an Amazon RDS for SQL Server DB instance, joined to a self-managed Active Directory

Database Blog

This AWS Database Blog article details a comprehensive process for configuring Kerberos authentication on Amazon RDS for SQL Server DB instances joined to a self-managed Active Directory.

Explains why Windows Authentication falls back to NTLM authentication by default
Provides step-by-step guidance for implementing Kerberos authentication
Describes how to add UPN suffixes and Service Principal Names (SPNs) to enable Kerberos
Offers an AWS SAM template to automate SPN updates during host replacements or failovers
Highlights the security benefits of using Kerberos over NTLM authentication

The solution improves database connection security by ensuring Kerberos authentication is used instead of the less secure NTLM protocol, with an automated approach to managing SPNs across dynamic infrastructure environments.

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Aug 19
2025

Amazon RDS for SQL Server now supports Kerberos authentication with self-managed Active Directory

Dec 16
2024

Authenticate Amazon RDS for Db2 instances using on-premises Microsoft Active Directory and Kerberos

Mar 13
2024

Configure Kerberos authentication in Linux clients for Amazon RDS for SQL Server with AWS Managed Microsoft AD

Jul 28
2025

Enable Kerberos Authentication with Amazon RDS for Db2

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Customer-managed process for configuring Kerberos authentication on an Amazon RDS for SQL Server DB instance, joined to a self-managed Active Directory

Related articles