Build resilient Kerberos authentication for Aurora Global Database without joining Active Directory domain
Database Blog
This article explains how to build a multi-Region Kerberos authentication system for Aurora Global Database using AWS Managed Microsoft AD with multi-Region replication and forest trust to on-premises Active Directory.
- Deploy AWS Managed Microsoft AD with multi-Region replication across us-east-1 and us-west-2
- Establish one-way forest trust between AWS Managed AD and on-premises Active Directory
- Share AWS Managed Microsoft AD directory across AWS accounts hosting Aurora clusters
- Enable Kerberos authentication on Aurora Global Database primary and secondary clusters
- Configure Linux clients to authenticate without joining Active Directory domain
- After failover, authentication automatically uses AWS Managed AD in new writer's Region
- Solution eliminates single point of failure in authentication services
This architecture provides resilient, multi-Region Kerberos authentication matching Aurora Global Database's high availability, enabling seamless failover and centralized user management without domain membership requirements.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
2024
2024
2025
2025
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.