Automating identity lifecycle and security with AWS Directory Service APIs
Security Blog
This article demonstrates how to automate identity lifecycle management and security responses using new AWS Directory Service APIs for AWS Managed Microsoft AD.
- New Directory Service Data APIs enable CRUD operations on users and groups via CLI, APIs, and console
- Supports user/group listing, password resets, account disabling, and membership management
- Solution combines GuardDuty, EventBridge, Step Functions, and Directory Service APIs for threat response
- Automated workflow detects suspicious AD user behavior and disables compromised accounts
- EventBridge triggers notifications when accounts are disabled via SNS email alerts
- Enables streamlined onboarding/offboarding, enhanced security, and improved compliance automation
- CloudFormation template provided for easy deployment in primary directory region
The new APIs enable organizations to automate identity management tasks, reduce manual effort, and create sophisticated security automation workflows that respond to threats in near real-time.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Aug 30
2024
2024
Streamline Identity Management with AWS Directory Service and One Identity Active Roles
May 6
2026
2026
AWS Directory Service expands directory security settings with STIG-aligned controls for Managed AD
Sep 18
2024
2024
AWS Directory Service adds user and group management using APIs and Console
Oct 2
2025
2025
AWS Directory Service enables API-driven Managed Microsoft AD edition upgrades
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.