As we predicted in May 2012, user directories are moving into the cloud. Cloud workloads require that users who are authorized to access them are stored near the cloud workload and not just on-premises. While this offering announced now by AWS is not necessary technically groundbreaking (Cloud IAM vendors and Microsoft Azure have been offering AD integration for a relatively long time), obviously this announcement is relevant because of AWS's broad presence in IaaS. We urge Forrester's clients that plan to use AWS AD service to ask AWS the following questions:
1. What safeguards are there to protect information (user, computer, etc.) in AWS AD?
2. How does AWS integrate in real time with on-premises AD and shared folder infrastructures?
3. What types of true identity management (access governance and provisioning) services does AWS offer to complement this new AD service?
Check AWS's blog entry at http://aws.amazon.com/blogs/aws/new-aws-directory-service/ for more details.