Amazon recently announced that Amazon RDS for Oracle will support external authentication of database users on Kerberos and Microsoft Active Directory. This support for Kerberos and Microsoft Active Directory lets users access benefits like single sign-on and centralized authentication. You can also keep all of your user credentials in the same Active Directory to save time and make things easier, especially when it comes to managing multiple DB instances. Here are more specifics about the announcement so you can make the most of these new capabilities.
Support for Microsoft Active Directory
This new feature allows you to enable database users to use their existing credentials stored in the AWS Directory Service for Microsoft Active Directory or in your on-premises Active Directory to authenticate against Amazon RDS for Oracle. It also lets you use the same Active Directory for different VPCs as long as they’re in the same AWS region. And you get the ability to combine instances to shared Active Directory domains under different accounts.
If you want to use your existing on-premises Microsoft Active Directory for authentication, start by setting up an AWS managed Active Directory. Then you can set up a forest trust relationship between your on-premises directory and the AWS Managed AD to enable this feature.
Support for Kerberos
Users can access the Kerberos authentication feature without any additional licensing steps or costs. It’s available to users with 184.108.40.206, 220.127.116.11, 18.104.22.168 and 18c versions of Enterprise edition, and 22.214.171.124, 126.96.36.199 and 18c versions of Standard Edition 2. To get started, you simply sign up for the AWS Directory Service for Microsoft Active Directory (Enterprise Edition). Then you can enable Kerberos authentication from the AWS Management Console while creating a new DB instance. Just select an Active Directory record within the Advanced Settings section in the RDS console.
Featured image: Freerange Stock