| Directory Service option | Description | Best for.. |
| AWS Cloud Directory | Cloud-native directory to share and control access to hierarchical data between applications | Cloud applications that need hierarchical data with complex relationships |
| Amazon Cognito | Sign-up and sign-in functionality that scales to millions of users and federated to public social media services | Develo consumer apps or SaaS |
| AWS Directory Service for Microsoft Active Directory | AWS-managed full Microsoft AD (Standard or enterprise) running on Windows server 2012 R2 | Enterprises that want hosted Microsoft AD or you need LDAP for Linux apps |
| AD connector | Allows on-premises users to log into AWS services with their existing AD credentials. Also allows EC2 instances to join AD domain | Single Sign-on for on-prem employees and for adding EC2 instances to the domain |
| Simple AD | Low Scale, low cost AD implementation based on Samba | Simple user directory, or you need LDAP compatibility |
AD Connector vs Simple AD
| AD connector | Simple AD |
| Must have existing AD | Standalone AD based on Samba AD |
| Existing AD users can access AWS resources using IAM roles | Supports user account groups, group policies, Domains |
| Supports MFA with existing RADIUS based infra | Kerbros based SSO |
| No MFA support |
| No trust relationship |
Helping Panda To Breed 