AWS Directory Service offers AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, and AD Connector. With AWS Directory Service, you pay only for the type and size of the managed directory that you use. There is no up-front commitment and no minimum fee. You can delete your managed directory at any time.
Directory Sharing – Pricing
AWS Managed Microsoft AD allows you to use a directory in one account and share it with multiple accounts and VPCs. There is an hourly sharing charge for each additional account to which you share a directory. There is no sharing charge for additional VPCs to which you share a directory, or for the account in which you install the directory. Enterprise Edition sharing and Standard Edition sharing charges for different regions are listed in pricing table below. Directory sharing does not qualify for free-trial.
30-day limited free trial
You can try AWS Managed Microsoft AD and small AD Connector at no additional charge through the Directory Service 30-day limited free trial. The Directory Service 30-day limited free trial provides you with 1,500 instance hours of use across all your Directory Service managed directories during your first 30 days as a Directory Service customer. AWS meters the Directory Service 30-day limited free-trial hours based on the type of managed directory and the number of domain controllers that you create.
AWS Managed Microsoft AD
AWS Managed Microsoft AD is offered in two editions to help you create a managed Active Directory that meets your organization’s needs. Both Standard Edition and Enterprise Edition can be used as your organization’s primary directory to manage users, devices, and computers. You also can use both editions to create resource forests and extend your on-premises AD to the AWS Cloud. Resource forests use a trust relationship with your on-premises AD to enable you to access AWS applications and resources with your on-premises AD credentials. In a resource forest model, users are managed in your on-premises AD and the resource forest is used to manage your AWS resources. Both editions also support the creation of additional domain controller instances to improve the redundancy and performance of your managed directory.
AWS Microsoft AD (Standard Edition) is optimized to be a primary directory for small and midsize businesses with up to 5,000 employees. It provides you enough storage capacity to support up to 30,000* directory objects, such as users, groups, and computers.
AWS Microsoft AD (Enterprise Edition) is designed to support enterprise organizations with up to 500,000* directory objects.
|Standard Edition||Enterprise Edition|
|Storage capacity available for directory objects||1 GB||17 GB|
|Total directory objects||30,000*||500,000*|
*Upper limits are approximations. Your directory may support more or less directory objects depending on the size of your directory objects and the behavior and performance needs of your applications.
For each AWS Managed Microsoft AD directory, AWS creates the minimum two domain controllers automatically to provide high availability. You can scale out your managed directory by creating additional domain controllers to improve your managed directory performance and availability.
|AWS Directory Service for Microsoft Active Directory (Standard Edition)||China (Beijing) Hourly Price||China (Ningxia) Hourly Price|
Includes two domain controllers for high availability. AWS bills you for each domain controller at an hourly rate of ¥ 0.512 in China (Beijing) and ¥ 0.467 in China (Ningxia) Region per hour.
|¥ 1.024||¥ 0.934|
|Each additional domain controller||¥ 0.512||¥ 0.467|
|For directory sharing: price per additional account to which the directory is shared||¥ 0.1536||¥ 0.1401|
|AWS Directory Service for Microsoft Active Directory (Enterprise Edition)||China (Beijing) Hourly Price||China (Ningxia) Hourly Price|
Includes two domain controllers for high availability. AWS bills you for each domain controller at an hourly rate of ¥ 2.089 in China (Beijing) and ¥ 1.498 in China (Ningxia) Region per hour.
|¥ 4.178||¥ 2.996|
|Each additional domain controller||¥ 2.089||¥ 1.498|
|For directory sharing: price per additional account to which the directory is shared||¥ 0.6267||¥ 0.4494|
AD Connector is a proxy that enables you to use identities from your existing self-managed Microsoft Active Directory (AD) with compatible AWS applications, such as Amazon WorkSpaces. You can also use AD Connector to join Amazon EC2 instances to your AD domain and manage these instances using your existing group policy objects. This makes it easier to deploy AD-aware applications on these Amazon EC2 instances and use your self-managed AD for user and group authorization.
AWS charges for AD Connector are based on the size of your managed directory (small or large) and the number of hours that your managed directory is running. The hourly pricing includes two instances for high availability.
|AD Connector Size||China (Beijing) Hourly Price||China (Ningxia) Hourly Price|
|¥ 0.4609||¥ 0.4107|
|¥ 2.1075||¥ 1.2117|
Amazon WorkSpaces, Amazon WorkDocs, and Amazon WorkMail
If you use Amazon WorkSpaces, Amazon WorkDocs, or Amazon WorkMail (in regions where available) in conjunction with AD Connector, AWS will not charge you for AD Connector, as long as you have active users of Amazon WorkSpaces, Amazon WorkDocs, or Amazon WorkMail. In order to qualify for free usage of AD Connector, you must have at least one active user for small directories each month and at least 100 active users for large directories each month. You can also pay for AWS Managed Microsoft AD, and use it in conjunction with Amazon applications, such as Amazon WorkSpaces and Amazon WorkMail.