Posted On: Apr 17, 2023

Today, Amazon Elastic Container Service (ECS) is announcing the availability of ECS-optimized Amazon Linux 2023 (AL2023) AMI and group managed service accounts (gMSA) on Amazon Elastic Container Service (ECS) Linux containers through credentials-fetcher integration.  gMSA is a managed account that provides automatic password management, service principal name (SPN) management, and the ability to delegate management to administrators over multiple servers or instances. This integration allows applications hosted on Amazon ECS Linux containers to easily authenticate with Microsoft Active Directory (AD) to access network shared resources. This integration enables customers to continue using AD as well as get the cost, reliability, and scalability benefits of Amazon Linux on ECS. 

As you deploy your .NET applications, the applications hosted on Linux containers need to connect to network resources such as SQL Server hosts or storage blocks that are authenticated over Microsoft AD. The gMSA credentials-fetcher is now directly integrated into Amazon ECS. You can use credentials-fetcher to access AD from services hosted on Linux containers using the service account authentication model. Developers and system administrators can use the ECS agent for a managed configuration experience on the ECS platform.

This capability is available in all the Amazon Web Services regions where Amazon ECS is available, including the Amazon Web Services China (Beijing) Region, operated by Sinnet and the Amazon Web Services China (Ningxia) Region, operated by NWCD. To learn more and to get started, please refer details of Amazon ECS-optimized AMIs, the documentation and blog post for gMSA support.