Posted On: Mar 5, 2024
Amazon Elastic Container Service (ECS) announces Group Managed Service Account (gMSA) support for Linux containers running on Amazon Fargate. With this support, applications running on Amazon Fargate can easily authenticate with Microsoft Active Directory (AD) to access network shared resources.
Group Managed Service Account (gMSA) is a managed account that provides automatic password management, service principal name (SPN) management, and the ability to delegate management to administrators over multiple servers or instances. This allows multiple containers or resources to share an AD account without having to authenticate each container or resource individually, or without having access to network-shared resources such as SQL Server hosts, or file-shares. Customers can already use gMSA with Amazon ECS Linux containers on EC2 using credentials-fetcher integration. Now, the same capability is available for containers running on Amazon Fargate without having to manage servers or clusters of Amazon EC2 instances.
This capability is available in all Amazon Web Services regions where Amazon Fargate is available, including the Amazon Web Services China (Beijing) Region, operated by Sinnet and the Amazon Web Services China (Ningxia) Region, operated by NWCD. To learn more and to get started, please refer to the documentation for using gMSAs for Linux containers and blog post.