Amazon RDS for SQL Server supports Kerberos authentication on Self Managed Active Directory in China regions
Amazon Relational Database Service (Amazon RDS) for SQL Server now supports Kerberos authentication on Self Managed Active Directory Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region. This feature enables secure integration between RDS SQL Server database instances and your existing self-managed Active Directory infrastructure. Self-managed Active Directory is an AD domain that you control and manage directly. You can host it in your corporate data centers, on Amazon EC2, or with other cloud providers, giving you direct control over user and service authentication on your RDS for SQL Server DB instances without requiring intermediary domains or forest trusts.
With the addition of Kerberos authentication alongside the NTLM protocol, you can enhance security and simplify user management while leveraging your existing Active Directory identities for RDS SQL Server database authentication. This enables consistent authentication mechanisms across your on-premises and cloud-based SQL Server databases, reduces administrative overhead, and helps meet compliance requirements for identity and access management.
To get started, customers can follow the step-by-step process in the Amazon RDS SQL Server User Guide, which includes creating an Organizational Unit in their AD, setting up a domain service account, creating necessary Amazon Web Services resources, and configuring their RDS SQL Server instance to join the AD domain. For pricing details and regional availability, please see Amazon RDS for SQL Server Pricing page.