Abstract: A customer utilizes an interface provided by a virtual computer system service to provision a virtual machine instance and join this instance to a directory. The interface may have previously obtained the domain name and the Internet Protocol addresses for one or more directories available to the customer for joining the virtual machine instance. The virtual computer system service may communicate with a managed directory service to obtain a set of temporary credentials that may be used to transmit a request to the directory to allow joining of the virtual machine instance. Upon provisioning of the instance, an agent operating within the instance may be configured to obtain the domain name and Internet Protocol addresses for the directory to establish a connection with the directory. The agent may also be configured to obtain the set of temporary credentials to transmit a request to the directory for joining of the instance.

Abstract: A user may utilize a set of credentials to access, through a managed directory service, one or more services provided by a computing resource service provider. The managed directory service may be configured to identify one or more policies applicable to the user. These policies may define the level of access to the one or more services provided by the computing resource service provider. Based at least in part on these policies, the managed directory service may transmit a request to an identity management system to obtain a set of temporary credentials that may be used to enable the user to access the one or more services. Accordingly, the managed directory service may be configured to enable the user, based at least in part on the policies and the set of temporary credentials, to access an interface, which can be used to access the one or more services.

Abstract: Techniques for connection computer system entities to local computer system resources are described herein. A computer system entity that requests access to a local computer system resource has that request fulfilled by a managed directory service which receives the request and connects the computer system entity to the local computer system resource. While connected, the managed directory service receives commands to perform operations on the local computer system resource and, if the computer system entity is authorized to perform the operations on the local computer system resource, the managed directory service performs the operation on the local computer system resource.

Abstract: Techniques for connecting computer system entities to remotely extended local computer system resources are described herein. A computer system entity that requests access to a local computer system resource has that request fulfilled by a managed directory service which receives the request and connects the computer system entity to the local computer system resource. While connected, the managed directory service extends the local computer system resource to a corresponding extended remote computer system resource, receives commands to perform operations on the local or extended remote computer system resources and, if the computer system entity is authorized to perform the operations on the appropriate computer system resource, the managed directory service performs the operations on the appropriate computer system resource.

Abstract: Techniques for connecting computer system entities to remote computer system resources are described herein. A computer system entity that requests access to a remote computer system resource has that request fulfilled by a managed directory service which receives the request and connects the computer system entity to the remote computer system resource. While connected, the managed directory service receives commands to perform operations on the remote computer system resource and, if the computer system entity is authorized to perform the operations on the remote computer system resource, the managed directory service performs the operation on the remote computer system resource.

Abstract: A customer of a computing resource service provider may utilize a set of credentials to request creation of an identity pool within a managed directory service. Accordingly, the managed directory service may create the identity pool. Instead of having the customer create a separate account within this identity pool, the managed directory service may create a shadow administrator account within the identity pool, which may be used to manage other users and resources in the identity pool within the managed directory service. The managed directory service further exposes an application programming interface command that may be used to obtain a set of credentials for accessing the shadow administrator account. The customer may use this command to receive the set of credentials and access the shadow administrator account. Accordingly, the customer can manage users and resources in the identity pool within the managed directory service.

Abstract: Authentication requests are redistributed among a plurality of authentication servers and to centrally managing authentication affinities among distributed servers using a secure channels affinity service. A computer system instantiates a secure channel management service configured to manage secure channel connections. The secure channel management service receives state inputs from currently deployed authentication servers. The authentication servers may be configured to queue authentication requests for transmission to authentication servers. The computer system determines that, based on the received state input, at least one of the secure channels is to be remapped to a different authentication server. The computer system also remaps the determined secure channels to distribute future authentication requests among the authentication servers.

Abstract: Embodiments are directed to redistributing authentication requests among a plurality of authentication servers and to centrally managing authentication affinities among distributed servers using a secure channels affinity service. A computer system instantiates a secure channel management service configured to manage secure channel connections. The secure channel management service receives state inputs from currently deployed authentication servers. The authentication servers may be configured to queue authentication requests for transmission to authentication servers. The computer system determines that, based on the received state input, at least one of the secure channels is to be remapped to a different authentication server. The computer system also remaps the determined secure channels to distribute future authentication requests among the authentication servers.