AWS RDS SQL Server Instance and Windows Authentication - Connectivity Issues

  • Created a AWS RDS Instance with SQL Server – Enterprise version and did the default VPC / Security Group ( at this time – Active Directory wasn’t set up neither the Option group or the Parameter group was set up and assigned ) .Did work on creating a DB in the AWS RDS instance and connected with SQL Server Authentication . Then started setting up Option Group with (SSIS ) and Parameter group .

    Created an Active directory for the SSIS version with the security group that was used in AWS RDS .Modified the AWS RDS instance and added the Active directory / assigned the option and Parameter group . And applied the changes immediately – after doing this created a user login and executed the permissions .

    Need to understand how can I set up Windows Authentication with all the above .We have the AWS RDS Instance – has the security group with AD set up all in the same VPC – also shares the same security group / availability zone and everything . I would like to understand if I can do a connect with SSMS that I have which gets connects to AWS RDS db instance through Windows Authentication . Do I need to have this SSMS is another EC2 box or something like that or is it possible to connect directly with Windows Authentication on my laptop which is no where connected or set up with any Active Directory . Let me know if there is a need of more details .

    Did go through the following sites and completed all the instructions :



  • I could be mistaken, but what you set up is an isolated network so SQL can talk to AWS for authentication using AD authentication BUT you have no computers joined to the AD domain. Is that correct?

    If so, you will need to join a computer to the AWS AD domain and use that computer to authenticate to the SQL instance.

    In order for you to do AD authentication, you have to have a trust between your workstation and the AD controller. Otherwise the AD controller has no idea who you are and your machine has no idea about the AD controller.

    You would also need to create and grant an AD user access to the SQL instance.

    The above is all just my opinion on what you should do. 
    As with all advice you find on a random internet forum - you shouldn't blindly follow it.  Always test on a test server to see if there is negative side effects before making changes to live!
    I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply