Amazon Cloud Directory Cheat Sheet

• Amazon Cloud Directory is a fully managed, cloud-native directory service that handles complex hierarchical data structures, such as organizational charts, device registries, etc.

• Supports directories with hundreds of millions of objects and relationships, making it ideal for large organizations.

• You can design custom schemas for your specific needs and share schemas across multiple applications.

• No need for manual server management or scaling. AWS handles everything.

• Use hierarchical structures with flexible facets and attributes to organize data in a way that best fits your application.

Features

• Multi-Dimensional Hierarchies: Create complex, multi-level hierarchies spanning dimensions like location, cost center, and reporting structure.

• Custom Schema: Define custom facets and attributes tailored to your application, ensuring high flexibility.

• Search Capabilities: Built-in search tools allow you to search objects and relationships within your directory quickly.

• Encryption & Security: Automatic data encryption at rest and in transit to ensure secure data handling.



• Object Policies: Apply policies to enforce data integrity and access control across your directory.

• Fully Managed Service: AWS manages the infrastructure and scaling so that you can focus on your application.

Use Cases

• Store employee data, reporting structures, roles, and organizational hierarchies.

• Manage educational resources, courses, and student enrollment data.

• Track devices, their configurations, and relationships to other network components.

• Model and manage complex network components and interconnections.

• Implement fine-grained access controls and enforce organizational security policies.

Security

• IAM Integration: Integrates seamlessly with AWS Identity and Access Management (IAM) to control access to directory resources.

• Compliance: Amazon Cloud Directory complies with standards such as ISO, SOC, PCI, FedRAMP, and HIPAA.

• Auditability: CloudTrail integration allows you to log and monitor all API calls for auditing and compliance purposes.

• Encryption: Data is encrypted in transit and at rest, providing top-level security for sensitive information.

• VPC Endpoints: Enable private connectivity between your Virtual Private Cloud (VPC) and Cloud Directory for enhanced security.

Pricing

• Storage: $0.25 per GB per month.

• API Calls:

  • Eventually Consistent Reads: $0.0040 per 10,000 read API calls.

  • Strongly Consistent Reads: $0.0043 per 1,000 read API calls.

  • Writes: $0.0043 per 1,000 write API calls.

• Free Tier: The first 30 days are free; after that, charges are applied based on usage.

References:

https://docs.aws.amazon.com/clouddirectory/latest/developerguide/what_is_cloud_directory.html

https://aws.amazon.com/cloud-directory/

https://aws.amazon.com/cloud-directory/pricing/