I am moving my local AD domain to AWS and I am not sure the best way to do it.
Scenario: I have 2 on-prem domains (.local and .net). I am retiring one of them and moving to the other. Both are considered production as they are both actively used. Before I start moving everything from one to the other, I want to have AD extended into AWS. In addition, we eventually want to be out of the data center.
Option 1: Spin up 2 EC2 instances and configure them as DCs. This seems like the simplest option however the most expensive (something like $0.99/hr for 2 m4.xlarge machines).
Option 2: Use AWS Directory Service (looks pretty new). The problem with this is they don't allow you to extend your current domain to it. They only allow you to create a brand new domain. The advantages are that its cheaper ($0.40/hr I believe) and that they configure everything for you. I suppose if I went this way I'd need to set up a trust with my current domains.
Does anyone have experience with the AWS directory service? I just can't seem to find anything on the Internet about comparing these 2 options.
If anyone has a better option than the 2 listed above I'd love to hear about it too.
Reference links:
Extending on-prem domain to AWS: http://docs.aws.amazon.com/quickstart/latest/active-directory-ds/scenario-2.html
AWS Directory Service: http://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html
Thanks for the help!
