[Update]”Effortless AD Authentication: Amazon ECS Now Supports Domainless gMSA for Linux and Windows Containers”


Domainless Group Managed Service Accounts (gMSAs) are now supported for both Linux and Windows containers running on Amazon EC2, making authentication via Microsoft Active Directory (AD) easier than ever.

The Challenge of AD Authentication for Containers till Date

On 2019 Reinvent aws announced support for gMSA

Running containers requiring AD authentication meant joining the ECS nodes to the AD domain. However, this approach posed some limitations, especially during autoscaling events and when deploying containers across a dynamic and elastic infrastructure.

Benifits of this Update

No Need to Join ECS Nodes to the Domain

This update is the ability to run containers requiring AD authentication without having to join the ECS nodes to the domain. This means no more complications during autoscaling events, and no more worrying about domain dependencies. Containers can now seamlessly authenticate with Microsoft Active Directory, accessing network shared resources such as SQL Server hosts and file-shares without any hassle.

for trying you can follow the bellow blogs for creating gMSA

Step by Step guide for linux container


Eliminating the need to join ECS nodes to the domain, allowing organizations to deploy and scale containers effortlessly and improving overall security.