Using Windows Authentication with gMSA on Linux Containers on Amazon ECS

Introduction

Today, we are announcing the availability of Credentials Fetcher integration with Amazon Elastic Container Service (Amazon ECS). This integration makes it easier for developers to implement Windows Authentication in Linux containers running on Amazon ECS using Microsoft Active Directory (AD) group Managed Service Account (gMSA). The Credentials Fetcher daemon allows containers running on Linux hosts to authenticate using gMSA credentials.

A gMSA is a managed domain account that provides automatic password management. While a typical AD account requires an IT administrator to manually set, rotate, and synchronize the password, gMSA passwords are automatically managed by the AD, including seamless synchronization across multiple clients. This type of account is ideal for containerized applications in Amazon ECS, because all instances of a task definition should have the same permissions, and the number of running instances can scale dynamically.

Prior to this release, …