Using Windows Authentication with gMSA on Linux Containers on Amazon ECS

UPDATE: On July 17th 2023, AWS launched support for Windows authentication with gMSA on non-domain-joined (domainless) Amazon ECS Linux container instances. This blog post has been updated to cover both modes, making domainless mode the default.

Introduction

Today, we are announcing the availability of Credentials Fetcher integration with Amazon Elastic Container Service (Amazon ECS). This integration makes it easier for developers to implement Windows Authentication in Linux containers running on Amazon ECS using Microsoft Active Directory (AD) group Managed Service Account (gMSA). The Credentials Fetcher daemon allows containers running on Linux hosts to authenticate using gMSA credentials.

A gMSA is a managed domain account that provides automatic password management. While a typical AD account requires an IT administrator to manually set, rotate, and synchronize the password, gMSA passwords are automatically managed by Active Directory, including seamless synchronization across …