Which solution will meet these requirements?
Create an Enterprise Edition Active Directory in AWS Directory Service for Microsoft Active Directory. Configure the Active Directory to be the identity source for AWS IAM Identity Center.
Enable AWS IAM Identity Center. Configure a two-way forest trust relationship to connect the company’s self-managed Active Directory with IAM Identity Center by using AWS Directory Service for Microsoft Active Directory.
Use AWS Directory Service and create a two-way trust relationship with the company’s self-managed Active Directory.
Deploy an identity provider (IdP) on Amazon EC2. Link the IdP as an identity source within AWS IAM Identity Center.
Explanations:
AWS IAM Identity Center cannot directly integrate with AWS Directory Service for Microsoft Active Directory as the identity source. Instead, a trust relationship needs to be established with the on-premises Active Directory or a third-party IdP.
AWS IAM Identity Center can be integrated with AWS Directory Service for Microsoft Active Directory through a two-way forest trust with the on-premises Active Directory. This allows single sign-on across AWS accounts while maintaining centralized user management in the on-premises AD.
A two-way trust between AWS Directory Service and the on-premises Active Directory is possible, but this would not automatically integrate with AWS IAM Identity Center for single sign-on across multiple accounts. IAM Identity Center needs direct integration, which is not achieved by a two-way trust alone.
Deploying a custom identity provider (IdP) on EC2 is a complex and non-standard approach. AWS IAM Identity Center integrates with AWS managed identity sources like AWS Directory Service or SAML-based IdPs, not a custom IdP deployed on EC2.