Some features in AWS Directory Service are not automated and are not scriptable, so they require manual work. In today's world where everything is pretty much automated and scriptable using AI, this is a downside. The price is another concern. AWS is really expensive. They provide an awesome service in general, but it's still expensive, very expensive. AD Connector is an application which connects my own Active Directory to AWS Directory Service or AWS infrastructure. There is a bit of latency which is bound by the AD Connector availability. If the AD Connector is having issues, there is a bit of latency, but in general, it's way better than Microsoft Azure. Still, it could be better. The migration was a bit challenging and required intensive planning and migration time. That is always a hassle. No matter which cloud environment you're moving into, the migration is sensitive because you're generally moving from on-premise to a cloud environment, so there is downtime and there are unexpected issues and errors. It needs very careful planning before doing the migration itself. AWS Directory Service is lacking a few things which could be better. Single sign-on federation is missing. SCIM provisioning is not available. In my company, we use other services for SSO federation, SCIM provisioning, and authentication because of these gaps. I would like AWS Directory Service to enroll a multi-factor authentication method. I would like to have an SSO federation where users, if we're hosting applications in AWS, would not need to log in to each application. Single sign-on would log in the user to their account and from there they can open all their applications without requiring a login each time. One of the other cons in AWS is that directories cannot span multiple regions because it's a region-bound architecture. This requires several directories for multi-region deployment. This is the case on my end because my company has several branches all over the world, so it requires several deployments.
