We're a growing shop that has no real user management. It's come the time to have single-sign-on. We host everything in AWS with the exception of an in-house desktop server that basically just hosts a NAS.
I'm only slightly familiar enough with Active Directory that I could set up an in-house domain and have it federate users. I've read the FAQs on AWS Directory Service and just looking to get clarity at what it can and cannot do.
My goal is to have an AD that can manage users in AWS as well as in-house. I'm unsure if I can do both in AWS DS or if it's just to handle the AWS portion.
Per the FAQ: AWS Directory Service makes it easy for you to setup and run directories in the AWS cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory
Does this mean that even if I ran AWS DS I'd still have to host an in-house AD and join them to manage users in AWS as well as in-house? I'd like to avoid having to run one on-premesis since my goal is to get everything into AWS.
If your goal is to host everything in AWS you can. In AWS you can deploy Microsoft AD or Simple AD. both of these are fully hosted in AWS. Each have benefits and limitations when comparing them to AD on premise, the inability to make Schema changes for example:
You can find lots of information here: https://aws.amazon.com/documentation/directory-service/?icmpid=docs_menu_internal
There are also lots of options if you want to host AD on premise and integrate it with AD, AD Connector, Federation as well as hosting your own DCs in a VPC and connecting to it through a site-to-site VPN.