Menu
PowerShell DSC on the AWS Cloud
Quick Start Deployment Reference Guide

Deploy the Pull Mode Stack

To launch the PowerShell DSC Pull Server infrastructure AWS CloudFormation template into the US West (Oregon) region, launch the Quick Start.

Note

You are responsible for the cost of the AWS services used while running this Quick Start Reference Deployment. The cost for creating and running the template with default settings is approximately $3.50 an hour. See the pricing pages of the AWS services you will be using for full details.

The DSC Pull Server infrastructure template allows you to customize the following parameters at launch. You can modify these parameters, change the default values, or, if you choose to edit the code of the template itself, create an entirely new set of parameters based on your specific deployment scenario.

Network configuration:

Parameter label Parameter name Default Description
Availability Zones AvailabilityZones Requires input The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses two Availability Zones from your list and preserves the logical order you specify.
VPC CIDR VPCCIDR 10.0.0.0/16 CIDR block for the Amazon VPC.
Private Subnet 1 CIDR PrivateSubnet1CIDR 10.0.0.0/19 CIDR block for the private subnet 1 located in Availability Zone 1.
Private Subnet 2 CIDR PrivateSubnet2CIDR 10.0.32.0/19 CIDR block for the private subnet 2 located in Availability Zone 2.
Public Subnet 1 CIDR PublicSubnet1CIDR 10.0.128.0/20 CIDR block for the public subnet located in Availability Zone 1.
Public Subnet 2 CIDR PublicSubnet2CIDR 10.0.144.0/20 CIDR block for the public subnet located in Availability Zone 2.
Allowed Remote Desktop Gateway External Access CIDR RDGWCIDR Requires input Allowed CIDR block for external access to the Remote Desktop Gateway instances. We recommend that you set this value to a trusted CIDR block.

Amazon EC2 configuration:

Parameter label Parameter name Default Description
Key Pair Name KeyPairName Requires input Public/private key pair, which enables you to connect securely to your instance after it launches. When you created an AWS account, this is the key pair you created in your preferred region.
NAT Instance Type NATInstanceType t2.small EC2 instance type for the NAT instances.
Windows Instance Type WindowsInstanceType t2.large Amazon EC2 instance type for the Windows instances.
Domain Controller 1 Private IP Address ADServer1PrivateIP 10.0.0.10 Fixed private IP for the first Active Directory server located in Availability Zone 1.
Domain Controller 2 Private IP Address ADServer2PrivateIP 10.0.32.10 Fixed private IP for the second Active Directory server located in Availability Zone 1.
Pull Server Instance Type PullServerInstanceType t2.medium Amazon EC2 instance type for the pull server instances.
Pull Server 1 Private IP Address PullServer1PrivateIP 10.0.0.15 Fixed private IP for the first DSC pull server located in Availability Zone 1.
Pull Server 2 Private IP Address PullServer2PrivateIP 10.0.32.15 Fixed private IP for the second DSC pull server located in Availability Zone 2.

Microsoft Active Directory configuration:

Parameter label Parameter name Default Description
Domain DNS Name DomainDNSName example.com DNS name for the Active Directory domain.
Domain NetBIOS Name DomainNetBIOSName EXAMPLE NetBIOS name for the domain.
Admin Password AdminPassword Requires input Password for the administrator user account. This must be a complex password that’s at least 8 characters long.

AWS Quick Start configuration:

Parameter label Parameter name Default Description
Quick Start S3 Bucket Name QSS3BucketName quickstart-reference S3 bucket where the Quick Start templates and scripts are installed. Use this parameter to specify the S3 bucket name you’ve created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens, but should not start or end with a hyphen.
Quick Start S3 Key Prefix QSS3KeyPrefix microsoft/powershelldsc/latest The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens, and forward slashes, but should not start or end with a forward slash (which is automatically added).

Testing Configuration Drift Resistance

After the deployment is complete, you can confirm that the state of each system will retain its desired configuration. One way to test this is to perform the following steps:

  1. Open a web browser and navigate to either http://web1 or http://web2. You'll see a placeholder web page that was installed by the DSC configuration for the web servers.

  2. Delete the index.html file from c:\inetpub\wwwroot on the web server.

  3. Refresh the browser to confirm that you can no longer view the page.

  4. After 15 minutes, refresh the browser again to confirm that the state of the system has been re-applied and the system is resistant to configuration drift issues.

If you do not want to wait, you can force DSC to connect to the pull server and apply the current configuration using the Update-DscConfiguration cmdlet.

On this page: