-
When you select Choose application from the
AWS Launch Wizard landing page, you are directed to the Choose
application wizard, where you are prompted to select the
type of application that you want to deploy. Select Microsoft
SQL Server, then Create
deployment.
-
Under Review Permissions, Launch Wizard displays the
AWS Identity and Access Management (IAM) role required for Launch Wizard to access other AWS services
on your behalf. For more information about setting up IAM for Launch Wizard,
see AWS Identity and Access Management (IAM). Choose Next .
-
On the Configure application settings page,
select the Operating System on which you want to
install SQL Server — in this case,
Windows.
-
Deployment model. Choose High availability deployment, and then choose
Always On Failover Cluster Instances to deploy
a SQL Server Failover Clustering (FCI) application across multiple
Availability Zones.
-
You are prompted to enter the specifications for the new deployment
The following tabs provide information about the specification
fields.
- General
-
-
Deployment name.
Enter a unique application name for your
deployment.
-
Simple Notification Service
(SNS) topic ARN — optional.
Specify an SNS topic where AWS Launch Wizard can send
notifications and alerts. For more information, see
the Amazon Simple Notification Service Developer Guide.
-
CloudWatch application
monitoring (optional for HA
deployments). Select the check box to
set up monitors and automated insights for your
deployment using CloudWatch Application Insights.
For more information, see the Amazon CloudWatch User Guide.
-
Enable rollback on failed
deployment. By default, if a deployment
fails, your provisioned resources will not be rolled
back/deleted. This default configuration helps you
to troubleshoot errors at the resource level as you
debug deployment issues. If you want your
provisioned resources to be immediately deleted if a
deployment fails, select the check box.
- Connectivity
-
Enter the specifications for how you want to connect to
your instance and configure your Virtual Private Cloud
(VPC).
Key pair name
-
Select an existing key pair from the dropdown list
or create a new one. If you select Create
new key pair name, you are directed to
the Amazon EC2 console. From there, under
Network and Security, choose
Key Pairs. Choose
Create a new key pair, enter
a name for the key pair, and then choose
Download Key Pair.
This is the only opportunity for you to save
the private key file. Download it and save it in a
safe place. You must provide the name of your key
pair when you launch an instance and provide the
corresponding private key each time that you
connect to the instance.
Return to the Launch Wizard console and choose the refresh
button next to the Key Pairs
dropdown list. The newly created key pair appears in
the dropdown list. For more information about key
pairs, see Amazon EC2 Key Pairs and Windows
Instances.
Tenancy model (HA deployments
only)
Select your preferred tenancy. Each instance that you
launch into a VPC has a tenancy attribute. The
Shared tenancy option means that
the instance runs on shared hardware. The
Dedicated Host (HA deployments)
tenancy option means that the instance runs on a Dedicated
Host, which is an isolated server with configurations that
you can control. For FCI deployments, select
Shared tenancy.
Virtual Private Cloud
(VPC). Choose whether you want to use an
existing VPC or create a new VPC.
-
Select Virtual Private Cloud
(VPC) option. Choose the VPC that you
want to use from the dropdown list. If you choose to
enable Remote Desktop Gateway access, then your VPC
must include at least one public subnet and two
private subnets for HA deployments . Your VPC must
be associated with a DHCP Options Set to enable DNS
translations to work. The private subnets must have
outbound connectivity to the internet and other
AWS services (S3, CFN, SSM, Logs). We recommend
that you enable this connectivity with a NAT
Gateway. For more information about NAT Gateways,
see NAT Gateways in the
Amazon VPC User Guide.
-
Public
Subnet. If you choose to enable Remote
Desktop Gateway access, then your VPC must include
at least one public subnet and two private subnets
for HA deployments. Choose a public subnet for
your VPC from the dropdown list. To continue, you
must select the check box that indicates that the
public subnet has been set up and the private
subnets have outbound connectivity enabled.
To add a new public subnet
If a subnet's traffic is routed to an
internet gateway, the subnet is known as a public
subnet. If, however, a subnet doesn't have a route
to the internet gateway, the subnet is known as a
private subnet. To use an existing VPC that does
not have a public subnet, you can add a new public
subnet using the following steps.
-
Availability Zone (AZ)
configuration. You must choose at least
two Availability Zones for High Availability (HA)
deployments, with one private subnet for each zone
that you select. For HA deployments, select the
Availability Zones within
which you want to deploy your primary and secondary SQL nodes.
Depending on the number of secondary nodes that
you plan to use to set up a SQL Server Always On
deployment, you may have to specify a
private subnet for each of them.
Cross-Region replication is not supported.
To create a private subnet
If a subnet doesn't have a route to an
internet gateway, the subnet is known as a private
subnet. To create a private subnet, you can use
the following steps. We recommend that you enable
the outbound connectivity for each of your
selected private subnets using a NAT Gateway. To
enable outbound connectivity from private subnets
with public subnet, see the steps in Creating a NAT Gateway to create a NAT
Gateway in your chosen public subnet. Then, follow
the steps in Updating Your Route Table for each of
your chosen private subnets.
-
Follow the steps in Creating a Subnet in the Amazon VPC User Guide
using the existing VPC you will use in AWS
Launch Wizard.
-
When you create a VPC, it includes a main
route table by default. On the Route
Tables page in the Amazon VPC console,
you can view the main route table for a VPC by
looking for Yes in the Main column. The main route
table controls the routing for all subnets that
are not explicitly associated with any other route
table. If the main route table for your VPC has an
outbound route to an internet gateway, then any
subnet created using the previous step, by
default, becomes a public subnet. To ensure the
subnets are private, you may need to create
separate route table(s) for your private subnets.
These route tables must not contain any routes to
an internet gateway. Alternatively, you can create
a custom route table for your public subnet and
remove the internet gateway entry from the main
route table.
-
Remote Desktop Gateway
preferences. When you select
Set up Remote Desktop
Gateway, enter the public subnet into
which to deploy the RDGW instance.
-
Remote Desktop Gateway
access — Optional. Select
Custom IP from the dropdown
list. Enter the CIDR block. If you do not specify
any value for the Custom IP parameter, Launch Wizard does
not set the inbound RDP access (Port 3389) from
any IP. You can choose to do this later by
modifying the security group settings via the
Amazon EC2 console. See Adding a Rule for Inbound RDP Traffic to a
Windows Instance for instructions on
adding a rule that allows inbound RDP traffic to
your RDGW instance.
- Active Directory
-
You can connect to an existing Active Directory or create
a new one. If you selected the Create new Virtual
Private Cloud (VPC) option for high
availability deployments, you must select Create a
new Active Directory.
Connecting to existing AWS Managed Active Directory
or self-managed Active Directory
From the dropdown list, select whether you want to use
AWS Managed Active Directory,
or Self-managed Active Directory.
If you select Self-managed Active
Directory, select the check box to verify
that you have ensured a connection between the Active
Directory and the VPC.
Follow the steps for granting permissions in the
Active Directory Default Organizational Unit (OU).
-
Domain user name and
password. Enter the user name and
password for your directory. For required
permissions for the domain user, see Active Directory (Windows deployment). Launch Wizard stores
the password in AWS Secrets Manager as a
secure string parameter. It does not store the
password on the service side. To create a functional
SQL Server FCI deployment, Launch Wizard reads from
AWS Secrets Manager.
-
DNS address.
Enter the IP address of the DNS servers to which you
are connecting. These servers must be reachable from
within the VPC that you selected.
-
Optional DNS
address. If you would like to use a
backup DNS server, enter the IP address of the DNS
server that you want to use as backup. These servers
must be reachable from within the VPC that you
selected.
-
Domain DNS name.
Enter the Fully Qualified Domain Name (FQDN) of the
forest root domain used for the Active
Directory. When you choose to create a new Active
Directory, Launch Wizard creates a domain admin user on your
Active Directory.
-
Domain User security group
— optional. To specify an
existing security group, select one from the
dropdown list. The prerequisites for adding security
groups can be viewed by selecting Info.
Creating a new AWS Managed Active Directory through
Launch Wizard
-
Domain user name and
password. The domain user name is
preset to “admin.” Enter a password for your
directory. Launch Wizard stores the password in
AWS Secrets Manager as a secure string
parameter. It does not store the password on the
server side. To create a functional SQL Server FCI
deployment, Launch Wizard reads from
AWS Secrets Manager.
-
Domain DNS name.
Enter a Fully Qualified Domain Name (FQDN) of the
forest root domain used for the Active Directory.
When you choose to create a new Active Directory,
Launch Wizard creates a domain admin user on your Active
Directory.
Connecting to a self-managed Active Directory through
Launch Wizard
Launch Wizard allows you to connect to a self-managed Active
Directory environment during deployment. For more
information, see Self-managed Active Directory.
- SQL Server
-
When you use an existing Active Directory, you have
the option of using an existing SQL Server service
account or creating a new account. If you create a new
Active Directory account, you must create a new SQL
Server account.
-
User name and
password. If you are using an existing
SQL Server service account, provide your user name
and password. This SQL Server service account should
be part of the Managed Active Directory in which you
are deploying. If you are creating a new SQL Server
service account through Launch Wizard, enter a user name for
the SQL Server service account. Create a complex
Password that is at least 8 characters long, and
then reenter the password to verify it. See Password Policy for more
information.
-
SQL Server install
type. Select the version of SQL Server
Enterprise that you want to deploy. You can select
an AMI from either the License-included AMI or
Custom AMI dropdown lists.
-
License-included
AMI. Choose an AMI for your SQL Server
deployment which determines the version and edition
of Windows Server and SQL Server that will be
deployed.
-
Additional SQL Server
settings (optional). You can optionally
specify the following:
-
When you are satisfied with your configuration selections, select
Next. If you don't want to complete the
configuration, select Cancel. When you select
Cancel, all of the selections on the
specification page are lost and you are returned to the landing page. To
go to the previous screen, select Previous.
-
After configuring your application, you are prompted to define the
infrastructure requirements for the new deployment on the
Define infrastructure requirements page. The
following tabs provide information about the input fields.
- Define infrastructure requirements
-
You can choose to select your instances and volume
types, or to use AWS recommended resources. If you
choose to use AWS recommended resources, you have the
option of defining your high availability cluster needs.
If no selections are made, default values are
assigned.
Instances
-
Cores. Choose the
number of CPU cores for your infrastructure. The
default value assigned is 4.
-
Network
performance. Choose your preferred
network performance in Gbps.
-
Memory (GB).
Choose the amount of RAM that you want to attach to
your EC2 instances. The default value assigned is 4
GB.
Storage and
performance
-
Type of storage
drive. The default value assigned is
SSD for FCI application deployments.
-
Average and peak
IOPS. Select the average and peak IOPS
required for your FSx share.
-
Allocated storage
space. Select the amount of storage
required for your FSx drive.
-
Recommended
resources. Launch Wizard displays the
system-recommended resources based on your
infrastructure selections. If you want to change the
recommended resources, select different
infrastructure requirements.
Infrastructure requirements based on instance
type
You can choose to select your instance and storage
capacity, or to use AWS recommended resources. If no
selections are made, default values are assigned.
-
Instance type.
Select your preferred instance type from the
dropdown list.
-
Storage capacity.
Choose your preferred EBS volume type. For more
information about volume types, see Amazon EBS volume types.
-
Throughput
capacity. Select the required sustained
SQL Server throughput.
For Launch Wizard deployments created after January 2023,
IMDSv1 is disabled on all instances. If your
software or scripts use IMDSv1, you will have to
meet the requirements to use IMDSv2. For more
information, see Use IMDSv2.
- Tags-Optional
-
You can provide optional custom tags for the resources
Launch Wizard creates on your behalf. For example, you can
set different tags for EC2 instances, EBS volumes, VPC, and
subnets. If you select All, you can
assign a common set of tags to your resources. Launch Wizard assigns
tags with a fixed key
LaunchWizardResourceGroupID and value that
corresponds to the ID of the AWS resource group created
for a deployment. Launch Wizard does not support custom tagging for
root volumes.
- Estimated on-demand cost to deploy additional
resources
-
AWS Launch Wizard provides an estimate for application charges
incurred to deploy the selected resources. The estimate
updates each time you change a resource type in the Wizard.
The provided estimates are only for general comparisons.
They are based upon On-Demand costs and your actual costs
may be lower.
-
When you are satisfied with your infrastructure selections, select
Next. If you don't want to complete the
configuration, select Cancel. When you select
Cancel, all of the selections on the
specification page are lost and you are returned to the landing page. To
go to the previous screen, select Previous.
-
On the Review and deploy page, review your
configuration details. If you want to make changes, select
Previous. To stop, select
Cancel. When you select
Cancel, all of the selections on the
specification page are lost and you are returned to the landing page.
When you choose Deploy, you agree to the terms of
the Acknowledgment.
-
Launch Wizard validates the inputs and notifies you of any issues you must
address.
-
When validation is complete, Launch Wizard deploys your AWS resources and
configures your SQL Server FCI application. Launch Wizard provides you with
status updates about the progress of the deployment on the Deployments page. From the Deployments page, you can view the list of
current and previous deployments.
-
When your deployment is ready, a notification informs you that your
SQL Server application is successfully deployed. If you have set up an
SNS notification, you are also alerted through SNS. You can manage and
access all of the resources related to your SQL Server FCI application
by selecting the deployment, and then selecting
Manage from the Actions dropdown list.
-
When the SQL Server FCI application is deployed, you can access your
Amazon EC2 instances through the EC2 console. You can also use AWS SSM to manage your SQL Server FCI application for
future updates and patches through built-in integration via resource
groups.
