SQL Server with WSFC on AWS
SQL Server with WSFC Quick Start


Deploying this Quick Start for a new VPC with the default parameters builds the following environment in the AWS Cloud.

        WSFC and SQL Server architecture on AWS (default configuration)

Figure 1: WSFC and SQL Server architecture on AWS (default configuration)

You can also choose to build an architecture with three Availability Zones, as shown in Figure 2.

      WSFC and SQL Server architecture on AWS with three Availability Zones

Figure 2: WSFC and SQL Server architecture on AWS (with three Availability Zones)

The deployment includes the following components.


If you use the option to deploy the Quick Start into your existing VPC and AD DS infrastructure, the components marked by asterisks are skipped. For details about the underlying Active Directory and network design, see the Quick Start for Active Directory Domain Services.

  • A virtual private cloud (VPC) configured with public and private subnets across two Availability Zones. This provides the network infrastructure for your SQL Server deployment. You can optionally choose a third Availability Zone for the file share witness or for an additional SQL cluster node, as shown in Figure 2.*

  • An internet gateway to provide access to the internet.*

  • In the public subnets, Windows Server-based Remote Desktop Gateway (RDGW) instances and network address translation (NAT) gateways for outbound internet access.*

  • Elastic IP addresses associated with the NAT gateway and RDGW instances.*

  • In the private subnets, Active Directory domain controllers.*

  • In the private subnets, Windows Server-based instances as WSFC nodes.

  • SQL Server Enterprise edition with SQL Server Always On Availability Groups on each WSFC node. This architecture provides redundant databases along with a witness server to ensure that a quorum can vote for the node to be promoted to master. The default architecture mirrors an on-premises architecture of two SQL Server instances spanning two subnets placed in two different Availability Zones, as shown in Figure 3.

  • Security groups to ensure the secure flow of traffic between the instances deployed in the VPC.