Deploy pull servers on AWS

View guide — HTML | PDF


This Quick Start deploys a highly available Windows PowerShell Desired State Configuration (PowerShell DSC) environment in the AWS Cloud.

PowerShell DSC enables you to express the desired state of your systems using declarative language syntax instead of complex imperative scripts. You can use PowerShell DSC with AWS CloudFormation to bootstrap and configure servers and apps for your software platform on AWS.

PowerShell DSC clients can pull their configurations from a server or have their configurations pushed to them locally or from a remote system. This Quick Start includes AWS CloudFormation templates to support both architectures in a Multi-AZ environment on AWS.

For additional Quick Starts, see the complete catalog.

  • What you'll build

    This Quick Start uses AWS CloudFormation templates and PowerShell DSC configuration scripts to set up the following pull environment on AWS:

    • A highly available architecture that spans two Availability Zones.
    • An Amazon VPC configured with public and private subnets according to AWS best practices, to provide you with your own virtual network on AWS.
    • An Internet gateway to allow access to the Internet.
    • NAT instances to allow outbound Internet access for resources in the private subnets.
    • Remote Desktop gateways in each public subnet with an Elastic IP address to allow inbound Secure Shell (SSH) access to EC2 instances in public and private subnets.
    • Active Directory servers for directory, domain, and identity management.
    • PowerShell DSC pull servers for retrieving configuration data for your systems and applications.
    • Elastic Load Balancing to distribute traffic across the pull server instances.
    • DSC web service instances that enable clients to pull their configuration via HTTPS.


    The push server architecture includes the same resources except for the pull servers and Elastic Load Balancing. For details, see the Quick Start deployment guide.

  • Deployment details

    This Quick Starts automates the deployment of a PowerShell DSC pull or push environment on AWS. The implementation requires two simple steps:

    1. Sign up for an AWS account.
    2. Launch one of the Quick Start templates into your AWS account:


    To customize your deployment, you can change your VPC configuration, choose instance types and IP addresses for your resources, and change your Active Directory configuration.

    After deployment, you can check to make sure that your instances are resilient to configuration drift and confirm that your system will retain its desired configuration.

    For complete details, see the Quick Start deployment guide.

  • Cost and licenses

    You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start.

    The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of these settings, such as instance type, will affect the cost of deployment. For cost estimates, see the AWS Simple Monthly Calculator and the pricing pages for the AWS services you'll be using.