This Quick Start deploys a highly available Windows PowerShell Desired State Configuration (PowerShell DSC) environment in the AWS Cloud.

PowerShell DSC enables you to express the desired state of your systems using declarative language syntax instead of complex imperative scripts. You can use PowerShell DSC with AWS CloudFormation to bootstrap and configure servers and apps for your software platform on AWS.

PowerShell DSC clients can pull their configurations from a server or have their configurations pushed to them locally or from a remote system. This Quick Start includes AWS CloudFormation templates to support both architectures in a Multi-AZ environment on AWS.


This Quick Start was developed by

AWS Service Catalog administrators can add this architecture to their own catalog.  

  •  What you'll build
  •  How to deploy
  •  Cost and licenses
  •  What you'll build
  • This Quick Start uses AWS CloudFormation templates and PowerShell DSC configuration scripts to set up the following pull environment on AWS:

    • A highly available architecture that spans two Availability Zones.
    • An Amazon Virtual Private Cloud (VPC) configured with public and private subnets according to AWS best practices, to provide you with your own virtual network on AWS.
    • An internet gateway to allow access to the internet.
    • NAT instances to allow outbound internet access for resources in the private subnets.
    • Remote Desktop gateways in each public subnet with an Elastic IP address to allow inbound Secure Shell (SSH) access to EC2 instances in public and private subnets.
    • Active Directory servers for directory, domain, and identity management.
    • PowerShell DSC pull servers for retrieving configuration data for your systems and applications.
    • Elastic Load Balancing to distribute traffic across the pull server instances.
    • DSC web service instances that enable clients to pull their configuration via HTTPS.

    The push server architecture includes the same resources except for the pull servers and Elastic Load Balancing.

  •  How to deploy
  • This Quick Starts automates the deployment of a PowerShell DSC pull or push environment on AWS. The implementation requires these steps:

    1. If you don't already have an AWS account, sign up at
    2. Launch one of the Quick Start templates into your account. You can choose from two options:

    To customize your deployment, you can change your VPC configuration, choose instance types and IP addresses for your resources, and change your Active Directory configuration.

    After deployment, you can check to make sure that your instances are resilient to configuration drift and confirm that your system will retain its desired configuration.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on the Quick Start.  

  •  Cost and licenses
  • You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start.

    The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of these settings, such as instance type, will affect the cost of deployment. For cost estimates, see the pricing pages for the AWS services you'll be using.