Parminder Kaur

Windows on AWS Workshop

This lab will cover the following -

● Creating the Virtual Private Cloud (VPC)

● AWS Managed Microsoft Active Directory (AD)
● Amazon FSx for Windows File Server
● Amazon Elastic Compute Cloud EC2
● Adding Amazon FSx to Compute

ARCHITECTURE DIAGRAM

● You need to deploy the following architecture as seen in the above architectural diagram.
● Please create screenshots to perform your steps, and once the lab is successful, don’t forget to
clean up.
Lab 1: Creating the Virtual Private Cloud (VPC)
AWS CloudFormation is a service that gives developers and businesses an easy way to create a
collection of related AWS and third-party resources and provision and manage them in an orderly
and predictable fashion.
1. Downloaded the CloudFormation template and saved it to my laptop.
2. Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation/
3. I selected the region into which I want to deploy resources. I am using us-east-1.
4. Click on Create Stack. Select Template is ready and click Upload a template file. Click Choose
File and upload the template I downloaded. Once successfully uploaded, press Next.

5. Name the CloudFormation stack as cloud-stack and click Next. Leave the rest of the settings as
default.
6. When the CloudFormation stack has finished, all defined resources within the template will be
deployed within the AWS account.

7. Click VPCs. Verify that a new VPC with a 10.0.0.0/16 CIDR IP address range has been created.
8. Click on Subnets in the left panel to view our newly created subnets.

9. Our network is provisioned now.

Lab 2: AWS Managed Microsoft Active Directory (AD)

1. Open the AWS Directory Service console at
https://console.aws.amazon.com/directoryservicev2/
2. Click on Set up directory.

3. Select AWS Managed Microsoft AD as the directory type and click Next.
4. Select Standard Edition

5. Configure the following settings for the directory.

6. Click Next to configure networking for the Directory. Ensure you select ImmersiondayStack
/VPC for the VPC and then select
ImmersiondayStack/VPCprivateSubnet1 and ImmersiondayStack /VPCprivateSubnet2 for the
subnets and then click Next.
7. Click on create directory.

Create a DHCP Options Set:

1. Open the directory by clicking the Directory ID. In the Networking & Security tab, copy the
two DNS addresses.
2. Go to the VPC service and go to DHCP Options Sets. Click Create DHCP options set.

3. Configure the DHCP options.

4. Click Create DHCP options set.

5. Next, select Your VPCs and tick ImmersiondayStack/VPC. Then, in the Actions menu,
select Edit VPC settings.
6. Select the DHCP options. Leave "Enable DNS resolution" and "Enable DNS hostnames"
checked/enabled.

7. Click Save

Lab 3: Amazon FSx for Windows File Server

Creating a File System

1. Navigate to the Amazon FSx service - https://console.aws.amazon.com/fsx

2. Click Create file system.
3. Select Amazon FSx for Windows File Server and click Next.

4. Configure the following File system settings.

5. Configure the following Network & Security settings.
6. Set the directory type to AWS Managed Microsoft AD and select corp.business.local.
Click Next.

7. Leave the Encryption as the default.

8. Leave Auditing, Access, Backup & Maintenance and Tags as the defaults, then
click Next.
9. Click Create File System to start the file system build.

10. Click on the file system's name and select View Details.
11. Once it has finished building, note down the DNS name.

Lab 4: Amazon Elastic Compute Cloud (EC2)

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2

2. Click Launch Instances.
3. Name the Windows instance MyWindowsInstanceAuto.

4. Choose an Amazon Machine Image (AMI), and Select Microsoft Windows Server 2019
Base.
5. Select t3.micro instance type.

6. Now, create a key pair and name the key pair MyEC2Key. Select the .pem key.
Press Create key pair and this will download the key pair.
7. Scroll down to Network settings, press Edit , fill in instance details:
8. Create a security group and set up a new security group.

9. Now go to Configure Storage, set the volume type to General Purpose SSD (gp3) , and
change the size of the volume to 100 GiB.
10. Now go to Advanced Details. You will see a drop-down box with Domain Join
Directory above it. Open the drop-down, and you should see the Directory. Make sure
that the Directory is selected.

11. For IAM Instance Profile. We need to create an Identity and Access Management (IAM)
role with permission to access AWS Systems Manager. Click the Create New IAM.
12. Create a role. Then, highlight EC2 under Common use cases. Click Next: Permission to
define permissions.

13. Type SSM into the filter policies search box and
select AmazonSSMManagedInstanceCore and AmazonSSMDirectoryServiceAccess.
14. Click Next to review the policy.

15. Name the role AWS-AD-SSM. Click Create Role.

16. Go back to the Launch instance wizard browser tab, click the Refresh Icon next to the
IAM role box and select the AWS-AD-SSM role.

17. Click Launch instance.

 18. Click View All Instances. Once ready, the instance state will change
from Initializing to Running, and the status check will display 2/2 checks passed.

Connecting to our EC2 Windows 2019 Server

1. Select the instance and click Connect.

2. Click on the RDP tab and click Download remote desktop file.

3. Open the download location and open the .rdp file. Click on connect.

4. Login using the credentials we created earlier when setting up AWS Managed
Microsoft AD. Click Connect and select More choices. Select Use a different account.
5. Accept the security warning about certificates to begin a Remote Desktop Connection

6. Once you logged in to the windows. Open Control Panel.

7. Click System and Security, click System.

8. Notice that the Amazon EC2 instance has automatically joint the corp.business.local
Active Directory domain.
Managing an AWS Managed Microsoft AD Domain

1. Open Server Manager, click the icon to open the Server Manager Dashboard.
Click Add roles and features.
2. Click Next several times until you reach the Features screen. Select Group Policy
Management, Remote Server Administration Tools, and additionally, select DNS
Server Tools in the Remote Server Administration Tools menu. Cycle through Next a
few times and click Install.
3. Exit Server Manager. Go to Control Panel, System and Security, and Administrative
Tools.
4. Double-click Active Directory Users and Computers.
5. The CORP Organisational Unit has been automatically created, over which we have
full control.

6. Click on the Windows icon, type gpmc.msc, and click on the icon to open the Group
Policy Management console to access a fully featured Group Policy Management
service.
 7. Click on the Windows icon and type gpmc.msc, and click on the icon to open the
Group Policy Management console to access a fully featured Group Policy
Management service.

LAB 5: Adding in Amazon FSx to compute

1. Open the instance and change the security group.

2. Select the default security group from the list, click Add Security Group and click Save.

3. Open rdp, then open File Explorer by using the shortcut Windows Key + E.
4. Enter the DNS name to the Amazon FSx file system into the search. The DNS name is
preceded by two backslashes. Click Enter to see the default file system share.

5. Right-click the Share and on the popup menu, select Map network drive. Accept the
defaults and click Finish.
6. You can use Amazon FSx for Windows File System just like an on-premises file server.
Create a text file on the share. By right-clicking, select New, Text Document. Name the
file test.txt.