Deploying this Quick Start for a new virtual private cloud (VPC) with
default parameters builds the following {partner-product-short-name} environment in the
AWS Cloud.

// Replace this example diagram with your own. Send us your source PowerPoint file. Be sure to follow our guidelines here : http://(we should include these points on our contributors giude)
:xrefstyle: short
[#architecture1]
.Quick Start architecture for {partner-product-short-name} on AWS
image::../images/cmmc-active-directory-architecture-diagram.png[Architecture]

As shown in <<architecture1>>, the Quick Start sets up the following:

* A highly available architecture that spans two Availability Zones.*
* A VPC configured with public and private subnets, according to AWS
best practices, to provide you with your own virtual network on AWS.*
* In the public subnets:

** Managed network address translation (NAT) gateways to allow outbound
internet access for resources in the private subnets.*
** A Remote Desktop Gateway (RD Gateway) in an Auto Scaling group to allow inbound Remote Desktop Protocol (RDP) access to Amazon Elastic Compute Cloud (Amazon EC2) instances in public and private subnets. An RD Gateway is deployed in Availability Zone 2 only if Availability Zone 1 becomes unavailable.*

* In the private subnets:

** An offline root certificate authority.
** Two Active Directory domain controllers.
** An online subordinate certificate authority.
// Add bullet points for any additional components that are included in the deployment. Make sure that the additional components are also represented in the architecture diagram. End each bullet with a period.

* Amazon S3 Federal Information Processing Standards (FIPS) endpoints for accessing Group Policy Objects (GPOs), logs, certificate revocation lists (CRLs), and setup files.
* Lambda functions to check for and import new GPOs.
* AWS Systems Manager automation to import GPOs and set up both the Active Directory domain controllers and the certificate authority.
* AWS Secrets Manager to store credentials.
* An AWS Key Management Service (AWS KMS) customer master key (CMK) to use with Amazon Elastic Block Store (Amazon EBS) and AWS Secrets Manager encryption.
* Encrypted Amazon EBS volumes for the Amazon EC2 instances. 

[.small]#*The template that deploys the Quick Start into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.#