CloudFormation templates to set up ArcGIS for Server on Amazon Web Services

The following templates use CloudFormation to automate the deployment of GIS server or web GIS sites on Amazon Web Services (AWS).

Esri CloudFormation templates

Before launching the deployment, read the Readme files for the sample template you want to use. Make sure you follow the directions to set up the required components first.
To set up full stack ArcGIS for Server Web GIS, you need to:
- Obtain the domain for your Web GIS site and an SSL certificate file issued to your domain name.
  - Create an Amazon S3 bucket in your AWS account. This bucket is defined as "DeploymentBucket" in the Parameters.
  - The stack creation process requires you to upload a few files to this bucket so the files can be accessed during the deployment process. These files are:
    - Portal for ArcGIS authorization file, for example, Portal_100.prvc
    - ArcGIS for Server authorization file, for example, Server_Ent_Adv.prvc
    - SSL certificate file issued to your domain name, for example, agswebgis.esri.com.pfx
  - Allocate an ElasticIP in the AWS region where you want to deploy your site.
  - Map the domain name to the Elastic IP you created, for example, through CNAME mapping.
- Click Launch Stack to use a template. You will be taken to the AWS Console. Sign in to your Amazon Web Services account, and enter the required parameters for the template.
- For more information, see the ArcGIS for Server on Amazon help.

Templates for Regular AWS regions

Template Name	Description	View	Launch
ArcGIS for Server WebGIS on one instance in EC2-VPC (Windows)	Provision an ArcGIS site with Portal for ArcGIS, ArcGIS Server, ArcGIS Data Store, and ArcGIS Web Adaptor on one AWS instance. This instance is on Windows 2012 R2. ReadMe	View	Launch Stack
ArcGIS for Server WebGIS on one instance in EC2-VPC (Ubuntu)	Provision an ArcGIS site with Portal for ArcGIS, ArcGIS Server, ArcGIS Data Store, and ArcGIS Web Adaptor on one AWS instance. This instance is on Ubuntu 14.04 LTS. ReadMe	View	Launch Stack
Siloed ArcGIS Server Site in EC2-VPC	Creates an auto scaling group of stand alone ArcGIS Server sites behind an Elastic Load Balancer in Amazon VPC. ReadMe	View	Launch Stack
ArcGIS for Server WebGIS on one instance in EC2-Classic (Windows)	Provision an ArcGIS site with Portal for ArcGIS, ArcGIS Server, ArcGIS Data Store, and ArcGIS Web Adaptor on one AWS instance. This instance is on Windows 2012 R2 ReadMe	View	Launch Stack
ArcGIS for Server WebGIS on one instance in EC2-Classic (Ubuntu)	Provision an ArcGIS site with Portal for ArcGIS, ArcGIS Server, ArcGIS Data Store, and ArcGIS Web Adaptor on one AWS instance. This instance is on Ubuntu 14.04 LTS. ReadMe	View	Launch Stack
Siloed ArcGIS Server Site in EC2-Classic	Creates an auto scaling group of stand alone ArcGIS Server sites behind an Elastic Load Balancer in Amazon EC2-Classic. ReadMe	View	Launch Stack

Templates for GovCloud Region

Template Name	Description	View	Launch
ArcGIS for Server WebGIS on one instance in EC2-VPC (Windows)	Provision an ArcGIS site with Portal for ArcGIS, ArcGIS Server, ArcGIS Data Store, and ArcGIS Web Adaptor on one AWS instance. This instance is on Windows 2012 R2. ReadMe	View	Launch Stack
ArcGIS for Server WebGIS on one instance in EC2-VPC (Ubuntu)	Provision an ArcGIS site with Portal for ArcGIS, ArcGIS Server, ArcGIS Data Store, and ArcGIS Web Adaptor on one AWS instance. This instance is on Ubuntu 14.04 LTS. ReadMe	View	Launch Stack
Siloed ArcGIS Server Site in EC2-VPC	Creates an auto scaling group of stand alone ArcGIS Server sites behind an Elastic Load Balancer in Amazon VPC. ReadMe	View	Launch Stack

Templates for China (Beijing) Region

Template Name	Description	View	Launch
ArcGIS for Server WebGIS on one instance in EC2-VPC (Windows)	Provision an ArcGIS site with Portal for ArcGIS, ArcGIS Server, ArcGIS Data Store, and ArcGIS Web Adaptor on one AWS instance. This instance is on Windows 2012 R2. ReadMe	View	Launch Stack
ArcGIS for Server WebGIS on one instance in EC2-VPC (Ubuntu)	Provision an ArcGIS site with Portal for ArcGIS, ArcGIS Server, ArcGIS Data Store, and ArcGIS Web Adaptor on one AWS instance. This instance is on Ubuntu 14.04 LTS. ReadMe	View	Launch Stack
Siloed ArcGIS Server Site in EC2-VPC	Creates an auto scaling group of stand alone ArcGIS Server sites behind an Elastic Load Balancer in Amazon VPC. ReadMe	View	Launch Stack

Automate CloudFormation Stack creation

Clouldformation stack creation can be ran from command line. You can check Amazon Cloudformation for more information.

Below is a sample python script to create cloudformation stacks. To run it:

Make sure you have Python installed. Python is also installed with ArcGIS Desktop and ArcGIS Server under C:\Python27\ folder or <ArcGIS Server Installation Directory>/arcgis/server/tools on Linux.
Download and install AWS SDK for Python (boto). The easiest way is to install via Pip.
- If you don't have Pip, install Pip following the directions at https://pip.pypa.io/en/stable/installing.html.
- Install Boto by running: pip install boto
Download Esri sample python script and run it will the parameters required by your cloudformation templates.
For examples, ArcGIS for Server WebGIS parameter file cf_parameters.json defines the parameters required to create WebGIS full stack. Modify the parameters accordingly. Run it by typing: python cloudformation_stack_creation.py <Your AWS Access key> <Your AWS Secret Access Key> cf_parameters.json

Troubleshooting Guide

If AWS CloudFormation fails to create a stack, you can check the event tab in CloudFormation console. It usually gives you a general idea what has gone wrong. The "ArcGIS for Server WebGIS" templates also have error messages and logs created with Cloud Watch to help you learn about the issue.

CloudFormation Event Tab

First, use the AWS CloudFormation console to view the status of your stack. In the console, you can view a list of stack events while your stack is being created, updated, or deleted. From this list, find the failure event and then view the status reason for that event. The status reason might contain an error message from AWS CloudFormation or from a particular service that can help you troubleshoot your problem.

CloudWatch Log Group

The "ArcGIS for Server WebGIS" templates write error messages and logs to CloudWatch log group. If stack creation failed during set up of the EC2 instance, check the log files for cfn-init and chef-solo bootstrapping tools for error messages. CloudFormation copies these log files to the CloudWatch log group created for the stack, so there is no need to log in to the instances to get the logs. You can find the CloudWatch log group for failed stacks in the list of resources created for the stack. Log files for successfully created stacks are available in the stack’s output parameters.

The log files copied to CloudWatch log group are from the following location of bootstrapping log files on the EC2 instances:

On Ubuntu instances:
- /var/log/cfn-init.log: The log file for the CloudFormation helper script used to retrieve and interpret the resource metadata, install packages, create files, and start services
- /var/log/chef-run.log: The Chef configuration management tool log file.
- /var/lib/tomcat7/logs/catalina.out: The Tomcat application server log file.

On Windows instances:
- C:\cfn\log\cfn-init.log: The log file for the CloudFormation helper script used to retrieve and interpret the resource metadata, install packages, create files, and start services.
- C:\chef\chef-run.log: The Chef configuration management tool log file.

Note: Some Amazon Web Services regions, like Gov Cloud and China region, do not have Logging implemented. You won't be able to see the loggings in AWS console for these regions. You can still check the log files on the instance.

Error messages

If you see the message "Error encountered during build of config: Failed to retrieve https://<bucket name>.s3.amazonaws.com/<S3 key>" in the cfn-init.log
- Ensure that deployment S3 bucket name is correct.
- Ensure that S3 object key name of authorization files and SSL certificates are correct.

If you see the message "Unable to connect to WebAdaptor URL : https://agsportalssl.esri.com/server/webadaptor" in the chef-run.log and "Failed to initialize connector [Connector[HTTP/1.1-443]]"" in the catalina.out log file on Ubuntu
- Ensure that the SSL certificate in the deployment S3 bucket is a valid SSL certificate in PKCS 12 format.
- Ensure that the provided SSL certificate password is correct.

If you see the message "OpenSSL::PKCS12::PKCS12Error: PKCS12_parse: mac verify failure" in chef-run.log on Windows
- Ensure that the SSL certificate in the deployment S3 bucket is a valid SSL certificate in PKCS 12 format.
- Ensure that the provided SSL certificate password is correct.