Skip To Content

Build an ArcGIS Server site on Amazon Web Services using Cloud Builder

ArcGIS Server Cloud Builder on Amazon Web Services is a downloadable desktop application that helps you create a stand-alone ArcGIS Server site on Amazon Web Services (AWS). The steps below explain how to create a site using Cloud Builder.

Configure ArcGIS Server Cloud Builder on Amazon Web Services

You need the following to use ArcGIS Server Cloud Builder on Amazon Web Services:

  • An Amazon account
  • An Esri Amazon Machine Image (AMI)

    Note:

    Before using an AMI for the first time, you must accept terms on the AWS Marketplace.

  • An Amazon Identity and Access Management (IAM) services policy and user
  • The Access Key and Secret Access Key of the IAM user
  • The ArcGIS Server Cloud Builder on Amazon Web Services application
  • An ArcGIS Server license file

  1. Download, install, and launch ArcGIS Server Cloud Builder on Amazon Web Services.

    You can access the Cloud Builder download when logged in to My Esri. It is listed with your other Esri software downloads. You need to have purchased ArcGIS Server (basic) or ArcGIS Enterprise before you can see the download.

  2. Log in to the AWS Management Console and create an IAM group policy that includes the following resource privileges:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "iam:GetUser",
                    "iam:ListServerCertificates",
                    "iam:UploadServerCertificate"
                ],
                "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": "s3:*",
                "Resource": [
                    "arn:aws:s3:::arcgis101-sites-*",
                    "arn:aws:s3:::arcgis101sp1-sites-*",
                    "arn:aws:s3:::arcgis101sp2-sites-*",
                    "arn:aws:s3:::arcgis102-sites-*",
                    "arn:aws:s3:::arcgis1021-sites-*",
                    "arn:aws:s3:::arcgis1031-sites-*"
                ]
            },
            {
                "Effect": "Allow",
                "Action": [
                    "ec2:AttachInternetGateway",
                    "ec2:AuthorizeSecurityGroupIngress",
                    "ec2:CreateImage",
                    "ec2:CreateInternetGateway",
                    "ec2:CreateKeyPair",
                    "ec2:CreateRoute",
                    "ec2:CreateSecurityGroup",
                    "ec2:CreateSubnet",
                    "ec2:CreateTags",
                    "ec2:CreateVpc",
                    "ec2:DeleteSecurityGroup",
                    "ec2:DeleteSnapshot",
                    "ec2:DeregisterImage",
                    "ec2:DescribeAvailabilityZones",
                    "ec2:DescribeImages",
                    "ec2:DescribeInstances",
                    "ec2:DescribeKeyPairs",
                    "ec2:DescribeRegions",
                    "ec2:DescribeRouteTables",
                    "ec2:DescribeSecurityGroups",
                    "ec2:DescribeSubnets",
                    "ec2:DescribeVolumes",
                    "ec2:DescribeVpcs",
                    "ec2:ModifyImageAttribute",
                    "ec2:ModifyInstanceAttribute",
                    "ec2:RunInstances",
                    "ec2:StartInstances",
                    "ec2:StopInstances",
                    "ec2:TerminateInstances"
                ],
                "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "elasticloadbalancing:ConfigureHealthCheck",
                    "elasticloadbalancing:CreateLoadBalancer",
                    "elasticloadbalancing:CreateLoadBalancerListeners",
                    "elasticloadbalancing:DeleteLoadBalancer",
                    "elasticloadbalancing:DeleteLoadBalancerListeners",
                    "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
                    "elasticloadbalancing:DescribeInstanceHealth",
                    "elasticloadbalancing:DescribeLoadBalancers",
                    "elasticloadbalancing:RegisterInstancesWithLoadBalancer"
                ],
                "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "cloudwatch:PutMetricAlarm",
                    "cloudwatch:DescribeAlarms",
                    "cloudwatch:DeleteAlarms"
                ],
                "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "autoscaling:CreateAutoScalingGroup",
                    "autoscaling:CreateLaunchConfiguration",
                    "autoscaling:DeleteAutoScalingGroup",
                    "autoscaling:DeleteLaunchConfiguration",
                    "autoscaling:DeletePolicy",
                    "autoscaling:DescribeAutoScalingGroups",
                    "autoscaling:DescribeAutoScalingInstances",
                    "autoscaling:DescribeLaunchConfigurations",
                    "autoscaling:DescribePolicies",
                    "autoscaling:DescribeScalingActivities",
                    "autoscaling:PutScalingPolicy",
                    "autoscaling:UpdateAutoScalingGroup"
                ],
                "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "rds:AddTagsToResource",
                    "rds:AuthorizeDBSecurityGroupIngress",
                    "rds:CreateDBInstance",
                    "rds:CreateDBSecurityGroup",
                    "rds:CreateDBSnapshot",
                    "rds:CreateDBSubnetGroup",
                    "rds:CreateOptionGroup",
                    "rds:DeleteDBInstance",
                    "rds:DeleteDBSecurityGroup",
                    "rds:DeleteDBSnapshot",
                    "rds:DeleteOptionGroup",
                    "rds:DescribeDBInstances",
                    "rds:DescribeDBSnapshots",
                    "rds:DescribeDBSecurityGroups",
                    "rds:DescribeOptionGroups",
    		"rds:DescribeDBSubnetGroups",
                    "rds:ModifyDBInstance",
                    "rds:ModifyOptionGroup",
                    "rds:RestoreDBInstanceFromDBSnapshot"
                ],
                "Resource": "*"
            }
        ]
    }

  3. Create an IAM user and attach this policy to the user.
  4. When you create the IAM user, download its Access Key and Secret Access Key.

    Caution:

    You can only download the Access Key and Secret Access Key at the time you create the user.

  5. Log in using the Access Key and Secret Access Key belonging to the IAM user.

Launch an AWS instance

The ArcGIS Server Cloud Builder on Amazon Web Services takes you through the steps to create an AWS instance.

General settings

  1. Click the Sites tab and click Create Site.
  2. Type a name and description for your site.

    The name will be applied to various resources that the app creates for you in AWS so you can easily identify them.

  3. Use the Software drop-down list to choose the AMI used to launch your instance. You can use the Esri Windows or Ubuntu Linux AMIs, or you can use a site template that you've previously configured to contain your own software, data, and services.
  4. Browse to the ArcGIS Server license file (with extension .prvc) to license your site. If you need help creating a .prvc file, see Frequently asked questions.
  5. Click Next to proceed to the next panel.

Amazon Web Services settings

Define AWS settings for your site.

  1. Choose the AWS region to be used for your site.

    A region represents an Amazon data center complex in a certain area of the world. A site cannot be distributed across regions, although you can maintain a second site in an alternate region for redundancy.

  2. Choose to launch in a new or existing Amazon EPC-VPC (Virtual Private Cloud).
    • You can use a VPC that you created in the Amazon Web Services Console. Cloud Builder detects the existing subnets for the existing VPC you specify.
      Note:

      If you use an existing VPC with an ArcGIS Server installation on Ubuntu AMI, you must set the following Dynamic Host Configuration Protocol options on the VPC before proceeding:

      • domain-name-servers=AmazonProvidedDNS
      • domain-name={ec2.internal|<region>.compute.internal}

        If you launch the instance in the AWS us-east-1 region, you must set domain-name to ec2.internal. If you launch in any other region, set domain-name to the region name suffixed with .compute.internal. For example, if you launch in AWS region sa-east-1, set domain-name=sa-east-1.compute.internal.

    • If you do not have an existing VPC you want to use, choose the option to create a new VPC. Cloud Builder creates a VPC and a subnet in every valid availability zone.
  3. Choose a key pair to use for this site. A key pair is required if you ever want to log in to one of the instances in your site. You can use an existing key pair or create a new one.
    • To use an existing key pair, select one from the drop-down list. This list only contains key pairs from the region in which you are working.
    • If you create a new key pair, a .pem file is placed in your Windows Documents folder under ArcGISCloudBuilder. For example, the path to your key pair file might look like C:\Users\username\Documents\ArcGISCloudBuilder\arcgis-TestSite.pem. You should move this file to a secure location and keep it available for future use.
  4. Click Next to proceed to the next panel.

ArcGIS Server instance settings

Specify settings for the instances that comprise your ArcGIS Server.

Caution:

The instance type, as well as the minimum and maximum number of instances you choose, can greatly affect the amount of money that you are charged by AWS. Before choosing these settings, carefully estimate your site usage and the server power you'll need to accommodate that usage.

  1. Choose the instance type to be used in your site.

    The instances available to you will vary slightly depending on which region you are using. However, micro instances are not available in any region because they do not meet the minimum memory requirement for ArcGIS Server.

  2. Choose the size of the Amazon Elastic Block Store (EBS) volume to attach to each ArcGIS Server instance in your site. This EBS volume will be visible as a local disk drive to which you can upload your data. Your ArcGIS Server configuration store and server directories will also be placed on this drive on one of the instances.
  3. Choose whether the root drive and attached EBS volume should be deleted when the site is terminated.

    Preserving the drives allows you to attach it to other sites in the future if you choose. However, you must remember to delete the drives manually when they are no longer needed. You will incur charges for the drives as long as they exist.

  4. The next two steps apply to ArcGIS Server enterprise licensed sites only.

  5. Choose the number of AWS instances that will participate in your site.

    The Number of instances property represents the minimum number of instances that will be launched when the site is created.

    License:

    Do not run ArcGIS Server on a greater number of CPU cores than you have licensed with Esri, regardless of whether the cores are in the cloud or on-premises. Also be aware that you are responsible for all Amazon Web Services charges you incur for AWS instances and other resources launched using Cloud Builder.

  6. Optionally check Enable auto-scaling to launch or terminate new AWS instances automatically based on usage triggers that you specify.

    Autoscaling monitors site usage and adds or removes instances based on the CPU usage and duration. When more people and applications access your site, more instances are added to it. When demand decreases, instances are removed. Instances will never be fewer than the number you specify for Number of instances and will never exceed the number you specify for Maximum number of instances.

    Amazon CloudWatch is the service that provides CPU monitoring on your instances and makes the autoscaling triggers possible. You will see an extra fee applied for the CloudWatch service if you choose to enable autoscaling.

    1. Set the Maximum number of instances that can be launched.
    2. Specify the percent CPU usage and duration that will cause an instance to be removed from your site.
    3. Specify the percent CPU usage and duration that will cause an instance to be added to your site.

    For example, if you keep the default settings, when your site experiences over 80 percent CPU usage for five consecutive minutes, a new ArcGIS Server machine is added to the site unless you have reached the maximum number of instances you specified. When your CPU usage goes below 20 percent for five consecutive minutes, an ArcGIS Server machine is removed from your site and terminated unless your site has been reduced to the original number of instances you specified.

  7. Click Next to proceed to the next panel.

Geodatabase settings

You can choose to include geodatabases in your site by checking Include enterprise geodatabase. Relational database management system options vary depending on which AMI and ArcGIS license you use to launch your site.

  • If you are using an ArcGIS Server (basic level, workgroup edition) or ArcGIS Enterprise (workgroup edition) license, you can create a site that includes Microsoft SQL Server Express on an ArcGIS Server EC2 instance.
  • If you are using an ArcGIS Server (basic level, enterprise edition) or ArcGIS Enterprise (enterprise edition) license and Esri Ubuntu Linux AMI, you can create a site that includes one of the following:
    • PostgreSQL on an ArcGIS Server EC2 instance
    • PostgreSQL on its own dedicated EC2 instance
    • Amazon RDS for PostgreSQL
  • If you are using an ArcGIS GIS Server enterprise edition license and Esri Windows AMI, you can create a site that includes one of the following:
    • Microsoft SQL Server Express on an ArcGIS Server EC2 instance
    • Amazon RDS for Microsoft SQL Server
    • Amazon RDS for PostgreSQL

Relational database management systems running on their own dedicated EC2 instance require that you specify the instance type, EBS volume size, and whether the volume should be deleted at the time the site is terminated. Be aware that all these settings affect the amount charged to your Amazon account.

Amazon RDS for Microsoft SQL Server and Amazon RDS for PostgreSQL always run on their own dedicated instances, for which you must specify the instance class and allocated storage size. You must additionally choose the subnet group.

Click Next to proceed to the next panel once you have made your selections.

Security settings

You must create a primary site administrator for ArcGIS Server. You can also specify an SSL certificate for encrypted communication.

  1. Type the user name and password to use for the ArcGIS Server primary site administrator account.

    The primary site administrator is not an operating system account; it is an account built into ArcGIS Server that you create at this time. You'll use this account for logging in to ArcGIS Server Manager and making connections to your server until you are able to further configure security on your site.

    The password must be 8 to 16 characters in length and cannot contain a forward slash (/) or at sign (@).

    If you choose to include an enterprise geodatabase in Amazon RDS for SQL Server in your site, the password you use for the primary site administrator is also used for the database users that the geodatabase requires.

  2. Choose whether to install an SSL certificate when the site is created. This allows encrypted communication with your site. See Set up SSL using Cloud Builder to learn more about this option.
  3. Click Next to proceed to the summary panel.

Review settings and create the site

Review the settings for the site. Click Back to make changes on a previous panel; otherwise, click Finish to create the site.

Site creation can take a while. A series of messages will appear explaining what the application is doing while it is creating the site.

Caution:

You must remain logged in to Cloud Builder until site creation is complete.

The site with the resources you specified is created on EC2. These include one or more instances with Amazon CloudWatch enabled, EBS volumes, and an Elastic Load Balancer (ELB). You immediately begin incurring charges for these. To learn more about the costs of these resources, see http://aws.amazon.com/pricing/ec2.

The next steps

You'll need to connect to the server to load and publish data. Remote access to your instances is not enabled by default. See the following topics for help if you want to log in to one of your EC2 instances:

Sites that include geodatabases in PostgreSQL also require that you change passwords for security reasons. You can also change the password of the administrator login on Windows instances.