Use the AWS CloudFormation console to monitor the status of your AWS CloudFormation stack and detect if stack creation fails. The ArcGIS for Server web GIS templates also create logs, which are copied to a CloudWatch log group, to help you troubleshoot issues.
CloudFormation console Events tab
Log in to the AWS CloudFormation console (which is part of the AWS Management Console) and open the Events tab to find information on stack creation, updates, and deletions. If the stack fails to create, information on the Events tab usually gives you a general idea what has gone wrong.
CloudWatch log group
The Esri sample CloudFormation templates create a CloudWatch log group into which the following log files are copied from the EC2 instance:
| EC2 instance type | Log file and location on EC2 instance | Log file description |
|---|---|---|
Ubuntu | /var/log/cfn-init.log | Log file for the CloudFormation helper script used to retrieve and interpret the resource metadata, install packages, create files, and start services |
/var/log/chef-run.log | Chef configuration management tool log file | |
/var/lib/tomcat7/logs/catalina.out | Apache Tomcat application server log file | |
Windows | C:\cfn\log\cfn-init.log | Log file for the CloudFormation helper script used to retrieve and interpret the resource metadata, install packages, create files, and start services |
C:\chef\chef-run.log | Chef configuration management tool log file |
Note:
Some AWS regions, such as GovCloud and China region, do not have logging implemented. You won't be able to see the log messages for these regions in the AWS Management Console, but you can still check the log files on the instance.
The CloudWatch log group contains log streams, which include the ID of the instance with the log file name. This allows you to identify to which EC2 instance the log file pertains. For example, a log stream of i-c8244b6f/chef-run.log is the Chef configuration management tool log file for EC2 instance i-c8244b6f.
If CloudFormation stack creation succeeds, the stack output parameters provide a link to the log group in the AWS Management Console. If stack creation fails, go to the CloudFormation Resources list in the AWS Management Console to find the log group. Note that if stack creation fails before any instances are launched, a log group might not be created.
By default, AWS deletes CloudWatch log groups if stack creation fails. To prevent this and, therefore, provide you with the log files you need to troubleshoot stack creation failures, the Esri sample CloudFormation templates change this setting so the CloudWatch log groups are not deleted. However, this means you need to clean up the CloudWatch log groups when you no longer need them.
Error messages
The following provides tips to troubleshoot stack creation failure using some of the error messages you may see in the log files:
- If you see the message Error encountered during build of config: Failed to retrieve https:// .s3.amazonaws.com/ in cfn-init.log, ensure the deployment S3 bucket name is correct and that the S3 object key name of authorization files and SSL certificates are correct.
- If you see the message Unable to connect to WebAdaptor URL : https://agsportalssl.esri.com/server/webadaptor in the catalina.out log file on Ubuntu, ensure the SSL certificate in the deployment S3 bucket is valid and in PKCS 12 format. Also be sure the provided SSL certificate password is correct.
- If you see the message OpenSSL::PKCS12::PKCS12Error: PKCS12_parse: mac verify failure in chef-run.log on Windows, ensure the SSL certificate in the deployment S3 bucket is valid and in PKCS 12 format. Also be sure the provided SSL certificate password is correct.