The Esri arcgis-egdb-postgres.template.json Amazon Web Services (AWS) CloudFormation template creates a Amazon Relational Database Service (RDS) for PostgreSQL instance, creates an enterprise geodatabase in the database, and registers the database with an ArcGIS Server site.
You have the choice to register the database to use for source data for services you publish to an ArcGIS Server site, or you can register a managed database with a stand-alone or federated ArcGIS GIS Server site. Managed databases are supported with GIS Server sites only, and each GIS Server site can have only one managed database. When you publish a feature service to a GIS Server site with a managed database, data is copied from your data source and placed in the managed database.
This template creates the following architecture in Amazon Web Services:
License:
Certain icons in the diagram are used with permission from Amazon Web Services.
Prerequisites
Prerequisites can be grouped by the items—such as files and accounts—that you must obtain and the tasks you must perform before running the CloudFormation template.
Required items
You need the following before running this template:
- An Amazon Web Services account.
The account must have access to basic AWS services such as CloudFormation, Amazon Elastic Compute Cloud (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), Systems Manager, Amazon CloudWatch, Lambda, AWS Identity and Access Management (IAM), Amazon DynamoDB, Secrets Manager, AWS Certificate Manager, and Amazon Relational Database Service (RDS).
- An Amazon Virtual Private Cloud (VPC) and subnets.
You can use one of the following CloudFormation templates to create a VPC: VPC with two public subnets or VPC with two public and private subnets with a NAT Gateway.
- The arcgis-egdb-postgres.template.json CloudFormation template.
Required tasks
Complete the following tasks before running this template:
- Make sure you have an ArcGIS Server site (stand alone or federated) available. Do not use a hosting server.
Tip:
You can use one of the ArcGIS Server templates to create a site before creating an enterprise geodatabase. - Configure passwords in AWS Secrets Manager (optional but recommended).
You can configure the passwords for accounts such as the RDS master user, in AWS Secrets Manager. This provides you with a secret Amazon Resource Name (ARN). Use the ARN in place of a password in the template parameters when you launch a stack.
It's a security best practice to manage your passwords using AWS Secrets Manager. If you don't use AWS Secrets Manager to store passwords, you must enter passwords in plain text in the template parameter when launching the stack. For more information on creating an Amazon Resource Name for passwords, see AWS CloudFormation and ArcGIS.
Tip:
By default, CloudFormation deletes partially created resources if stack creation fails. This is helpful because it removes unusable deployments from your account, but it can make it difficult to troubleshoot. To retain the stack in its failed state, disable the Rollback on failure CloudFormation stack creation option before launching the stack. See Setting AWS CloudFormation options in the AWS help for more information.
Parameters
Refer to the following tables for descriptions of the parameters used in this CloudFormation template. Tables are grouped by parameter type.
Amazon VPC Configuration
Parameter name | Required? | Parameter description |
---|---|---|
VPC ID | Required | Choose a VPC ID. Note:This must be the same VPC as the ArcGIS GIS Server site to which you're registering this database. |
Subnet ID 1 | Required | Choose a subnet ID. The subnet ID that you select must be within the VPC you have selected above. If you used an Esri CloudFormation template to create the VPC, you can get the subnet ID from that template's output parameters. |
Subnet ID 2 | Required | Choose a second subnet ID. This must be a different subnet ID than you used for the Subnet ID 1 parameter. The subnet ID that you select must be within the VPC you specified for this deployment. If you used an Esri CloudFormation template to create the VPC, you can get the subnet ID from that template's output parameters. |
ArcGIS Server Configuration
Parameter name | Required? | Parameter description |
---|---|---|
Site Administrator User Name | Required | Provide the user name for the ArcGIS Server primary site administrator of the existing ArcGIS Server site with which you are registering the geodatabase. |
Site Administrator User Password | Required | Provide the password for the ArcGIS Server primary site administrator. You can either type a plain text password or the ARN of your secret ID from AWS Secrets Manager. For more information on creating an Amazon Resource Name for passwords, see AWS CloudFormation and ArcGIS. The password or secret ID you provide must match that of the existing primary site administrator. |
ArcGIS Server EC2 Instance ID | Required | Choose an EC2 instance ID where your ArcGIS Server site is configured. Note:If you are registering the database with a multimachine ArcGIS Server site, you can choose any EC2 instance ID from the ArcGIS Server site. Do not choose a file server EC2. |
Windows arcgis user password | Conditional | Provide a password for the arcgis user. The arcgis user is a local Windows login used to run the ArcGIS software services; therefore, this password is only required if you deploy on Windows. You can either enter a plain text password or the ARN of your secret ID from AWS Secrets Manager. It's a best practice to manage your passwords in AWS Secrets Manager. For information on creating an Amazon Resource Name for passwords, see AWS CloudFormation and ArcGIS. |
Managed Geodatabase | Required | Choose true if you want the enterprise geodatabase to be configured as the managed database. A managed database is only supported for stand-alone or federated ArcGIS GIS Server sites and not for the hosting server or other ArcGIS Server roles. The default value is false, which means the geodatabase will be configured as a registered database. |
ArcGIS Enterprise Geodatabase Configuration in Amazon RDS for PostgreSQL
Parameter name | Required? | Parameter description |
---|---|---|
RDS Instance Class | Required | Choose the Amazon RDS instance class. The default value is db.m5.xlarge. |
RDS Allocation Storage | Required | Provide the allocated storage size of the Amazon RDS instance in gigabytes (GB). The default is 200 GB. The minimum is 200 GB. The maximum is 4096 GB. |
RDS Version | Required | Choose the Amazon RDS for PostgreSQL engine version. The default is 12.4. See Requirements for using ArcGIS with databases in the cloud for supported versions. |
Database Instance Identifier Name | Required | Provide the database instance identifier name. The name must begin with a letter and contain only alphanumeric characters. The minimum length is 3 and the maximum is 63. |
RDS Master User Name | Required | Provide an Amazon RDS master user name. The name must begin with a letter and contain only alphanumeric characters. |
RDS Master User Password | Required | Provide a password for the Amazon RDS master user. You can either type a plain text password or the ARN of your secret ID from AWS Secrets Manager. It's a best practice to manage your passwords/secrets through AWS Secrets Manager. The password must be alphanumeric characters. The minimum length is 8 characters. For more information on creating an Amazon Resource Name for passwords, see AWS CloudFormation and ArcGIS. |
Outputs
When your stack is created successfully, you can see the following output parameters on the Outputs tab of the CloudFormation stack in AWS Management Console.
Output name | Output description |
---|---|
DeploymentLogsURL | This is the URL for the Amazon CloudWatch logs where all deployment logs are stored. You can refer to these logs for troubleshooting purposes if your deployment fails. |
DatabaseEndpointAddress | The Amazon RDS endpoint address. |
Considerations
The following are important points to consider after creating a CloudFormation stack containing ArcGIS deployments:
- Each time you run this template to register a database with an ArcGIS Server site, even if it is the same ArcGIS Server site, a new Amazon RDS for PostgreSQL instance is created.
- Do not delete any AWS resource created by this CloudFormation template. If you want to know what AWS resources have been created by this template, refer to the Resources tab of this stack in the AWS Management Console. Each resource created by an Esri CloudFormation template also has metadata tags. However, some of the resources do not show tags in the AWS Management Console.
- If you use AWS Secrets Manager for passwords, such as the site administrator user password or the Windows arcgis user password, and later (after you create the deployment) you change those passwords, be sure you update the appropriate AWS Secrets Manager ARN's with the updated passwords.
Troubleshooting
If you observe any failures when creating this CloudFormation stack, see Troubleshoot ArcGIS deployments on AWS.