When you launch a CloudFormation stack using one of the Amazon Web Services (AWS) CloudFormation templates provided by Esri, Amazon Elastic Compute Cloud (EC2) instances are created, an AWS Identity Access Management (IAM) role and policy are created, and software is downloaded to and installed on the EC2 instances.
Software loaded during CloudFormation stack creation
When you create a deployment using a CloudFormation template provided by Esri, the necessary EC2instances are created and the required software is downloaded and installed on the instances. This operation requires internet access.
On Microsoft Windows operating systems, the following are downloaded and installed:
- Cinc client
- ArcGIS Chef cookbooks
- The latest Microsoft Visual C++redistributable
- Microsoft SQL Server ODBC drivers
On Linux operating systems, the following are downloaded and installed:
- AWS command line interface (CLI)
- jq, autofs, and unzip
- Cinc client
- ArcGIS Chef cookbooks
AWS Systems Manager documents
The AWS CloudFormation templates provided by Esri use the AWS Systems Manager service (SSM) to install various software components on EC2 instances launched during deployment.
When you create a CloudFormation stack, multiple SSM automation documents are created. You can find these documents on the Owned by me tab in the Documents section of the AWS Systems Manager service. You can identify documents created by CloudFormation stacks by viewing the tags attached to them. CloudFormation templates also use SSM Command Documents hosted remotely in Esri software repository Amazon Simple Storage Service (S3) buckets.
IAM role and policy
When you create a deployment using a CloudFormation template provided by Esri, an IAM role and policy are created.
The IAM role is configured with trusted entities that can assume the role and the access conditions for the role. The following is a list of trusted entities that can assume this IAM role:
- ec2.amazonaws.com
- events.amazonaws.com
- lambda.amazonaws.com
- ssm.amazonaws.com
Esri CloudFormation templates also create an IAM policy that is attached to the IAM role. See IAM policies for ArcGIS Enterprise on Amazon Web Services for the policy specification.
Find the latest Amazon Machine Image (AMI) ID for base Ubuntu AMI from Canonical Ltd.
The majority of CloudFormation templates provided by Esri accept an AMI ID as input but, in most cases, it is not required.
However, when you use CloudFormation templates provided by Esri to create a deployment on Ubuntu EC2 instances in AWS GovCloud, you must provide an AMI ID.
- Access the following URL to find the latest AMI ID of a base Ubuntu AMI from Canonical: https://cloud-images.ubuntu.com/locator/ec2/.
- Apply filters with the following criteria to the information on that web page to retrieve the appropriate AMI ID for the appropriate US AWS GovCloud region:
- Zone—Provide the zone you require, such as us-gov-east-1 or us-gov-west-2.
- Version—20.04 LTS
- Arch—amd64
- Instance Type—hvm:ebs-ssd
- Once you find the base Ubuntu AMI for your region and zone, copy the AMI ID from the AMI-ID column and provide that ID when using Esri CloudFormation templates to deploy on Ubuntu instances in AWS GovCloud.