You can use an Esri sample CloudFormation template to federate an existing ArcGIS Server site with an ArcGIS Enterprise portal. You can also add an ArcGIS GIS Server site as a hosting server to the portal.
This template does not deploy new ArcGIS Enterprise software components; it federates an existing ArcGIS Server site with an ArcGIS Enterprise portal.
Tip:
Use this template as part of creating an ArcGIS Enterprise deployment as described in Deploy ArcGIS Enterprise components on separate machines using CloudFormation.Prerequisites
Before you run this template to federate a site, you must have an existing stand-alone ArcGIS Server site (of any license role) and a Portal for ArcGIS deployment in Amazon Web Services (AWS) available. You can use one of the following templates to create a Portal for ArcGIS deployment:
- Single machine Portal for ArcGIS
- Portal for ArcGIS on two machines for high availability
You can also use one of the following templates to create an ArcGIS Server site. The template you use depends on the type of site you need.
- ArcGIS Server site on a single machine
- Multiple machine ArcGIS Server site for high availability
- Single machine ArcGIS GeoEvent Server site
- Single machine ArcGIS Mission Server site
- Multiple machine ArcGIS Mission Server site for high availability
- Single machine ArcGIS Notebook Server site
- Multiple machine ArcGIS Notebook Server site for high availability
- Single machine ArcGIS Workflow Manager site
- Multiple machine ArcGIS Workflow Manager site for high availability
When you configure a hosting server, the ArcGIS Server site must be licensed as an ArcGIS GIS Server site, and the site must have a relational data store configured with it. Use either the ArcGIS Server site on a single machine or a multiple-machine ArcGIS Server site for high availability templates from the previous list to create the site. You can use one of the following ArcGIS Data Store templates to create a relational data store:
- Single machine ArcGIS Data Store template
- Primary-standby ArcGIS Data Store template
Once you have an ArcGIS Server site, portal, and relational data store (if you're adding the site as a hosting server), use the arcgis-server-federate.template.json CloudFormation template to federate the site with the portal.
Parameters
Refer to the following tables for descriptions of the parameters used in this CloudFormation template. Tables are grouped by parameter type.
ArcGIS Server Configuration
Parameter name | Required or not | Parameter description |
---|---|---|
ArcGIS Server Role | Required | Choose the ArcGIS Server role that this site will fill. Available roles are as follows:
|
Site Administrator User Name | Required | Provide the username of the existing primary site administrator. |
Site Administrator User Password | Required | Provide the password of the existing primary site administrator. You can type either a plain text password or the ARN of your secret ID from AWS Secrets Manager. |
ArcGIS Server Services URL | Required | Provide the ArcGIS Server Services URL. If you used an Esri CloudFormation template to create the site, you can obtain this value from the outputs of the site's stack in the AWS CloudFormation service in AWS Management Console. The URL must be in the format: https://<domainname>/<servercontextname or webadaptorname>. If the site includes a web adaptor, the URL includes the web adaptor address, for example, http://webadaptorhost.domain.com/webadaptorname. If you added the ArcGIS Server site to your organization's reverse proxy server, the URL is the reverse proxy server address (for example, https://reverseproxy.domain.com/myort). Note:This URL is also used as the Server Administration URL during the federation operation. The federation operation includes a validation check to determine if the provided URL is accessible from the ArcGIS Server site. If the resulting validation check fails, a warning is generated in the Portal for ArcGIS logs. However, federation will not fail if the services URL fails to validate because the URL may not be accessible from the ArcGIS Server site, such as is the case when the site is behind a firewall. |
ArcGIS Server EC2 Instance ID | Required | Choose one of the EC2 instances that compose the ArcGIS Server site. If the site contains multiple machines, you can choose any of the EC2 instances in the site. Do not choose a file server EC2 instance. |
Portal for ArcGIS configuration
Parameter name | Required or not | Parameter description |
---|---|---|
Portal Administrator User Name | Required | Provide the username of a portal administrator. The username must exist and must be a member of the default administrator role. |
Portal Administrator User Password | Required | Provide the password for the portal administrator you specified for the Portal Administrator User Name parameter. You can type either a plain text password or the ARN of your secret ID from AWS Secrets Manager. |
Portal for ArcGIS EC2 Instance ID | Required | Choose a Portal for ArcGIS EC2 instance. If the portal contains two machines (primary-standby), you can choose either instance. Do not choose a file server EC2 instance. |
Post-federation requirements
This template enables communication between the ArcGIS Server site that you are federating and the Portal for ArcGIS deployment by altering the security group of the ArcGIS Server site to allow all TCP traffic from the portal and altering the portal's security group to all TCP traffic from the ArcGIS Server site. Depending on the type of architecture you deploy, you may need to enable communication between the newly federated ArcGIS Server site and other ArcGIS Server sites or between the ArcGIS Server site and ArcGIS Data Store.
You must sign in to your account in AWS Management Console and alter security groups in the following scenarios:
- If you federated an ArcGIS GeoAnalytics Server site, you must
enable communication between the ArcGIS GeoAnalytics Server site and
the spatiotemporal big data store. To do this, add All TCP traffic in the ArcGIS GeoAnalytics Server site security group with
the source as the spatiotemporal big data store security group. Also, add All TCP traffic in the spatiotemporal big data store
security group with the source as the ArcGIS GeoAnalytics Server security
group.
To output data from GeoAnalytics Tools tools to the relational database, you must use the same method to enable communication between the ArcGIS GeoAnalytics Server site and the relational data store.
-
If you federated an ArcGIS Mission Server site, you must enable communication between the ArcGIS Mission Server site and the relational data store. To do this, add All TCP traffic in the security group of the ArcGIS Mission Server site with the source as the security group of the relational data store. Also, add All TCP traffic in the security group of the relational data store with the source set as the ArcGIS Mission Server site's security group.
If missions will be created as hosted spatiotemporal feature layers, you must use the same method to enable communication between the ArcGIS Mission Server site and the spatiotemporal big data store.
- If you federated an ArcGIS Knowledge Server site, you must enable communication between the ArcGIS Knowledge Server site and the graph store. To do this, add All TCP traffic in the ArcGIS Knowledge Server site security group with the source as the graph store security group. Also, add All TCP traffic in the graph store security group with the source as the ArcGIS Knowledge Server security group.
After you federate an ArcGIS Workflow Manager site with ArcGIS Enterprise, you must restart ArcGIS Workflow Manager on every EC2 instance. See Configure Workflow Manager with an ArcGIS Enterprise portal for details.
Troubleshooting
If you observe any failures when creating this CloudFormation stack, see Troubleshoot ArcGIS deployments on AWS.