Software loaded during CloudFormation stack creation

When you create a deployment using a CloudFormation template provided by Esri, the necessary EC2instances are created and the required software is downloaded and installed on the instances. This operation requires internet access.

On Microsoft Windows operating systems, the following are downloaded and installed:

• Cinc client
• ArcGIS Chef cookbooks
• The latest Microsoft Visual C++redistributable
• Microsoft SQL Server ODBC drivers

On Linux operating systems, the following are downloaded and installed:

• AWS command line interface (CLI)
• jq, autofs, and unzip
• Cinc client
• ArcGIS Chef cookbooks

AWS Systems Manager documents

The AWS CloudFormation templates provided by Esri use the AWS Systems Manager service (SSM) to install various software components on EC2 instances launched during deployment.

When you create a CloudFormation stack, multiple SSM automation documents are created. You can find these documents on the Owned by me tab in the Documents section of the AWS Systems Manager service. You can identify documents created by CloudFormation stacks by viewing the tags attached to them. CloudFormation templates also use SSM Command Documents hosted remotely in Esri software repository Amazon Simple Storage Service (S3) buckets.

IAM role and policy

When you create a deployment using a CloudFormation template provided by Esri, an IAM role and policy are created.

The IAM role is configured with trusted entities that can assume the role and the access conditions for the role. The following is a list of trusted entities that can assume this IAM role:

• ec2.amazonaws.com
• events.amazonaws.com
• lambda.amazonaws.com
• ssm.amazonaws.com

Esri CloudFormation templates also create an IAM policy that is attached to the IAM role. See IAM policies for ArcGIS Enterprise on Amazon Web Services for the policy specification.