Skip To Content

Federate an ArcGIS Server site using CloudFormation

You can use an Esri sample CloudFormation template to federate an existing ArcGIS Server site with an ArcGIS Enterprise portal. You can also add an ArcGIS GIS Server site as a hosting server to the portal.

This template does not deploy new ArcGIS Enterprise software components; it federates an existing ArcGIS Server site with an ArcGIS Enterprise portal.

Tip:
Use this template as part of creating an ArcGIS Enterprise deployment as described in Deploy ArcGIS Enterprise components on separate machines using CloudFormation.

Prerequisites

Before you run this template to federate a site, you must have an existing stand-alone ArcGIS Server site (of any license role) and a Portal for ArcGIS deployment in Amazon Web Services (AWS) available. You can use one of the following templates to create a Portal for ArcGIS deployment:

You can also use one of the following templates to create an ArcGIS Server site. The template you use depends on the type of site you need.

When you configure a hosting server, the ArcGIS Server site must be licensed as an ArcGIS GIS Server site, and the site must have a relational data store configured with it. Use either the ArcGIS Server site on a single machine or a multiple-machine ArcGIS Server site for high availability templates from the previous list to create the site. You can use one of the following ArcGIS Data Store templates to create a relational data store:

Once you have an ArcGIS Server site, portal, and relational data store (if you're adding the site as a hosting server), use the arcgis-server-federate.template.json CloudFormation template to federate the site with the portal.

Parameters

Refer to the following tables for descriptions of the parameters used in this CloudFormation template. Tables are grouped by parameter type.

ArcGIS Server Configuration

Parameter nameRequired or notParameter description

ArcGIS Server Role

Required

Choose the ArcGIS Server role that this site will fill. Available roles are as follows:

  • GISServer—Use when federating an ArcGIS GIS Server or ArcGIS GeoEvent Server site.
  • HostingServer—Use when adding a hosting server to a portal. The site must be an ArcGIS GIS Server site that includes, at a minimum, a relational ArcGIS Data Store.
  • GeoAnalytics—This federates an ArcGIS GeoAnalytics Server site.
  • RasterAnalytics—An ArcGIS Image Server site is required.
  • ImageHosting—An ArcGIS Image Server site is required.
  • KnowledgeServer—This federates an ArcGIS Knowledge Server site.
  • NotebookServer—This federates an ArcGIS Notebook Server site.
  • MissionServer—This federates an ArcGIS Mission Server site.
  • WorkflowManager—This federates an ArcGIS Workflow Manager site.

Site Administrator User Name

Required

Provide the username of the existing primary site administrator.

Site Administrator User Password

Required

Provide the password of the existing primary site administrator.

You can type either a plain text password or the ARN of your secret ID from AWS Secrets Manager.

ArcGIS Server Services URL

Required

Provide the ArcGIS Server Services URL. If you used an Esri CloudFormation template to create the site, you can obtain this value from the outputs of the site's stack in the AWS CloudFormation service in AWS Management Console.

The URL must be in the format: https://<domainname>/<servercontextname or webadaptorname>. If the site includes a web adaptor, the URL includes the web adaptor address, for example, http://webadaptorhost.domain.com/webadaptorname. If you added the ArcGIS Server site to your organization's reverse proxy server, the URL is the reverse proxy server address (for example, https://reverseproxy.domain.com/myort).

Note:

This URL is also used as the Server Administration URL during the federation operation.

The federation operation includes a validation check to determine if the provided URL is accessible from the ArcGIS Server site. If the resulting validation check fails, a warning is generated in the Portal for ArcGIS logs.

However, federation will not fail if the services URL fails to validate because the URL may not be accessible from the ArcGIS Server site, such as is the case when the site is behind a firewall.

ArcGIS Server EC2 Instance ID

Required

Choose one of the EC2 instances that compose the ArcGIS Server site.

If the site contains multiple machines, you can choose any of the EC2 instances in the site.

Do not choose a file server EC2 instance.

Portal for ArcGIS configuration

Parameter nameRequired or notParameter description

Portal Administrator User Name

Required

Provide the username of a portal administrator. The username must exist and the portal administrator must have the default administrator role.

Portal Administrator User Password

Required

Provide the password for the portal administrator you specified for the Portal Administrator User Name parameter. You can type either a plain text password or the ARN of your secret ID from AWS Secrets Manager.

Portal for ArcGIS EC2 Instance ID

Required

Choose a Portal for ArcGIS EC2 instance. If the portal contains two machines (primary-standby), you can choose either instance.

Do not choose a file server EC2 instance.

Post-federation requirements

This template enables communication between the ArcGIS Server site that you are federating and the Portal for ArcGIS deployment by altering the security group of the ArcGIS Server site to allow all TCP traffic from the portal and altering the portal's security group to all TCP traffic from the ArcGIS Server site. Depending on the type of architecture you deploy, you may need to enable communication between the newly federated ArcGIS Server site and other ArcGIS Server sites or between the ArcGIS Server site and ArcGIS Data Store.

You must sign in to your account in AWS Management Console and alter security groups in the following scenarios:

  • If you federated an ArcGIS GeoAnalytics Server site, you must enable communication between the ArcGIS GeoAnalytics Server site and the spatiotemporal big data store. To do this, add All TCP traffic in the ArcGIS GeoAnalytics Server site security group with the source as the spatiotemporal big data store security group. Also, add All TCP traffic in the spatiotemporal big data store security group with the source as the ArcGIS GeoAnalytics Server security group.

    To output data from GeoAnalytics Tools tools to the relational database, you must use the same method to enable communication between the ArcGIS GeoAnalytics Server site and the relational data store.

  • If you federated an ArcGIS Mission Server site, you must enable communication between the ArcGIS Mission Server site and the relational data store. To do this, add All TCP traffic in the security group of the ArcGIS Mission Server site with the source as the security group of the relational data store. Also, add All TCP traffic in the security group of the relational data store with the source set as the ArcGIS Mission Server site's security group.

    If missions will be created as hosted spatiotemporal feature layers, you must use the same method to enable communication between the ArcGIS Mission Server site and the spatiotemporal big data store.

  • If you federated an ArcGIS Knowledge Server site, you must enable communication between the ArcGIS Knowledge Server site and the graph store. To do this, add All TCP traffic in the ArcGIS Knowledge Server site security group with the source as the graph store security group. Also, add All TCP traffic in the graph store security group with the source as the ArcGIS Knowledge Server security group.

After you federate an ArcGIS Workflow Manager site with ArcGIS Enterprise, you must restart ArcGIS Workflow Manager on every EC2 instance. See Configure Workflow Manager with an ArcGIS Enterprise portal for details.

Troubleshooting

If you observe any failures when creating this CloudFormation stack, see Troubleshoot ArcGIS deployments on AWS.