The Esri arcgis-portal-ha-upgrade.template.json Amazon Web Services (AWS) CloudFormation template upgrades two Amazon Elastic Compute Cloud (EC2) instances with Portal for ArcGIS 10.9, 10.9.1, or 11.0 installed, which were created using the template described in Deploy Portal for ArcGIS on two machines for high availability using CloudFormation.
The arcgis-portal-ha-upgrade.template.json template upgrades the following products configured on two identical EC2 instances:
- Portal for ArcGIS
- ArcGIS Web Adaptor
Prerequisites can be grouped by the items—such as files and accounts—that you must obtain and the tasks you must perform before running the CloudFormation template.
You need the following before running this template:
- An Amazon Web Services account with access to the deployment to be upgraded.
- A Portal for ArcGIS license file (.json).
- An SSL certificate file or certificates (in .pfx format) and corresponding passwords. Certificates must be from a certifying authority.
- An existing highly available Portal for ArcGIS deployment that you created using the Esri Amazon Web Services CloudFormation template arcgis-portal-ha.template.json.
- The upgrade CloudFormation template, arcgis-portal-ha-upgrade.template.json.
To upgrade your deployment, run this upgrade CloudFormation template, which will create a new CloudFormationstack. Do not update the existing deployment CloudFormation stack using this template.
Complete the following tasks before running this template:
- Prepare a deployment Amazon Simple Storage Service (S3) bucket in your AWS account. You will specify the bucket name in the template when you launch the stack.
- Create a bucket or use an existing S3 bucket. You must be the owner of the bucket.
- Upload your ArcGIS software authorization files to the bucket.
- Upload your SSL certificate file to the deployment bucket.
- Configure passwords in AWS Secrets Manager (optional but recommended).
You can configure the passwords for accounts such as the site administrator username and the Windows arcgis user password in AWS Secrets Manager. This provides you with a secret Amazon Resource Name (ARN). Use the ARN in place of a password in the template parameters when you launch a stack. If you don't use AWS Secrets Manager for storing passwords, you must type passwords in plain text in the template parameter when launching the stack.
When creating a secret ARN in AWS Secrets Manager for a password to be used with Esri CloudFormation templates, you must use the Other types of secrets secret type and use the Plaintext option. For more information on creating an Amazon Resource Name for passwords, see AWS CloudFormation and ArcGIS.
By default, CloudFormation deletes partially created resources if stack creation fails. This is helpful because it removes unusable deployments from your account, but it can make it difficult to troubleshoot. To retain the stack in its failed state, disable the Rollback on failure CloudFormation stack creation option before launching the stack. See Setting AWS CloudFormation options in the AWS help for more information.
The following table contains the parameters used in this template and a description of each parameter.
Portal for ArcGIS Configuration
|Parameter name||Required?||Parameter description|
Choose the platform type of your existing Portal for ArcGIS deployment.
Primary Portal for ArcGIS EC2 Instance ID
Choose the instance ID of the primary EC2 instance in your existing Portal for ArcGIS deployment.
If you created the existing deployment using an Esri CloudFormation template or ArcGIS Enterprise Cloud Builder for AWS, you can find the instance ID in the existing CloudFormation stack's Resources section in AWS Management Console. The logical ID of the resource is PortalForArcGISPrimaryEC2Instance.
Standby Portal for ArcGIS EC2 Instance ID
Choose the instance ID of the standby EC2 instance in your existing Portal for ArcGIS deployment.
If you created the existing deployment using an Esri CloudFormation template or ArcGIS Enterprise Cloud Builder for AWS, you can find the instance ID in the existing CloudFormation stack's Resources section in AWS Management Console. The logical ID of the resource is PortalForArcGISStandbyEC2Instance.
Deployment Bucket Name
Provide the name of the Amazon S3 bucket that contains your software license files and SSL certificates. This bucket must already exist and contain the license file and SSL certificate for your deployment.
You must be the owner of the bucket and it must reside in the same AWS account as your deployment.
License File Name
Provide the Portal for ArcGIS authorization file object key name. You must upload the license file (.json file) to the deployment bucket before launching this stack. You can get the file object key name by browsing to the file in the deployment bucket in the AWS S3 console, for example, portal.json or resources/licenses/portal/portal.json.
License file names are case sensitive. Ensure that you type the correct name and case.
Administrator User Name
Provide a user name for the initial portal administrator of your existing deployment.
Administrator User Password
Provide a password for the initial portal administrator of your existing deployment.
You can either type a plain text password or the ARN of your secret ID from AWS Secrets Manager.
Windows arcgis user password
This password is only required if you deployed on Windows. Provide the password for the arcgis user of your existing deployment.
You can either enter a plain text password or the ARN of your secret ID from AWS Secrets Manager.
It's a best practice to manage your passwords in AWS Secrets Manager. For information on creating an Amazon Resource Name for passwords, see AWS CloudFormation and ArcGIS.
Provide the fully qualified domain name of your existing Portal for ArcGIS deployment.
Web Adaptor Name
Provide the Portal Web Adaptor name of your existing Portal for ArcGIS deployment.
Leave this parameter empty if you did not provide a Portal Web Adaptor name when you created your existing deployment.
SSL Certificate File Name
Provide an SSL certificate from a certifying authority (.pfx file). Use the same (or renewed) SSL certificate used when you created your existing deployment.
You must upload the certificate to the deployment bucket before launching this stack. You can get the file object key name by browsing to the file within the deployment bucket in the AWS S3 console, for example, domainname.pfx or resources/sslcerts/domainname.pfx.
Leave this parameter empty if you did not provide an SSL Certificate File Name when you created your existing deployment.
SSL Certificate Password
Provide the password for the SSL certificate. You can either type a plain text password or the ARN of your secret ID from AWS Secrets Manager. For information on creating an Amazon Resource Name for passwords, see AWS CloudFormation and ArcGIS.
Leave this parameter empty if you did not provide an SSL Certificate File Name value.
When your stack is created successfully, you can see the following output parameters on the Outputs tab of the CloudFormation stack in AWS Management Console.
|Output name||Output description|
The URL to access the portal.
This is the URL for the Amazon CloudWatch logs where all deployment logs are stored. You can refer to these logs for troubleshooting purposes if your deployment fails.
The following are important points to consider after creating a CloudFormation stack containing ArcGIS deployments:
- Once your stack is created successfully (in other words, the stack status is CREATE_COMPLETE), that means your Portal for ArcGIS deployment is upgraded successfully. You can validate this by signing into the portal website.
- If the CloudFormation stack failed to create successfully (in other words, the stack status is CREATE_FAILED), you can troubleshoot the error as mentioned in the page linked to from the Troubleshooting section below. After pinpointing the root cause of the error and taking required action, you can delete the failed stack and create a new one to upgrade the existing Portal for ArcGIS deployment.
- If you receive a notice regarding licenses when you sign in to the portal after an upgrade, you may not have imported a license file that meets your current licensing configuration, or your users may be assigned a temporary user type. See Considerations after upgrading Portal for ArcGIS in the Portal for ArcGIS installation guide.
If you observe any failures when creating this CloudFormation stack, see Troubleshoot ArcGIS deployments on AWS.