{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "ArcGIS CloudFormation Template: Provisions a ArcGIS site with Portal for ArcGIS, ArcGIS Server, ArcGIS Data Store and ArcGIS Web Adaptor on an EC2 instance running Ubuntu Linux 16.04 LTS. **WARNING** You will be billed by AWS for the AWS resources if you create a stack from this template.", "Mappings" : { "RegionMap" : { "ap-northeast-1": { "en": "ami-c4ac37a2" }, "ap-northeast-2": { "en": "ami-6c74d402" }, "ap-south-1": { "en": "ami-574b1c38" }, "ap-southeast-1": { "en": "ami-fd087a81" }, "ap-southeast-2": { "en": "ami-fe7b869c" }, "ca-central-1": { "en": "ami-e39c1987" }, "eu-central-1": { "en": "ami-f9e87596" }, "eu-west-1": { "en": "ami-47de433e" }, "eu-west-2": { "en": "ami-c2445fa6" }, "sa-east-1": { "en": "ami-5d8bc931" }, "us-east-1": { "en": "ami-f6a0fa8c" }, "us-east-2": { "en": "ami-f4664c91" }, "us-west-1": { "en": "ami-33303353" }, "us-west-2": { "en": "ami-52fa4c2a" } } }, "Parameters": { "DeploymentBucket": { "Description": "S3 bucket for license files and SSL certificates", "Type": "String", "AllowedPattern": "^([a-z]|(\\d(?!\\d{0,2}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})))([a-z\\d]|(\\.(?!(\\.|-)))|(-(?!\\.))){1,61}[a-z\\d\\.]$", "ConstraintDescription": "A Bucket's name can be between 6 and 63 characters long, containing lowercase characters, numbers, periods, and dashes and it must start with a lowercase letter or number." }, "DriveSizeRoot": { "Default": "100", "Description": " The size of the Root Drive in GB. ", "Type": "Number", "MinValue": "100", "MaxValue": "1024", "ConstraintDescription": " Must be between 100 and 1024 GB. " }, "DriveSizeData": { "Default": "100", "Description": " The size of the Data Drive - /gisdata folder in GB. ", "Type": "Number", "MinValue": "10", "MaxValue": "1024", "ConstraintDescription": " Must be between 10 and 1024 GB. " }, "InstanceType": { "Description": "The EC2 instance type", "Type": "String", "AllowedValues": [ "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "c5.large", "c5.xlarge", "c5.2xlarge", "c5.4xlarge", "c5.9xlarge", "c5.18xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "r4.large", "r4.xlarge", "r4.2xlarge", "r4.4xlarge", "r4.8xlarge", "r4.16xlarge", "t2.large", "t2.xlarge", "t2.2xlarge", "x1.16xlarge", "x1.32xlarge" ], "Default": "m4.xlarge" }, "BDSInstanceType": { "Description": "Spatio-temporal Big Data Store EC2 instance type", "Type": "String", "AllowedValues": [ "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "c5.large", "c5.xlarge", "c5.2xlarge", "c5.4xlarge", "c5.9xlarge", "c5.18xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "r4.large", "r4.xlarge", "r4.2xlarge", "r4.4xlarge", "r4.8xlarge", "r4.16xlarge", "t2.large", "t2.xlarge", "t2.2xlarge", "x1.16xlarge", "x1.32xlarge" ], "Default": "m4.large" }, "BDSInstances" : { "Description" : "Number of spatio-temporal Big Data Store EC2 instances", "Type" : "Number", "Default" : "0", "AllowedValues" : [0, 1] }, "KeyName": { "Description": "The EC2 KeyPair to allow remote access to the instances", "Type": "AWS::EC2::KeyPair::KeyName" }, "StoreType": { "Description": "ArcGIS Server config store and Portal for ArcGIS content store type", "Type": "String", "AllowedValues": ["CloudStore", "FileSystem"], "Default": "FileSystem" }, "ServerLicenseFile": { "Description": "ArcGIS Server authorization file (must be uploaded to DeploymentBucket)", "Type": "String", "AllowedPattern": "^([\\w\\-\\.]+)+\\.(ecp|prvc)$", "ConstraintDescription": "License file name must be alphanumeric. It can contain dash ('-'), dot ('.'), and underscore ('_') characters. The file name must end with '.ecp' or '.prvc'." }, "PortalLicenseFile": { "Description": "Portal for ArcGIS authorization file (must be uploaded to DeploymentBucket)", "Type": "String", "AllowedPattern": "^([\\w\\-\\.]+)+\\.(ecp|prvc)$", "ConstraintDescription": "License file name must be alphanumeric. It can contain dash ('-'), dot ('.'), and underscore ('_') characters. The file name must end with '.ecp' or '.prvc'." }, "SiteAdmin": { "Description": "User name for ArcGIS Server site admin and Portal initial admin accounts", "Type": "String", "Default": "admin", "AllowedPattern": "^[a-zA-Z][a-zA-Z0-9_]{4,}$", "ConstraintDescription": "User name must be 4 or more alphanumeric or underscore (_) characters and must start with a letter." }, "SiteAdminPassword": { "Description": "Password for the site admin account", "Type": "String", "NoEcho": "true", "AllowedPattern": "^[a-zA-Z0-9_\\.@]{8,}$", "ConstraintDescription": "Password must be 8 or more alphanumeric, underscore (_), at ('@'), or dot (.) characters." }, "SiteEIPAllocationID": { "Description": "Allocation ID of Elastic IP address for VPC (eipalloc-XXXXXXXX)", "Type": "String", "AllowedPattern": "eipalloc-.*" }, "SiteDomain": { "Description": "The domain name of your ArcGIS site", "Type": "String", "AllowedPattern": "^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9-]*[a-zA-Z0-9]).)*([a-zA-Z]|[a-zA-Z][a-zA-Z0-9-]*[a-zA-Z0-9])$", "ConstraintDescription": "The domain name is invalid." }, "SSLCertificateFile": { "Description": "SSL certificate file issued to the site domain (must be uploaded to DeploymentBucket)", "Type": "String", "AllowedPattern": "^([\\w\\-\\.]+)+\\.(pfx)$", "ConstraintDescription": "S3 object key name must be between 1 and 1024 characters." }, "SSLCertPassword": { "Description": "SSL certificate file password", "Type": "String", "NoEcho": "true", "AllowedPattern": "[^\\\"]{1,128}", "ConstraintDescription": "Password must be between 1 and 128 characters and must not contain backslashes (\\) or quotation marks (\")." }, "VPCId" : { "Description" : "VPC ID", "Type" : "AWS::EC2::VPC::Id" }, "Subnet" : { "Description" : "VPC Subnet ID", "Type": "AWS::EC2::Subnet::Id" }, "PostInstallationScript": { "Description": "ZIP archive file with custom post installation script (must be uploaded to DeploymentBucket).", "Type": "String", "AllowedPattern": "[^\"]{1,1024}", "ConstraintDescription": "S3 object key name must be between 1 and 1024 characters.", "Default": "none" } }, "Metadata" : { "AWS::CloudFormation::Interface" : { "ParameterGroups" : [ { "Label" : { "default" : "Network Configuration" }, "Parameters" : [ "VPCId", "Subnet", "SiteDomain", "SiteEIPAllocationID" ] }, { "Label" : { "default":"Amazon EC2 Configuration" }, "Parameters" : [ "InstanceType", "BDSInstanceType", "BDSInstances", "DriveSizeRoot", "DriveSizeData", "KeyName" ] }, { "Label" : { "default":"ArcGIS Enterprise Configuration" }, "Parameters" : [ "DeploymentBucket", "ServerLicenseFile", "PortalLicenseFile", "StoreType", "SiteAdmin", "SiteAdminPassword", "SSLCertificateFile", "SSLCertPassword" ] } ] } }, "Conditions" : { "UseCloudStore" : {"Fn::Equals" : [{"Ref" : "StoreType"}, "CloudStore"]}, "RunPostInstall" : {"Fn::Not" : [{"Fn::Equals" : [{"Ref" : "PostInstallationScript"}, "none"]}]} }, "Resources": { "ValidateParametersFunction": { "Type": "AWS::Lambda::Function", "DependsOn": "IAMRole", "Properties": { "Code": { "S3Bucket": {"Fn::Join" : ["", ["agsstore6", "-", {"Ref": "AWS::Region"}]]}, "S3Key": "8321/lambda/arcgis-cfn-lambda.zip" }, "Handler": "parameters.handler", "Runtime": "python2.7", "Timeout": "300", "Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] } } }, "StopStackFunction": { "Type": "AWS::Lambda::Function", "DependsOn": "IAMRole", "Properties": { "Code": { "S3Bucket": {"Fn::Join" : ["", ["agsstore6", "-", {"Ref": "AWS::Region"}]]}, "S3Key": "8321/lambda/arcgis-cfn-lambda.zip" }, "Environment" : { "Variables" : { "StackName" : {"Ref" : "AWS::StackName"} } }, "Handler": "stop_start.stop_allinone_stack", "Runtime": "python2.7", "Timeout": "300", "Role": {"Fn::GetAtt" : ["LambdaExecutionRole", "Arn"]}, "Description" : "Stops all EC2 instances of the CloudFormation stack" } }, "StartStackFunction": { "Type": "AWS::Lambda::Function", "DependsOn": "IAMRole", "Properties": { "Code": { "S3Bucket": {"Fn::Join" : ["", ["agsstore6", "-", {"Ref": "AWS::Region"}]]}, "S3Key": "8321/lambda/arcgis-cfn-lambda.zip" }, "Environment" : { "Variables" : { "StackName" : {"Ref" : "AWS::StackName"} } }, "Handler": "stop_start.start_allinone_stack", "Runtime": "python2.7", "Timeout": "300", "Role": {"Fn::GetAtt" : ["LambdaExecutionRole", "Arn"]}, "Description" : "Starts all EC2 instances of the CloudFormation stack" } }, "LambdaExecutionRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"Service": ["lambda.amazonaws.com"]}, "Action": ["sts:AssumeRole"] }] }, "Path": "/", "Policies": [{ "PolicyName": "root", "PolicyDocument": { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"], "Resource": "*" }, { "Effect": "Allow", "Action": ["dynamodb:*"], "Resource": "*" }, { "Effect": "Allow", "Action": ["s3:*"], "Resource": "*" }, { "Effect": "Allow", "Action": ["ec2:*"], "Resource": "*" }, { "Effect": "Allow", "Action": ["cloudformation:*"], "Resource": "*" }, { "Effect": "Allow", "Action": ["autoscaling:*"], "Resource": "*" }] } }] } }, "ValidateServerLicenseFile": { "Type": "Custom::ValidateParameters", "Properties": { "ServiceToken": {"Fn::GetAtt": ["ValidateParametersFunction", "Arn"]}, "DeploymentBucket": {"Ref": "DeploymentBucket"}, "S3Key": {"Ref": "ServerLicenseFile"} } }, "ValidatePortalLicenseFile": { "Type": "Custom::ValidateParameters", "DependsOn": "ValidateServerLicenseFile", "Properties": { "ServiceToken": {"Fn::GetAtt": ["ValidateParametersFunction", "Arn"]}, "DeploymentBucket": {"Ref": "DeploymentBucket"}, "S3Key": {"Ref": "PortalLicenseFile"} } }, "ValidateSSLCertificateFile": { "Type": "Custom::ValidateParameters", "DependsOn": "ValidatePortalLicenseFile", "Properties": { "ServiceToken": {"Fn::GetAtt": ["ValidateParametersFunction", "Arn"]}, "DeploymentBucket": {"Ref": "DeploymentBucket"}, "S3Key": {"Ref": "SSLCertificateFile"} } }, "ValidatePostInstallationScript": { "Type": "Custom::ValidateParameters", "Condition": "RunPostInstall", "Properties": { "ServiceToken": {"Fn::GetAtt": ["ValidateParametersFunction", "Arn"]}, "DeploymentBucket": {"Ref": "DeploymentBucket"}, "S3Key": {"Ref": "PostInstallationScript"} } }, "ServerConfigStoreFunction": { "Type": "AWS::Lambda::Function", "DependsOn": "IAMRole", "Properties": { "Code": { "S3Bucket": {"Fn::Join" : ["", ["agsstore6", "-", {"Ref": "AWS::Region"}]]}, "S3Key": "8321/lambda/arcgis-cfn-lambda.zip" }, "Handler": "server_config_store.handler", "Runtime": "python2.7", "Timeout": "30", "Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] } } }, "ServerConfigStore": { "Type": "Custom::ServerConfigStore", "Properties": { "ServiceToken": {"Fn::GetAtt": ["ServerConfigStoreFunction", "Arn"]}, "Namespace": {"Fn::Join" : ["", [{"Ref" : "AWS::StackName"}]]} } }, "DeploymentLogs": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 7 } }, "EIPAssociation": { "Type": "AWS::EC2::EIPAssociation", "DependsOn": "WaitCondition", "Properties": { "AllocationId": {"Ref": "SiteEIPAllocationID"}, "InstanceId": {"Ref": "AllInOneEC2Instance"} } }, "IAMRole": { "Type": "AWS::IAM::Role", "DependsOn": "LambdaExecutionRole", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/" } }, "IAMPolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "IAMRole", "PolicyDocument": { "Statement": [ { "Action": [ "s3:*", "dynamodb:*", "cloudformation:*", "logs:*", "ssm:*", "ec2messages:*" ], "Effect": "Allow", "Resource": "*" } ] }, "Roles": [ {"Ref": "IAMRole"} ] } }, "IAMInstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ {"Ref": "IAMRole"}] } }, "SecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : {"Ref" : "AWS::StackName"}, "VpcId" : {"Ref" : "VPCId"}, "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" }, { "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "CidrIp" : "0.0.0.0/0" } ] } }, "SecurityGroupIngress" : { "Type" : "AWS::EC2::SecurityGroupIngress", "Properties" : { "GroupId" : {"Ref" : "SecurityGroup"}, "IpProtocol" : "tcp", "FromPort" : "0", "ToPort" : "65535", "SourceSecurityGroupId" : {"Ref" : "SecurityGroup"} } }, "PortalContent": { "Type": "AWS::S3::Bucket", "Condition" : "UseCloudStore", "DeletionPolicy": "Retain", "Properties": { "Tags": [ { "Key": "Name", "Value": {"Ref": "AWS::StackName"} }, { "Key": "Application", "Value": "arcgis-allinone-windows" }] } }, "AllInOneEC2Instance": { "Type": "AWS::EC2::Instance", "Properties": { "ImageId": {"Fn::FindInMap" : ["RegionMap", {"Ref":"AWS::Region"}, "en"]}, "InstanceType": {"Ref": "InstanceType" }, "KeyName": {"Ref": "KeyName"}, "IamInstanceProfile": {"Ref": "IAMInstanceProfile"}, "Tags": [ { "Key": "Name", "Value": {"Ref": "AWS::StackName"} }, { "Key": "Application", "Value": "arcgis-allinone-ubuntu" } ], "Monitoring": true, "BlockDeviceMappings": [ { "DeviceName": "/dev/sda1", "Ebs": { "VolumeSize": {"Ref": "DriveSizeRoot"}, "DeleteOnTermination": true, "VolumeType": "gp2" } }, { "DeviceName": "/dev/sdx", "Ebs": { "VolumeSize": {"Ref": "DriveSizeData"}, "DeleteOnTermination": true, "VolumeType": "gp2" } }, { "DeviceName": "xvdca", "NoDevice": {} },{ "DeviceName": "xvdcb", "NoDevice": {} },{ "DeviceName": "xvdcc", "NoDevice": {} },{ "DeviceName": "xvdcd", "NoDevice": {} },{ "DeviceName": "xvdce", "NoDevice": {} },{ "DeviceName": "xvdcf", "NoDevice": {} },{ "DeviceName": "xvdcg", "NoDevice": {} },{ "DeviceName": "xvdch", "NoDevice": {} },{ "DeviceName": "xvdci", "NoDevice": {} },{ "DeviceName": "xvdcj", "NoDevice": {} },{ "DeviceName": "xvdck", "NoDevice": {} },{ "DeviceName": "xvdcl", "NoDevice": {} },{ "DeviceName": "xvdcm", "NoDevice": {} },{ "DeviceName": "xvdcn", "NoDevice": {} },{ "DeviceName": "xvdco", "NoDevice": {} },{ "DeviceName": "xvdcp", "NoDevice": {} },{ "DeviceName": "xvdcq", "NoDevice": {} },{ "DeviceName": "xvdcr", "NoDevice": {} },{ "DeviceName": "xvdcs", "NoDevice": {} },{ "DeviceName": "xvdct", "NoDevice": {} },{ "DeviceName": "xvdcu", "NoDevice": {} },{ "DeviceName": "xvdcv", "NoDevice": {} },{ "DeviceName": "xvdcw", "NoDevice": {} },{ "DeviceName": "xvdcx", "NoDevice": {} },{ "DeviceName": "xvdcy", "NoDevice": {} },{ "DeviceName": "xvdcz", "NoDevice": {} } ], "NetworkInterfaces": [ { "GroupSet": [ {"Ref": "SecurityGroup"} ], "AssociatePublicIpAddress": "true", "DeviceIndex": "0", "DeleteOnTermination": "true", "SubnetId": {"Ref": "Subnet"} } ], "UserData": { "Fn::Base64": { "Fn::Join": [ "", [ "#!/bin/bash -v\n", "sleep 60\n", "for i in {1..60}; do ping -c1 $(hostname); if [ $? -eq 0 ]; then break; fi; sleep 10; done\n", "ping -c1 $(hostname)\n", "exitcode=$?\n", "if [ $exitcode -ne 0 ]; then\n", " cfn-signal -e $exitcode -r 'Failed to resolve the host name. Check the VPC settings.' '", {"Ref": "WaitHandle"}, "'\n", " exit $exitcode\n", "fi\n", "if ", {"Fn::If": ["RunPostInstall", "true", "false"]}, "; then\n", " cfn-init -v -c post-install-script -s ", {"Ref": "AWS::StackName"}, " -r AllInOneEC2Instance", " --region ", {"Ref": "AWS::Region"}, "\n", "fi\n", "cfn-init -v -c firstpass -s ", {"Ref": "AWS::StackName"}, " -r AllInOneEC2Instance", " --region ", {"Ref": "AWS::Region"}, "\n", "cfn-init -v -c secondpass -s ", {"Ref": "AWS::StackName"}, " -r AllInOneEC2Instance", " --region ", {"Ref": "AWS::Region"}, "\n", "exitcode=$?\n", "wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py\n", "while pgrep unattended-upgr > /dev/null; do sleep 1; done\n", "sudo python ./awslogs-agent-setup.py -n -r ", {"Ref": "AWS::Region"}, " -c /tmp/cwlogs/cwlogs.conf || error_exit 'Failed to run CloudWatch Logs agent setup'\n", "if [ $exitcode -ne 0 ]; then\n", " cfn-signal -e $exitcode -r 'cfn-init failed. See /var/log/cfn-init.log for details.' '", { "Ref": "WaitHandle"}, "'\n", " exit $exitcode\n", "fi\n", "chmod 777 /mnt\n", "export arcgis_cloud_platform=aws\n", "sudo chef-solo -j /tmp/node.json -r https://agsstore6.s3.amazonaws.com/8321/cookbooks/arcgis-3.2.0-cookbooks.tar.gz -L /var/log/chef-run.log -l info\n", "exitcode=$?\n", "if [ $exitcode -ne 0 ]; then\n", " cfn-signal -e $exitcode -r 'Chef run failed. See /var/log/chef-run.log for details.' '", {"Ref": "WaitHandle"}, "'\n", " exit $exitcode\n", "fi\n", "cfn-signal -e 0 -r 'Setup complete' '", {"Ref": "WaitHandle"}, "'\n" ] ] } } }, "Metadata": { "AWS::CloudFormation::Authentication": { "S3AccessCreds": { "type": "S3", "buckets": [{"Ref": "DeploymentBucket"}], "roleName": {"Ref": "IAMRole"} } }, "AWS::CloudFormation::Init": { "configSets" : { "firstpass" : [ "config1" ], "secondpass" : [ "config2" ], "post-install-script": ["post-install-config"] }, "post-install-config": { "sources" : { "/arcgis/postinstallscripts" : {"Fn::If": ["RunPostInstall", {"Fn::GetAtt": [ "ValidatePostInstallationScript", "S3ObjectURL" ]}, ""]} } }, "config1": { "sources": { "/usr/local/lib/python2.7/dist-packages/cfnbootstrap/resources/documents" : "https://arcgisstore106.s3.amazonaws.com/endpoints.tar.gz" } }, "config2": { "commands": { "rename-server-license": { "command": { "Fn::Join": ["", ["mv /tmp/server_license.tmp /tmp/", {"Ref": "ServerLicenseFile"}]] } }, "rename-portal-license": { "command": { "Fn::Join": ["", ["mv /tmp/portal_license.tmp /tmp/", {"Ref": "PortalLicenseFile" }]] } } }, "files": { "/tmp/cwlogs/cwlogs.conf": { "content": { "Fn::Join": [ "", [ "[general]\n", "state_file= /var/awslogs/agent-state\n", "[/var/log/cfn-init.log]\n", "file = /var/log/cfn-init.log\n", "log_group_name = ", {"Ref": "DeploymentLogs"}, "\n", "log_stream_name = {instance_id}/cfn-init.log\n", "datetime_format = %d/%b/%Y:%H:%M:%S\n", "[/var/log/chef-run.log]\n", "file = /var/log/chef-run.log\n", "log_group_name = ", {"Ref": "DeploymentLogs"}, "\n", "log_stream_name = {instance_id}/chef-run.log\n", "datetime_format = %Y-%m-%dT%H:%M:%S%z\n", "[/var/lib/tomcat7/logs/catalina.out]\n", "file = /var/lib/tomcat7/logs/catalina.out\n", "log_group_name = ", {"Ref": "DeploymentLogs"}, "\n", "log_stream_name = {instance_id}/catalina.out\n", "datetime_format = %d/%b/%Y:%H:%M:%S\n" ] ] } }, "/etc/tomcat7/pkcs12_cert.pfx": { "source": {"Fn::GetAtt": [ "ValidateSSLCertificateFile", "S3ObjectURL" ]}, "authentication": "S3AccessCreds" }, "/tmp/server_license.tmp": { "source": {"Fn::GetAtt": [ "ValidateServerLicenseFile", "S3ObjectURL" ]}, "authentication": "S3AccessCreds" }, "/tmp/portal_license.tmp": { "source": {"Fn::GetAtt": [ "ValidatePortalLicenseFile", "S3ObjectURL" ]}, "authentication": "S3AccessCreds" }, "/tmp/node.json": { "content": { "Fn::Join": [ "", [ "{\n", " \"java\" : {\n", " \"install_flavor\" : \"oracle\",\n", " \"jdk_version\" : \"8\",\n", " \"oracle\" : {\n", " \"accept_oracle_download_terms\" : true\n", " }\n", " },\n", " \"tomcat\" : {\n", " \"keystore_file\" : \"/etc/tomcat7/pkcs12_cert.pfx\",\n", " \"keystore_type\" : \"pkcs12\",\n", " \"keystore_password\" : \"", {"Ref": "SSLCertPassword"}, "\"\n", " },\n", " \"arcgis\" : {\n", " \"post_install_script\" : \"/arcgis/postinstallscripts/deploy.sh\",\n", " \"hosts\" : {\n", " \"", {"Ref": "SiteDomain"}, "\" : \"\"\n", " },\n", " \"web_server\":{\n", " \"webapp_dir\":\"/opt/tomcat_arcgis/webapps\"\n", " },\n", " \"server\" : {\n", " \"domain_name\" : \"",{"Ref": "SiteDomain"}, "\",\n", " \"wa_url\" : \"https://", {"Ref": "SiteDomain"}, "/server\",\n", " \"private_url\" : \"https://", {"Ref": "SiteDomain"}, "/server\",\n", " \"web_context_url\" : \"https://", {"Ref": "SiteDomain"}, "/server\",\n", " \"admin_username\" : \"", {"Ref": "SiteAdmin"}, "\",\n", " \"admin_password\" : \"", {"Ref": "SiteAdminPassword"}, "\",\n", " \"directories_root\" : \"/gisdata/arcgisserver\",\n", " \"log_dir\" : \"/gisdata/arcgisserver/logs/\",\n", " \"config_store_type\" : \"", {"Fn::If": ["UseCloudStore", "AMAZON", "FILESYSTEM"]}, "\",\n", " \"config_store_connection_string\" : \"", {"Fn::If": ["UseCloudStore", {"Fn::Join" : ["", ["NAMESPACE=", {"Ref" : "AWS::StackName"}, ";REGION=", { "Ref" : "AWS::Region" } ]]}, "/gisdata/arcgisserver/config-store"]}, "\",\n", " \"authorization_file\" : \"/tmp/", {"Ref": "ServerLicenseFile"}, "\",\n", " \"install_system_requirements\" : false\n", " },\n", " \"web_adaptor\" : {\n", " \"admin_access\" : true\n", " },\r\n", " \"data_store\" : {\n", " \"data_dir\" : \"/gisdata/arcgisdatastore\",\n", " \"install_system_requirements\" : false\n", " },\n", " \"portal\" : {\n", " \"domain_name\" : \"", {"Ref": "SiteDomain"}, "\",\n", " \"private_url\" : \"https://", {"Ref": "SiteDomain"}, "/portal\",\n", " \"web_context_url\" : \"https://", {"Ref": "SiteDomain"}, "/portal\",\n", " \"admin_username\" : \"", {"Ref": "SiteAdmin"}, "\",\n", " \"admin_password\" : \"", {"Ref": "SiteAdminPassword"}, "\",\n", " \"data_dir\" : \"/gisdata/arcgisportal\",\n", " \"content_store_type\" : \"", {"Fn::If": ["UseCloudStore", "cloudStore", "fileStore"]}, "\",\n", " \"content_store_provider\" : \"", {"Fn::If": ["UseCloudStore", "Amazon", "FileSystem"]}, "\",\n", " \"content_store_connection_string\" : ", {"Fn::If": ["UseCloudStore", {"Fn::Join" : ["", ["{\"region\": \"", {"Ref" : "AWS::Region"}, "\", \"credentialType\": \"IAMRole\"}"]]}, "\"/gisdata/arcgisportal/content\""]}, ",\n", " \"object_store\" : \"", {"Fn::If": ["UseCloudStore", {"Ref": "PortalContent"}, ""]}, "\",\n", " \"authorization_file\" : \"/tmp/", {"Ref": "PortalLicenseFile"}, "\",\n", " \"install_system_requirements\" : false\n", " }\n", " },\n", " \"run_list\" : [\n", " \"recipe[apt]\",\n", " \"recipe[arcgis-enterprise::hosts]\",\n", " \"recipe[esri-tomcat]\",\n", " \"recipe[iptables]\",\n", " \"recipe[arcgis-enterprise::iptables]\",\n", " \"recipe[arcgis-enterprise::server]\",\n", " \"recipe[arcgis-enterprise::server_wa]\",\n", " \"recipe[arcgis-enterprise::datastore]\",\n", " \"recipe[arcgis-enterprise::portal]\",\n", " \"recipe[arcgis-enterprise::portal_wa]\",\n", " \"recipe[arcgis-enterprise::federation]\",\n", " \"recipe[arcgis-enterprise::post_install]\"]\n", "}\n" ] ] } } } } } } }, "EC2InstanceRecoveryAlarm" : { "Type" : "AWS::CloudWatch::Alarm", "Properties" : { "AlarmDescription" : "Trigger a recovery when instance status check fails for 5 consecutive minutes.", "MetricName" : "StatusCheckFailed_System", "Namespace" : "AWS/EC2", "Statistic" : "Minimum", "Period" : "60", "EvaluationPeriods" : "5", "Threshold" : "0", "ComparisonOperator" : "GreaterThanThreshold", "AlarmActions" : [ {"Fn::Join" : ["", ["arn:", {"Ref" : "AWS::Partition"}, ":automate:", { "Ref" : "AWS::Region" }, ":ec2:recover" ]]} ], "Dimensions" : [ { "Name" : "InstanceId", "Value" : {"Ref" : "AllInOneEC2Instance"} } ] } }, "WaitHandle": { "Type": "AWS::CloudFormation::WaitConditionHandle", "Properties": {} }, "WaitCondition": { "Type": "AWS::CloudFormation::WaitCondition", "DependsOn": "AllInOneEC2Instance", "Properties": { "Handle": { "Ref": "WaitHandle" }, "Timeout": "7200" } }, "LaunchConfig" : { "Type" : "AWS::AutoScaling::LaunchConfiguration", "DependsOn" : "WaitCondition", "Properties" : { "AssociatePublicIpAddress" : true, "ImageId" : {"Fn::FindInMap" : ["RegionMap", {"Ref":"AWS::Region"}, "en"]}, "InstanceType" : {"Ref" : "BDSInstanceType"}, "KeyName" : {"Ref" : "KeyName"}, "IamInstanceProfile" : {"Ref" : "IAMInstanceProfile"}, "SecurityGroups" : [ {"Ref": "SecurityGroup"} ], "InstanceMonitoring" : true, "BlockDeviceMappings": [ { "DeviceName": "/dev/sda1", "Ebs": { "VolumeSize": {"Ref": "DriveSizeRoot"}, "DeleteOnTermination": true, "VolumeType": "gp2" } }, { "DeviceName": "/dev/sdx", "Ebs": { "VolumeSize": {"Ref": "DriveSizeData"}, "DeleteOnTermination": true, "VolumeType": "gp2" } } ], "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -v\n", "for i in {1..60}; do ping -c1 $(hostname); if [ $? -eq 0 ]; then break; fi; sleep 10; done\n", "ping -c1 $(hostname)\n", "exitcode=$?\n", "if [ $exitcode -ne 0 ]; then\n", " cfn-signal -e $exitcode -r 'Failed to resolve the host name. Check the VPC settings.' '", {"Ref": "WaitHandle"}, "'\n", " exit $exitcode\n", "fi\n", "if ", {"Fn::If": ["RunPostInstall", "true", "false"]}, "; then\n", " cfn-init -v -c post-install-script -s ", {"Ref": "AWS::StackName"}, " -r AllInOneEC2Instance", " --region ", {"Ref": "AWS::Region"}, "\n", "fi\n", "cfn-init -v -c firstpass -s ", {"Ref": "AWS::StackName"}, " -r LaunchConfig", " --region ", {"Ref": "AWS::Region"}, "\n", "cfn-init -v -c secondpass -s ", {"Ref": "AWS::StackName"}, " -r LaunchConfig", " --region ", {"Ref": "AWS::Region"}, "\n", "exitcode=$?\n", "wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py\n", "while pgrep unattended-upgr > /dev/null; do sleep 1; done\n", "sudo python awslogs-agent-setup.py -n -r ", {"Ref": "AWS::Region"}, " -c /tmp/cwlogs/cwlogs.conf || error_exit 'Failed to run CloudWatch Logs agent setup'\n", "if [ $exitcode -ne 0 ]; then\n", " cfn-signal -e $exitcode -r 'cfn-init failed. See /var/log/cfn-init.log for details.' '", {"Ref": "AutoScalingGroupWaitHandle"}, "'\n", " exit $exitcode\n", "fi\n", "chmod 777 /mnt\n", "export arcgis_cloud_platform=aws\n", "chef-solo -j /tmp/node.json -r https://agsstore6.s3.amazonaws.com/8321/cookbooks/arcgis-3.2.0-cookbooks.tar.gz -L /var/log/chef-run.log -l info\n", "exitcode=$?\n", "if [ $exitcode -ne 0 ]; then\n", " cfn-signal -e $exitcode -r 'Chef run failed. See /var/log/chef-run.log for details.' '", {"Ref": "AutoScalingGroupWaitHandle"}, "'\n", " exit $exitcode\n", "fi\n", "cfn-signal -e 0 -r 'Setup complete' '", {"Ref": "AutoScalingGroupWaitHandle"}, "'\n"] ] } } }, "Metadata" : { "AWS::CloudFormation::Authentication" : { "S3AccessCreds" : { "type" : "S3", "buckets" : [ {"Ref" : "DeploymentBucket"} ], "roleName" : {"Ref" : "IAMRole"} } }, "AWS::CloudFormation::Init" : { "configSets" : { "firstpass" : [ "config1" ], "secondpass" : [ "config2" ], "post-install-script": ["post-install-config"] }, "post-install-config": { "sources" : { "/arcgis/postinstallscripts" : {"Fn::If": ["RunPostInstall", {"Fn::GetAtt": [ "ValidatePostInstallationScript", "S3ObjectURL" ]}, ""]} } }, "config1": { "sources": { "/usr/local/lib/python2.7/dist-packages/cfnbootstrap/resources/documents" : "https://arcgisstore106.s3.amazonaws.com/endpoints.tar.gz" } }, "config2": { "files" : { "/tmp/cwlogs/cwlogs.conf": { "content": { "Fn::Join": ["", [ "[general]\n", "state_file= /var/awslogs/agent-state\n", "[/var/log/cfn-init.log]\n", "file = /var/log/cfn-init.log\n", "log_group_name = ", {"Ref": "DeploymentLogs"}, "\n", "log_stream_name = {instance_id}/cfn-init.log\n", "datetime_format = %d/%b/%Y:%H:%M:%S\n", "[/var/log/chef-run.log]\n", "file = /var/log/chef-run.log\n", "log_group_name = ", {"Ref": "DeploymentLogs"}, "\n", "log_stream_name = {instance_id}/chef-run.log\n", "datetime_format = %Y-%m-%dT%H:%M:%S%z\n", "[/var/lib/tomcat7/logs/catalina.out]\n", "file = /var/lib/tomcat7/logs/catalina.out\n", "log_group_name = ", {"Ref": "DeploymentLogs"}, "\n", "log_stream_name = {instance_id}/catalina.out\n", "datetime_format = %d/%b/%Y:%H:%M:%S"]] }, "mode" : "000755" }, "/tmp/node.json" : { "content" : { "Fn::Join" : [ "", [ "{\n", " \"arcgis\" : {\n", " \"post_install_script\" : \"/arcgis/postinstallscripts/deploy.sh\",\n", " \"server\" : {\n", " \"admin_username\" : \"", {"Ref" : "SiteAdmin"}, "\",\n", " \"admin_password\" : \"", {"Ref" : "SiteAdminPassword" }, "\",\n", " \"domain_name\" : \"", { "Fn::GetAtt" : [ "AllInOneEC2Instance", "PrivateIp" ] }, "\",\n", " \"private_url\" : \"https://", { "Fn::GetAtt" : [ "AllInOneEC2Instance", "PrivateIp" ] }, ":6443/arcgis\"\n", " },\n", " \"data_store\" : {\n", " \"types\" : \"spatiotemporal\",\n", " \"preferredidentifier\" : \"ip\",\n", " \"data_dir\" : \"/gisdata/arcgisdatastore\",\n", " \"backup_dir\" : \"/net/", { "Fn::GetAtt" : [ "AllInOneEC2Instance", "PrivateIp" ] }, "/gisdata/arcgisdatastore/backup\"\n", " }\n", " },\n", " \"run_list\" : [\n", " \"recipe[apt]\",\n", " \"recipe[arcgis-enterprise::datastore]\",\n", " \"recipe[arcgis-enterprise::post_install]\"]\n", "}\n" ] ] }, "mode" : "000755" } } } } } }, "AutoScalingGroup" : { "Type" : "AWS::AutoScaling::AutoScalingGroup", "Properties" : { "VPCZoneIdentifier" : [ {"Ref" : "Subnet"} ], "Cooldown" : "300", "MaxSize" : {"Ref" : "BDSInstances"}, "MinSize" : {"Ref" : "BDSInstances"}, "LaunchConfigurationName" : {"Ref" : "LaunchConfig"}, "HealthCheckType" : "EC2", "HealthCheckGracePeriod" : "3600", "Tags" : [ { "Key" : "Name", "Value" : {"Fn::Join" : ["", [{"Ref" : "AWS::StackName"}, "-bds"]]}, "PropagateAtLaunch" : true } ] }, "UpdatePolicy": { "AutoScalingReplacingUpdate": { "WillReplace": "true" } } }, "AutoScalingGroupWaitHandle" : { "Type" : "AWS::CloudFormation::WaitConditionHandle", "Properties" : {} }, "AutoScalingGroupWaitCondition" : { "Type" : "AWS::CloudFormation::WaitCondition", "DependsOn" : "LaunchConfig", "Properties" : { "Count" : {"Ref" : "BDSInstances"}, "Handle" : {"Ref" : "AutoScalingGroupWaitHandle"}, "Timeout" : "10800" } } }, "Outputs": { "AdminURL": { "Value": {"Fn::Join": [ "", [ "https://", {"Ref": "SiteDomain"}, "/server/manager" ] ]}, "Description": "ArcGIS Server Administrator Directory URL" }, "RestURL": { "Value": {"Fn::Join": ["", [ "https://", {"Ref": "SiteDomain"}, "/server/rest" ] ]}, "Description": "ArcGIS REST Services Directory URL" }, "PortalURL": { "Value": {"Fn::Join": ["", [ "https://", {"Ref": "SiteDomain"}, "/portal/home" ] ]}, "Description": "Portal for ArcGIS Server Home URL" }, "LogsURL": { "Value": {"Fn::Join": ["", ["https://console.aws.amazon.com/cloudwatch/home?region=", {"Ref": "AWS::Region"}, "#logStream:group=", {"Ref": "DeploymentLogs"} ] ]}, "Description": "Deployment Logs" }, "StopStackFunction": { "Value" : {"Fn::Join": ["", [ "https://console.aws.amazon.com/lambda/home?region=", {"Ref": "AWS::Region"}, "#/functions/", {"Ref": "StopStackFunction"} ] ]}, "Description" : "Lambda function used to stop all EC2 instances in the stack." }, "StartStackFunction": { "Value" : {"Fn::Join": ["", [ "https://console.aws.amazon.com/lambda/home?region=", {"Ref": "AWS::Region"}, "#/functions/", {"Ref": "StartStackFunction"} ] ]}, "Description" : "Lambda function used to start all EC2 instances in the stack." }, "VPCId" : { "Value" : {"Ref" : "VPCId"}, "Description" : "VPC ID" }, "Subnet" : { "Value" : {"Ref" : "Subnet"}, "Description" : "VPC subnet" }, "DeploymentBucket" : { "Value" : {"Ref" : "DeploymentBucket"}, "Description" : "Deployment S3 bucket" }, "SecurityGroup" : { "Value" : {"Ref" : "SecurityGroup"}, "Description" : "Security group" }, "AllInOneEC2InstancePrivateIp" : { "Value" : { "Fn::GetAtt" : [ "AllInOneEC2Instance", "PrivateIp" ] }, "Description" : "Private IP address of the base ArcGIS Enterprise EC2 instance" }, "StoreType" : { "Value" : {"Ref" : "StoreType" }, "Description" : "ArcGIS Server config store and Portal for ArcGIS content store type" } } }