Deploy ArcGIS Server on Linux in AWS - Esri/arcgis-gitops GitHub Wiki
This walkthrough will guide you through the process of initial deployment of a standalone highly available ArcGIS Server on Red Hat Enterprise Linux operating system in Amazon Web Services (AWS) using GitHub Actions.
The walkthrough uses aws/arcgis-server-linux template.
Duration: about 1 hour
Prerequisites
Before you begin this walkthrough:
- A private GitHub repository "gitops-demo" for the site must be created and properly configured.
- The core resources for the ArcGIS Enterprise site must be provisioned in the AWS account.
Refer to the Create Site Core in AWS walkthrough for detailed instructions.
You will need the following resources and accounts:
- GitHub.com user account
- Access keys of an AWS user with permissions to create and update IAM users, TLS/SSL certificates, S3 buckets, and SSM parameters (IAMFullAccess, AWSCertificateManagerFullAccess, AmazonS3FullAccess, and AmazonSSMFullAccess AWS managed IAM policies)
- Software authorization file for ArcGIS Server 11.4
- Domain name for the ArcGIS Server site
- SSL/TLS certificate for the ArcGIS Server site domain name
Step 1: Create and Configure a Codespace Workspace
This step creates a codespace workspace in the "gitops-demo" repository, installs AWS CLI v2, and configures it with the AWS account access keys.
1.1 Log in to GitHub.com account
Open the GitHub.com URL in a web browser, log in to your GitHub.com account, and select "gitops-demo" private repository form the "Your repositories" list.
1.2 Create a codespace workspace in the new repository
In the "gitops-demo" repository, click the green "Code" button, switch to the "Codespaces" tab, and click the "Create codespace on main" button. The codespace will be created and opened in a new browser tab.
 |
|---|
Note that instead of creating a codespace, you can also reuse the codespace created in Getting Started in AWS walkthrough if it is still available. In this case, you can skip this step and go to Step 2.
1.3 Install AWS CLI v2 in the codespace
In the codespace, click on the "Terminal" tab in the bottom panel, and run the following commands:
cd /tmp
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
Output:
You can now run: /usr/local/bin/aws --version
1.4 Configure the AWS CLI
Run the following commands and enter the AWS account user's access keys and the default AWS region ID when prompted:
aws configure
Step 2: Enable the Required Workflows
This step enables all the arcgis-server-linux template workflows by copying them to .github/workflows directory, attaches the required IAM policies to the IAM user, and lists the available workflows in the repository.
2.1 Copy the required workflows to .github/workflows directory
Switch back to the codespace browser tab and run the following commands:
cd /workspaces/gitops-demo
cp -r aws/arcgis-server-linux/workflows/* .github/workflows/
git add --all
git commit -m "Enable arcgis-server-linux workflows"
git push origin main
2.2 List the available workflows in the repository
gh workflow list
Output:
NAME STATE ID
server-linux-aws-application active 134673774
server-linux-aws-backup active 134673775
server-linux-aws-destroy active 134673776
server-linux-aws-image active 134673777
server-linux-aws-infrastructure active 134673778
server-linux-aws-restore active 134673779
server-linux-aws-test active 134673780
site-automation-chef-aws-destroy active 134673781
site-automation-chef-aws active 134673782
site-core-aws-destroy active 134673783
site-core-aws active 134673784
site-k8s-cluster-aws-destroy active 134673785
site-k8s-cluster-aws active 134673786
validate-settings-aws active 134658438
validate-settings-azure active 134658439
2.3 Attach the policies to the IAM user
Attach the policies required for running the workflows used by this walkthrough to gitops-demo IAM user.
export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
aws iam attach-user-policy --policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/ArcGISEnterpriseApplication --user-name gitops-demo
aws iam attach-user-policy --policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/ArcGISEnterpriseImage --user-name gitops-demo
aws iam attach-user-policy --policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/ArcGISEnterpriseInfrastructure --user-name gitops-demo
aws iam list-attached-user-policies --user-name gitops-demo
Output:
{
"AttachedPolicies": [
{
"PolicyName": "ArcGISEnterpriseInfrastructure",
"PolicyArn": "arn:aws:iam::012345678900:policy/ArcGISEnterpriseInfrastructure"
},
{
"PolicyName": "ArcGISEnterpriseApplication",
"PolicyArn": "arn:aws:iam::012345678900:policy/ArcGISEnterpriseApplication"
},
{
"PolicyName": "ArcGISEnterpriseImage",
"PolicyArn": "arn:aws:iam::012345678900:policy/ArcGISEnterpriseImage"
},
{
"PolicyName": "TerraformBackend",
"PolicyArn": "arn:aws:iam::012345678900:policy/TerraformBackend"
},
{
"PolicyName": "ArcGISSiteCore",
"PolicyArn": "arn:aws:iam::012345678900:policy/ArcGISSiteCore"
}
]
}
Step 3: Set Secrets and Update Config Files
This step sets the GitHub Actions secrets, updates the configuration files used by the workflows, uploads the required software authorization files, pushes the changes to the main brunch of the repository, and verifies the site configuration.
3.1 Configure GitHub Actions secrets
Open the new repository settings by clicking on the Settings tab in the repository, then click on "Secrets and Variables" menu item from "Security" section of the left sidebar, and select "Actions" from the dropdown menu.
- Click on "New repository secret" button, enter
ENTERPRISE_ADMIN_USERNAMEinto the "Name" field, enter the ArcGIS Server administrator user name into the "Value" field, and click "Add secret" button.The user name must be between 6 and 128 characters long and can consist only of uppercase and lowercase ASCII letters, numbers, and dots (.).
- Add
ENTERPRISE_ADMIN_PASSWORDsecret with the ArcGIS Server administrator user password.The password must be between 8 and 128 characters long and can consist only of uppercase and lowercase ASCII letters, numbers, and dots (.).
- Add
ENTERPRISE_ADMIN_EMAILsecret with the ArcGIS Server administrator e-mail address.
3.2 Update image.vars.json file
Update config/aws/arcgis-server-linux/image.vars.json config file to specify the ArcGIS Server version and patches to be installed.
In EXPLORER sidebar of the codespace window, click on "config" folder, then on "aws" subfolder, and then on "arcgis-server-linux" subfolder. Double-click on "image.vars.json" file to open it in the editor.
Change "arcgis_version" value to "11.4".
3.3 Import the SSL/TLS certificate for ArcGIS Server site domain name to AWS Certificate Manager
Upload the SSL certificate files to the /workspaces/gitops-demo/config/certificates directory in the workspace.
In the EXPLORER sidebar of the codespace window, click on "config" folder, then right-click on "certificates" folder, and select "Upload..." from the context menu. In the file selector dialog window navigate to the SSL certificate files location, select the certificate, private key and chain files, and click "Open" button to upload the files.
Run the following command in the codespace Terminal replacing arcgis-server.crt, arcgis-server.key, and arcgis-server.ca-bundle by the uploaded file names:
cd /workspaces/gitops-demo/config/certificates
aws acm import-certificate --certificate fileb://arcgis-server.crt --private-key fileb://arcgis-server.key --certificate-chain fileb://arcgis-server.ca-bundle --tags Key=ArcGISSiteId,Value=arcgis
Output:
{
"CertificateArn": "arn:aws:acm:us-west-2:012345678900:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
}
Alternatively, you can provision the SSL certificate using AWS Certificate Manager.
3.4 Update infrastructure.tfvars.json file
Open config/aws/arcgis-server-linux/infrastructure.tfvars.json file in the editor and update the following properties:
- Set "alb_deployment_id" property to
null. - Set "deployment_fqdn" property to the ArcGIS Server deployment fully qualified domain name.
- Replace the "ssl_certificate_arn" property by the imported SSL certificate ARN.
3.5 Update application.tfvars.json file
Upload the ArcGIS Server 11.4 authorization file to the "config/authorization/11.4/" directory in the codespace workspace.
In the EXPLORER sidebar of the codespace window, click on "config" folder, then right-click on "authorization" folder, select "New Folder..." from the context menu, and enter "11.4" as the folder name. Right-click on the new "11.4" folder, and select "Upload..." from the context menu. In the file selector dialog window navigate to the ArcGIS Server authorization file location, select the file and click "Open" button to upload the file to the workspace.
Open config/aws/arcgis-server-linux/application.tfvars.json file in the editor and update the following properties:
- Change "arcgis_version" value to "11.4".
- Replace "server_authorization_file_path" property to the uploaded authorization file paths
"~/config/authorization/11.4/<authorization file name>".
The workflows link '~/config/' paths to the repository's 'config/' directory.
3.6 Update site-index.json file
Replace the "deployments" property value in config/aws/site-index.json file by ["arcgis-server-linux"].
3.7 Commit and push the changes to the repository
git add --all
git commit -m "Update config files"
git push origin main
3.8 Verify the configuration files
Run "verify-site-config-aws" workflow to verify the site configuration.
Click on "Actions" tab in the repository, select "verify-site-config-aws" workflow on the left sidebar, click "Run workflow" on the right, and click "Run workflow" button.
Step 4: Deploy ArcGIS Server
This step runs the workflows build ArcGIS Server AMI, provision AWS resources for the deployment, configure ArcGIS Server, test and backup the deployment.
4.1 Build ArcGIS Server AMI
Run "server-linux-aws-image" workflow that creates EC2 AMI for the ArcGIS Server deployment.
Wait for the workflow to complete.
4.2 Provision AWS Resources for the ArcGIS Server deployment
Run "server-linux-aws-infrastructure" workflow that creates AWS resources for ArcGIS Server deployment.
 |
|---|
After the workflow run is complete, retrieve the DNS name of the load balancer created by the workflow from SSM Parameter Store:
aws ssm get-parameter --name "/arcgis/arcgis/server-linux/alb/dns-name" --query "Parameter.Value" --output text
Create a CNAME record for the load balancer DNS name in the DNS server managing the ArcGIS Server domain name.
4.3 Configure the ArcGIS Server deployment
Run "server-linux-aws-application" workflow to configure the ArcGIS Server deployment.
After the workflow run is complete, the ArcGIS Server deployment will be accessible at the deployment FQDN https://<deployment FQDN>/arcgis/manager.
4.4 Test the deployment
Run "server-linux-aws-test" workflow.
 |
|---|
4.5 Backup the deployment
Run "server-linux-aws-backup" workflow.
4.6 Open the deployment's CloudWatch dashboard
Sign in to the AWS Console and open URL https://console.aws.amazon.com/cloudwatch/home?#dashboards:name=arcgis-server in a web browser.
Conclusion
The walkthrough demonstrates only the basic capabilities of ArcGIS Automation using GitHub Actions. Check instructions of the templates and workflows for more advanced features and options.
Follow Destroy ArcGIS Server on Linux in AWS walkthrough to destroy the deployment and clean up the resources created during this walkthrough.