Select to view content in your preferred language

Configure AWS S3 to be used as Portal Content Store

1729
1
Jump to solution
10-11-2017 02:10 PM
GirishYadav1
Occasional Contributor

We are deploying ArcGIS Enterprise on AWS cloud infra. And want to use AWS S3 as the Portal content store. But, my company policy only allows encrypted objects to be uploaded to S3 bucket.

 

While creating new Portal Site we pass following value in Portal Content Store field :

 

{

"type": "cloudStore",

"provider": "Amazon",

"connectionString": {"region": "<region name>","credentialType": "IAMRole"},

"objectStore": "<your S3 bucket>"

}

 

but receive following error from our chef script while creating new portal site:

 

1)       RuntimeError -  arcgis_enterprise_portal[Create Portal Site] (arcgis-enterprise::portal line 110) had an error: RuntimeError: Cannot write to the S3 bucket. Please check that the bucket exists. If access keys are used to connect to the bucket, make sure they are correct. If an IAM role is used to connect to the bucket, make sure that the IAM role has write privileges to the bucket.

 

We have verified that the bucket does exists and the IAM role has write privileges to the bucket.

 

Is there any configuration option that allow us to provide S3 SSE key ( flag like “—sse ASE256”) while configuring S3 bucket as portal’s content store?

Thanks,

Girish

0 Kudos
1 Solution

Accepted Solutions
Alber_Verster
Esri Contributor

Hi,

It would be best to utilise the ArcGIS Enterprise in the Cloud document as a reference for this use case.

It is my experience to use the maximum IAM role policy when deploying the environment with permissions similar to the initial set of rules.

Once your site is up and running, revert to the policies for each individual use case.

Hope this finds you well.

 

View solution in original post

0 Kudos
1 Reply
Alber_Verster
Esri Contributor

Hi,

It would be best to utilise the ArcGIS Enterprise in the Cloud document as a reference for this use case.

It is my experience to use the maximum IAM role policy when deploying the environment with permissions similar to the initial set of rules.

Once your site is up and running, revert to the policies for each individual use case.

Hope this finds you well.

 

0 Kudos