Community

DynamoDB IaC for multiple ArcGIS Server sites deployment for enterprise in AWS

510
2
06-19-2023 03:42 AM
AnthonyRyanEQL
by
Occasional Contributor III
‎06-19-2023 03:42 AM

Hi there,

I’m working on a multiple arcgis server sites deployment for enterprise and looking at using dynamodb for the server site’s config store. There will be 4 server sites to start with (eg. mapping, geoprocessing, utility network & hosting) and was wondering how dynamodb is deployed for this so I can write up the configuration for IaC? Is it like 4 x dynamodb instances with 1 table per instance for each site, 1 x dynamodb instance with 4 tables for each site or 1 x dynamodb instance with 1 table which has a field/key for the sites, etc?

if someone knows where the documentation is would be great or if they have done this configuration before.

 

thank you for any time spend on this

0 Kudos
2 Replies
ChristopherPawlyszyn
by Esri Contributor
Esri Contributor
‎06-21-2023 01:53 PM

Each site has its own unique DynamoDB table (and S3 bucket for any objects larger than the table record limit), which are provisioned during the site creation process. There is also a common table that tracks each created site table. I'm not familiar with the concept of instances in the context of DynamoDB, if you can elaborate further on that aspect. An important aspect to keep in mind is that each site's directories still require a file share.

 

Here's the associated ArcGIS Server documentation: https://enterprise.arcgis.com/en/server/latest/cloud/amazon/configure-shared-configuration-store.htm 


-- Chris Pawlyszyn
0 Kudos
AnthonyRyanEQL
by
Occasional Contributor III
‎06-21-2023 02:56 PM

Chris,

Sorry, there is no instance of DynamoDB. I had a thought of it belong with RDS so you could have many instances like SQL Server, Oracle, etc. which isn't the case.

Is there any IaC JSON around of how these tables can be built outside of the process of server site creation? The reason is the company I work for does AWS infrastructure builds via IaC in a versioned/controlled manner and mainly this second reason around the security pillar of least privilege. Looking at the IAM policies within cloudformation templates, those policies are not granular enough (eg. has create/delete/read access to all S3 buckets, similar to dynamodb tables) so we need to implement the tables first and assign an appropriate role against the EC2 instances for that server site that only has read/write access to its own dynamodb table

0 Kudos