Security Issue in ArcGIS Server and the ArcGIS Enterprise AMI - 15/05/2018

Anonymous User · ‎05-14-2018

Hi all,

We used one of the available cloud formation templates to build our ArcGIS Enterprise. The CFT pulls the ArcGIS Enterprise AMI 10.5 to build the site, and also to increase the capacity of the site in response to an increase in the demand...Are the AMIs published in the AWS marketplace going to get the patch?

Security patch

ArcGIS Server Critical Security Patch Released

DavidCordes · ‎05-15-2018

Walter,

Once an AMI is created with a particular id, it's frozen in stone - it can't be updated. However it is possible to create new AMIs based on old ones. We are working towards creating new AMIs for 10.6 and 10.5.1 that are patched.

For existing instances that are already running, you will need to patch those. For 10.5, you will need to create a new AMI off our AMIs that is patched. Once you have done that, you can download and update our cloud formation templates with the new AMI id for the region that you are using.

Anonymous User · ‎05-15-2018

Hi David,

Thanks for your answer.

If you have had time to have a look at the cloud formation template I linked above, you'll see there is a combination of "pet" and "cattle" instances involved. The primary Server and the File Server are those machines that we will need to maintain, apply patches, software updates, etc, etc. they are static. The machines that go into the autoscaling group can be deployed in response to an increase of the demand of the site, used and deleted when they are not needed anymore. These machines are deployed automatically and the cloud formation template has an AMI ID hardcoded in it.

So I guess, I have two options: to build our own 10.5 AMI off your AMI to be used in the autoscaling group, update the static EC2 instances in our site manually, or upgrade the site to 10.6 once your team releases the patched 10.6 AMI. I'll go for the second option.

When do you think the new and patched 10.6 AMI is going to be released?