Esri's CloudFormation templates fail to deploy on AWS

Discussion created by nstef93 on May 2, 2017
Latest reply on Jul 25, 2019 by Trina.Chakravarty

I've been trying to deploy one of Esri's predefined templates for AWS that are available on this website. Specifically I'm trying to deploy the "Single-machine Deployment" which seems to be one of the least complex templates.


My first approach was to do it on Windows Server 2012. I also want to use the "CloudStore" option for the storage of the portal contents. When I start the deployment everything will start up as expected. After about 40 Minutes the deployment still hasn't finished and is then rolled back (caused by a timeout I think).


After digging through the logs I found the line where it crashes - here is what it says:

FATAL: RuntimeError: arcgis_server_portal[Create Portal Site] (arcgis-server::portal line 94) had an error: RuntimeError: Cannot write to the arcgisbasedeployment-portalcontents3bucket-5swdfcafcuvf S3 bucket. Please check that the bucket exists. If access keys are used to connect to the bucket, make sure they are correct. If an IAM role is used to connect to the bucket, make sure that the IAM role has write privileges to the bucket.

It seems that the deployment needs some permissions I am not having access to. I have tried it with my account (which has access to AmazonEC2FullAccess, AmazonS3FullAccess, AmazonKinsesisFullAccess + more) and the account of my supervisor which has full administrative rights. It always fails with the error above. The bucket is created during the deployment so it has no modified access rights (or anything else) besides the manipulation that the template might do.


So I thought: "Hey, maybe it's just Windows - let's try it out on Ubuntu!"

Again I configured the template with my certificate, license files etc. and started the deployment. After about 30 minutes the server rolls back, too. It gives the following error message:

WaitCondition received failed message: 'Chef run failed. See CloudWatch log group ArcGISBaseDeployment-DeploymentLogs-1T7AJ619LV00T for details.' for uniqueId: i-082f31197199f4c84

So I go to CloudWatch and try to see the log to get further information. Unfortunately there is no LogStream available to get information from. Maybe it crashes even before the logs are created? I don't know.


My next option would be to set up an AMI only and hope to get that running on AWS. Is there any hope to get the issue resolved or is anyone else having comparable problems?