Sitecore XP 9.3 on the AWS Cloud

Quick Start Reference Deployment

QS

May, 2020

Dylan Owen and Tony Bulding, AWS Quick Start team

Visit our GitHub repository for source files and to post feedback, report bugs, or submit feature ideas for this Quick Start.

This Quick Start was created by Sitecore in collaboration with Amazon Web Services (AWS). Quick Starts are automated reference deployments that use AWS CloudFormation templates to deploy key technologies on AWS, following AWS best practices.

Overview

The Sitecore Experience Platform (XP) is a content management system (CMS) for web content that automates marketing to deliver a personalized user experience. This Quick Start is intended for organizations that want to deploy a multirole Sitecore XP 9.3 architecture on the AWS Cloud. This Quick Start provides step-by-step instructions to deploy 12 roles that compose the complete Sitecore XP platform. All of the roles are deployed into individual Auto Scaling groups to ensure recoverability when an instance fails. Database services are provided by SQL Server through Amazon Relational Database Service (Amazon RDS), and caching is managed by Redis on Amazon ElastiCache. To control access, this deployment uses AWS Certificate Manager (ACM) and AWS Secrets Manager. Other services used by this Quick Start include Amazon Simple Storage Service (Amazon S3), AWS Systems Manager, Amazon CloudWatch, AWS Lambda, and Amazon Route 53.

Amazon may share who uses AWS Quick Starts with the AWS Partner Network (APN) Partner that collaborated with AWS on the content of the Quick Start.

Sitecore XP 9.3 on AWS

The Sitecore XP workloads are deployed on multiple Amazon EC2 instances for improved performance. The content-delivery and content-management roles can be scaled for high availability. Other Sitecore roles have restrictions on active/active roles and are designed for active/passive standby. Due to this, other Sitecore roles belong to their own Auto Scaling groups as single instances. Should an instance become unavailable, it’s replaced by a new instance and configured with a Sitecore role of the same type.

Website content can be deployed to the content-delivery and content-management roles using your choice of deployment software. User data for private and shared sessions is configured on the content-delivery instances to be stored within Redis in Amazon ElastiCache.

Please know that we may share who uses AWS Quick Starts with the AWS Partner Network (APN) Partner that collaborated with AWS on the content of the Quick Start.

Cost

You are responsible for the cost of the AWS services used while running this Quick Start. There is no additional cost for using the Quick Start.

The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of the settings, such as the instance type, affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you use. Prices are subject to change.

After you deploy the Quick Start, enable the AWS Cost and Usage Report to deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. It provides cost estimates based on usage throughout each month and aggregates the data at the end of the month. For more information about the report, see the AWS documentation.

Software licenses

This Quick Start requires a Sitecore XP 9.3 license. To use the Quick Start in your production environment, sign up for a developer trial license. For a full license, contact a Sitecore sales representative or Sitecore partner. Before you launch the Quick Start, place the license key in the deployment’s associated S3 bucket, and specify its location. For more information, see the Prepare for the deployment section.

If you don’t have a license, the Quick Start deployment will not complete successfully.

Architecture

Deploying this Quick Start for a new virtual private cloud (VPC) with default parameters builds the following Sitecore XP 9.3 environment in the AWS Cloud.

Architecture
Figure 1. Quick Start architecture for Sitecore XP 9.3 on AWS
Architecture
Figure 2. Quick Start architecture of resources for Sitecore XP 9.3 on AWS

As shown in figures 1 and 2, the Quick Start sets up the following:

  • A highly available architecture that spans two Availability Zones.*

  • A virtual private cloud (VPC) configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.*

  • A Microsoft remote desktop gateway (RDGW) in an Auto Scaling group to allow inbound remote desktop access to Amazon Elastic Compute Cloud (Amazon EC2) instances in the public and private subnets.*

  • In the public subnets:

    • Managed network address translation (NAT) gateways to allow outbound internet access for resources in the private subnets.*

    • An internet-facing Application Load Balancer (ALB) for routing traffic to the instances for content delivery, content management, and identity server.

  • In the private subnets:

    • Sitecore roles deployed on a single Amazon EC2 instance that’s contained within an Auto Scaling group.

    • An internal ALB for the reporting and processing roles.

    • Network Load Balancers (NLBs) for Transport Layer Security (TLS) pass-through for the remaining Sitecore instances.

    • Each EC2 instance is deployed into its own Auto Scaling group.

    • Amazon Route 53 private hosted zone for internal Domain Name System (DNS) lookups within the VPC.

    • Amazon ElastiCache for Redis.

  • An EC2 Amazon Machine Image (AMI), which is used in the initial deployment of all Sitecore roles and in subsequent Auto Scaling events.

  • AWS Systems Manager to store parameter data and the AMI automation build document.

  • Amazon Simple Storage Service (Amazon S3) artifacts bucket for storing static data.

  • Amazon RDS SQL Server to provide database services.

  • Amazon CloudWatch for monitoring deployed services.

  • AWS Secrets Manager for access control.

  • AWS Certificate Manager (ACM) for access control.

  • A Lambda function to convert and import the certificate into ACM

*The template that deploys the Quick Start into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.

Planning the deployment

Specialized knowledge

This deployment guide requires a moderate level of familiarity with AWS services. If you’re new to AWS, visit the Getting Started Resource Center and the AWS Training and Certification website. These sites provide materials for learning how to design, deploy, and operate your infrastructure and applications on the AWS Cloud.

This Quick Start assumes familiarity with PowerShell, Apache Solr, and Sitecore XP 9.3 roles and configurations. It also requires a moderate level of familiarity with AWS services. If you’re new to AWS, visit the Getting Started Resource Center and the AWS Training and Certification website. These sites provide materials for learning how to design, deploy, and operate your infrastructure and applications on the AWS Cloud.

In some scenarios you may want to deploy Sitecore into an existing VPC, which has a selfmanaged DNS rather than a Route 53–connected hosted zone. When deploying this Quick Start into an existing VPC, set VPCPrivateDNS to true. Then create DNS Canonical Name Record (CNAME) entries in your self-managed DNS. For more information, see Step Post-deployment steps.

AWS account

If you don’t already have an AWS account, create one at https://aws.amazon.com by following the on-screen instructions. Part of the sign-up process involves receiving a phone call and entering a PIN using the phone keypad.

Your AWS account is automatically signed up for all AWS services. You are charged only for the services you use.

Technical requirements

Before you launch the Quick Start, your account must be configured as specified in the following table. Otherwise, deployment might fail.

Resource limits

If necessary, request service quota increases for the following resources. You might need to request increases if your existing deployment currently uses these resources, and this Quick Start deployment could result in exceeding the default quotas. The Service Quotas console displays your usage and quotas for some aspects of some services. For more information, see the AWS documentation.

Resource This deployment uses

VPCs

1

Elastic IP addresses

1

IAM roles

8

Auto Scaling groups

14

Application Load Balancers

2

Network Load Balancers

7

m5a.xlarge instances

15

t2.large instances

1

Supported Regions

This deployment includes AWS Secrets Manager, which isn’t currently supported in all AWS Regions. For a current list of supported Regions, see Service endpoints and quotas in the AWS documentation.

Certain Regions are available on an opt-in basis. Refer to the AWS Documentation on Managing Regions for more information.

EC2 key pairs

Make sure that at least one Amazon EC2 key pair exists in your AWS account in the Region where you plan to deploy the Quick Start. Make note of the key pair name. You need it during deployment. To create a key pair, follow the instructions in the AWS documentation.

For testing or proof-of-concept purposes, we recommend creating a new key pair instead of using one that’s already being used by a production instance.

IAM permissions

Before launching the Quick Start, you must log in to the AWS Management Console with IAM permissions for the resources and actions the templates deploy.

The AdministratorAccess managed policy within IAM provides sufficient permissions, although your organization may choose to use a custom policy with more restrictions.

Prepare for the deployment

This Quick Start requires that you sign up with Sitecore to obtain the Sitecore XP 9.3 resource files.

  1. Obtain a temporary Sitecore license or contact your Sitecore sales representative or Sitecore partner for a full Sitecore license.

  2. Upload the license file to an S3 bucket into a prefix called “license.”

  3. Download the Sitecore XP 9.3 XP1 scaled installation files.

  4. Extract the contents of the .zip file, but don’t extract any of the resulting .zip files. Using the same S3 bucket as the license file, upload these extracted files into a prefix called “resources.”

  5. Create a certificate in Amazon Certificate Manager (ACM) for your Sitecore deployment in the Region where you deploy the Quick Start. This certificate must be created as a wildcard certificate for your Sitecore domain (for example, *.example.com).

This Quick Start can optionally deploy a server for Apache Solr search. This Solr deployment, however, is a development server and not recommended for production use. It is therefore suggested that you provide a URL to your production Apache Solr search server or cluster when deploying this Quick Start.

Deployment options

This Quick Start provides two deployment options:

  • Deploy Sitecore XP 9.3 into a new VPC (end-to-end deployment). This option builds a new AWS environment consisting of the VPC, subnets, NAT gateways, security groups, bastion hosts, and other infrastructure components. It then deploys Sitecore XP 9.3 into this new VPC.

  • Deploy Sitecore XP 9.3 into an existing VPC. This option provisions Sitecore XP 9.3 in your existing AWS infrastructure.

The Quick Start provides separate templates for these options. It also lets you configure Classless Inter-Domain Routing (CIDR) blocks, instance types, and Sitecore XP 9.3 settings, as discussed later in this guide.

Deployment steps

Sign in to your AWS account

  1. Sign in to your AWS account at https://aws.amazon.com with an IAM user role that has the necessary permissions. For details, see Planning the deployment earlier in this guide.

  2. Make sure that your AWS account is configured correctly, as discussed in the Technical requirements section.

Launch the Quick Start

You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start. For full details, see the pricing pages for each AWS service used by this Quick Start. Prices are subject to change.
  1. Sign in to your AWS account, and choose one of the following options to launch the AWS CloudFormation template. For help with choosing an option, see deployment options earlier in this guide.

Deploy Sitecore XP 9.3 into a new VPC on AWS

Deploy Sitecore XP 9.3 into an existing VPC on AWS

If you’re deploying Sitecore XP 9.3 into an existing VPC, make sure that your VPC has two private subnets in different Availability Zones for the workload instances, and that the subnets aren’t shared. This Quick Start doesn’t support shared subnets. These subnets require NAT gateways in their route tables, to allow the instances to download packages and software without exposing them to the internet.

Also, make sure that the domain name option in the DHCP options is configured as explained in the Amazon VPC documentation. You provide your VPC settings when you launch the Quick Start.

Each deployment takes about 1–1.5 hours to complete.

  1. Check the AWS Region that’s displayed in the upper-right corner of the navigation bar, and change it if necessary. This is where the network infrastructure for Sitecore XP 9.3 will be built. The template is launched in the us-east-1 Region by default.

  1. On the Create stack page, keep the default setting for the template URL, and then choose Next.

  2. On the Specify stack details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary.

In the following tables, parameters are listed by category and described separately for the deployment options. When you finish reviewing and customizing the parameters, choose Next.

Unless you are customizing the Quick Start templates for your own deployment projects, we recommend that you keep the default settings for the parameters labeled Quick Start S3 bucket name, Quick Start S3 bucket Region, and Quick Start S3 key prefix. Changing these parameter settings automatically updates code references to point to a new Quick Start location. For more information, see the AWS Quick Start Contributor’s Guide.

Launch into a new VPC

Table 1. VPC Network configuration
Parameter label (name) Default value Description

VPC CIDR (VPCCIDR)

10.0.0.0/16

CIDR block for the VPC.

Private subnet 1A CIDR (PrivateSubnet1ACIDR)

10.0.0.0/19

CIDR block for private subnet 1 located in Availability Zone 1.

Private subnet 2A CIDR (PrivateSubnet2ACIDR)

10.0.32.0/19

CIDR block for private subnet 2 located in Availability Zone 2.

Public subnet 1 CIDR (PublicSubnet1CIDR)

10.0.128.0/20

CIDR block for the public (DMZ) subnet 1 located in Availability Zone 1.

Public subnet 2 CIDR (PublicSubnet2CIDR)

10.0.144.0/20

CIDR block for the public (DMZ) subnet 2 located in Availability Zone 2.

Availability Zones (AvailabilityZones)

Requires input

List of Availability Zones to use for the subnets in the VPC.

Table 2. RDGW configuration
Parameter label (name) Default value Description

RD Gateway Admin User Name (AdminUser)

StackAdmin

User name for the new local administrator account.

RD Gateway Admin Password (AdminPassword)

Requires input

Password for the administrative account. Must be at least 8 characters containing letters, numbers and symbols.

RD Gateway Domain DNS Name (DomainDNSName)

example.com

Fully qualified domain name (FQDN) e.g. example.com.

Number of RD Gateway hosts (NumberOfRDGWHosts)

1

Enter the number of Remote Desktop Gateway hosts to create.

RD Gateway Instance Type (RDGWInstanceType)

t2.large

Amazon EC2 instance type for the first Remote Desktop Gateway instance.

Allowed RD Gateway External Access CIDR (RDGWCIDR)

Requires input

Allowed CIDR Block for external access to the Remote Desktop Gateways.

Key pair name for the RD Gateway (KeyPairName)

Requires input

Key pairs allow you to securely connect to your instance after it launches.

Table 3. Sitecore networking configuration
Parameter label (name) Default value Description

Content delivery FQDN (CDDNSName)

Requires input

Fully qualified domain name for the content delivery role (e.g., home.example.com).

Content management FQDN (CMDNSName)

Requires input

Fully qualified domain name for the content management role.

Identity server FQDN (ISDNSName)

Requires input

Fully qualified domain name for the identity server role.

Internal DNS suffix (IntDNS)

Optional

[Optional] Internal DNS name. If left blank, one is generated for you.

External ACM ARN (ExternalCertificateARN)

Optional

[Optional] Provide the Amazon Resource Name (ARN) of the wildcard certificate created in Amazon Certificate Manager. If not provided, a wildcard certificate will be created for you. If you provide an ARN, you do not need to provide details for ExternalCertFQDN or ExternalRoute53ZoneID.

External certificate domain name (ExternalCertFQDN)

Optional

[Optional] External domain name for the Sitecore deployment (e.g., example.com). This is created in ACM as a wildcard certificate (e.g., *.example.com) if no value is provided for ExternalCertificateARN.

External Route 53 zone ID (ExternalR53ZoneID)

Optional

[Optional] Provide the Route 53 Hosted Zone ID for ExternalCertFQDN if you require certificate validation to be done via DNS. If no Route 53 Hosted Zone ID is provided, validation is done via email.

Table 4. Sitecore configuration
Parameter label (name) Default value Description

Minimum content delivery instances (CDMinSize)

1

Minimum number of content delivery instances available.

Maximum content delivery instances (CDMaxSize)

3

Maximum number of content delivery instances available.

Desired content delivery instances (CDDesiredCapacity)

2

Desired number of content delivery instances available.

Content delivery (CDInstanceType)

m5a.xlarge

Content Delivery instance type.

Content delivery scaling metric (CDScalingMetric)

ASGAverageCPUUtilization

Metric used to determine scaling of the content delivery role.

Content delivery scaling metric value (CDScalingMetricValue)

70

Value required for the scaling metric (For ASGAverageNetworkIn this value is in bytes).

Minimum content management instances (CMMinSize)

1

Minimum number of content management instances available.

Maximum content management instances (CMMaxSize)

2

Maximum number of content management instances available.

Content management, identity, reference data (CmIdRdInstanceType)

m5a.xlarge

Instance type, applied to the roles of content management, identity, and reference data.

Content management scaling metric (CMScalingMetric)

ASGAverageCPUUtilization

Metric used to determine scaling of the content management role.

Content management caling metric value (CMScalingMetricValue)

70

Value required for the scaling metric (For ASGAverageNetworkIn this value is in bytes).

Collection, collection search (CollCSInstanceType)

m5a.xlarge

Instance type, applied to the roles of collection, collection search.

Marketing automation, cortex processing, processing (MaCpPrcInstanceType)

m5a.xlarge

Instance type, applied to the roles of marketing automation, cortex processing, and processing.

Marketing automation reporting, cortex reporting, reporting (MarCrRepInstanceType)

m5a.xlarge

Instance type, applied to the roles of marketing automation reporting, cortex reporting, and reporting.

EC2 Key Pair for Sitecore instances (SitecoreKeyPair)

Requires input

EC2 Key Pair to use for the Sitecore instances.

Sitecore installation prefix (SitecorePrefix)

Requires input

Prefix to be used for the Sitecore installation. This is limited to 8 characters.

Sitecore resources S3 Bucket (SitecoreS3Bucket)

Requires input

S3 Bucket name where the Sitecore 9.3 resources are located (installation files, license file, etc.). This deployment will put objects into this bucket.

Sitecore installation files prefix (SCResourcesPrefix)

resources/

Prefix in the S3 Bucket for the Sitecore install files (eg: resources/).

Sitecore license file prefix (SCLicensePrefix)

license/

Prefix in the S3 Bucket for the license.zip file (eg: license/).

Solr server/cluster URL (SOLRUrl)

Optional

[Optional] URL of your Solr server/cluster. If no URL is provided a development Solr instance will be created for this Sitecore deployment. Note: This development Solr instance should not be used within a production environment.

Solr cores prefix (SOLRCorePrefix)

Requires input

If you provided a Solr URL, this is the prefix of your pre-configured Solr cores. If no Solr URL provided, this is the prefix used for the Solr cores on the development Solr instance.

Sitecore environment type (EnvironmentType)

Production

Type of Sitecore deployment.

Sitecore log level (SCLogLevel)

Information

Sitecore deployment configured log level.

Email notifications (EmailNotifications)

Requires input

Email address for receiving Sitecore auto scaling notifications.

Lambda S3 bucket name (LambdaZipsBucketName)

Optional

[Optional] The name of the S3 bucket where the Lambda zip files should be placed. If you leave this parameter blank, an S3 bucket will be created.

Table 5. SQL Server configuration
Parameter label (name) Default value Description

Database instance class (DBInstanceClass)

db.r4.2xlarge

Name of the compute and memory capacity class of the database instance.

Database auto minor version upgrade (DBAutoMinorVersionUpgrade)

true

If set to true, minor engine upgrades are applied to the database instance. If set to false, minor engine upgrades are not applied to the database instance.

MSSQL database engine edition (SQLEngineEdition)

sqlserver-se

MSSQL database engine edition.

MSSQL database engine version (SQLEngineVersion)

14.00.3223.3.v1

MSSQL database engine version.

MSSQL always on (SQLAlwaysOn)

False

[Optional] Set to true if you want SQL to be always on (high availability) for the deployment. Beware that this only applies when SQLEngineEdition is set to sqlserver-ee (Enterprise Edition) as the MSSQL database engine edition. If set to false, SQL will be deployed to one Availability Zone.

Data volume size (VolumeSize)

500

Volume size (GB) for the SQL data, logs, and TempDb volumes.

Data volume type (VolumeType)

gp2

Volume type for the SQL Data, Logs and TempDb volumes.

Data volume IOPS (VolumeIops)

1000

Provisioned IOPS for the SQL Data, Logs and TempDb volumes. This parameter is only applicable when VolumeType is set to "io1".

Retention period (BackupRetentionPeriod)

7

Number of days automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.

Table 6. ElastiCache Redis configuration
Parameter label (name) Default value Description

Redis cache node type (CacheNodeType)

cache.m4.large

Instance type the nodes are launched under.

Redis port (RedisPort)

6379

Port number to be used for Redis ElastiCache.

Table 7. AWS Quick Start configuration
Parameter label (name) Default value Description

Quick Start S3 bucket name (QSS3BucketName)

aws-quickstart

S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).

Quick Start S3 bucket region (QSS3BucketRegion)

us-east-1

The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.

Quick Start S3 key prefix (QSS3KeyPrefix)

quickstart-sitecore-xp/

S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).

Launch into an existing VPC

Table 8. Network configuration
Parameter label (name) Default value Description

VPC CIDR (VPCCIDR)

10.0.0.0/16

CIDR Block for the VPC

VPC ID (VPCID)

Requires input

ID of the VPC (e.g., vpc-0343606e)

Private subnet 1A ID (PrivateSubnet1A)

Requires input

ID of the private subnet 1 in Availability Zone 1 (e.g., subnet-a0246dcd)

Private subnet 2A ID (PrivateSubnet2A)

Requires input

ID of the private subnet 2 in Availability Zone 2 (e.g., subnet-a0246dcd)

Public subnet 1 ID (PublicSubnet1)

Requires input

Public subnet in Availability Zone 1

Public subnet 2 ID (PublicSubnet2)

Requires input

Public subnet in Availability Zone 2

Table 9. Sitecore Networking Configuration
Parameter label (name) Default value Description

Content delivery FQDN (CDDNSName)

Requires input

Fully qualified domain name for the content delivery role (e.g., home.example.com).

Content management FQDN (CMDNSName)

Requires input

Fully qualified domain name for the content management role.

Identity server FQDN (ISDNSName)

Requires input

Fully qualified domain name for the identity server role.

Internal DNS suffix (IntDNS)

Optional

[Optional] Internal DNS name. If left blank, one is generated for you. If you have a private Route 53 hosted zone or a private managed DNS connected to your VPC, please provide the DNS suffix of the hosted zone.

Internal Route 53 hosted zone ID (IntVPCR53Zone)

Optional

[Optional] If you already have a private Route 53 hosted zone connected to your VPC, please provide the Route 53 hosted zone ID

Private (non-Route 53) DNS (VPCPrivateDNS)

False

Set to true if you have your own provided DNS servers for your VPC. Should you have your own DNS servers, you must create Canonical Name Record (CNAME) entries for the Sitecore roles. Please see the deloyment guide for details. set to false if you have a private Route 53 hosted zone connected to your VPC.

External ACM ARN (ExternalCertificateARN)

Requires input

[Optional] Provide the Amazon Resource Name (ARN) of the wildcard certificate created in Amazon Certificate Manager. If not provided, a wildcard certificate will be created for you. If you provide an ARN, you do not need to provide details for ExternalCertFQDN or ExternalRoute53ZoneID.

External certificate domain name (ExternalCertFQDN)

Optional

[Optional] External domain name for the Sitecore deployment (e.g., example.com). This is created in ACM as a wildcard certificate (e.g., *.example.com) if no value is provided for ExternalCertificateARN.

External Route 53 zone ID (ExternalR53ZoneID)

Optional

[Optional] Provide the Route 53–hosted zone ID for ExternalCertFQDN if you require certificate validation to be done via DNS. If no Route 53 hosted zone ID is provided, validation is done via email.

Table 10. Sitecore Configuration
Parameter label (name) Default value Description

Minimum content delivery instances (CDMinSize)

1

Minimum number of content delivery instances available.

Maximum content delivery instances (CDMaxSize)

3

Maximum number of content delivery instances available.

Desired content delivery instances (CDDesiredCapacity)

2

Desired number of content delivery instances available.

Content delivery (CDInstanceType)

m5a.xlarge

Content delivery instance type.

Content delivery scaling metric (CDScalingMetric)

ASGAverageCPUUtilization

Metric used to determine scaling of the content delivery role.

Content delivery scaling metric value (CDScalingMetricValue)

70

Value required for the scaling metric (For ASGAverageNetworkIn this value is in bytes).

Minimum content management instances (CMMinSize)

1

Minimum number of content management instances available.

Maximum content management instances (CMMaxSize)

2

Maximum number of content management instances available.

Content management, identity, reference data (CmIdRdInstanceType)

m5a.xlarge

Instance type, applied to the roles of content management, identity, and reference data.

Content management scaling metric (CMScalingMetric)

ASGAverageCPUUtilization

Metric used to determine scaling of the content management role.

Content management scaling metric value (CMScalingMetricValue)

70

Value required for the scaling metric (For ASGAverageNetworkIn this value is in bytes).

Collection, collection search (CollCSInstanceType)

m5a.xlarge

Instance type, applied to the roles of collection, collection search.

Marketing automation, cortex processing, processing (MaCpPrcInstanceType)

m5a.xlarge

Instance type, applied to the roles of marketing automation, cortex processing, and processing.

Marketing automation reporting, cortex reporting, reporting (MarCrRepInstanceType)

m5a.xlarge

Instance type, applied to the roles of marketing automation reporting, cortex reporting, and reporting.

EC2 Key Pair for Sitecore instances (SitecoreKeyPair)

Requires input

EC2 Key Pair to use for the Sitecore instances.

Sitecore installation prefix (SitecorePrefix)

Requires input

Prefix to be used for the Sitecore installation. This is limited to 8 characters.

Sitecore resources S3 Bucket (SitecoreS3Bucket)

Requires input

S3 Bucket name where the Sitecore 9.3 resources are located (installation files, license file, etc.). This deployment will put objects into this bucket.

Sitecore installation files prefix (SCResourcesPrefix)

resources/

Prefix in the S3 Bucket for the Sitecore install files (eg: resources/).

Sitecore license file prefix (SCLicensePrefix)

license/

Prefix in the S3 Bucket for the license.zip file (eg: license/).

Solr server/cluster URL (SOLRUrl)

Optional

[Optional] URL of your Solr server/cluster. If no URL is provided a development Solr instance will be created for this Sitecore deployment. Note: This development Solr instance should not be used within a production environment.

Solr cores prefix (SOLRCorePrefix)

Requires input

If you provided a Solr URL, this is the prefix of your pre-configured Solr cores. If no Solr URL provided, this is the prefix used for the Solr cores on the development Solr instance.

Sitecore environment type (EnvironmentType)

Production

Type of Sitecore deployment.

Sitecore log level (SCLogLevel)

Information

Sitecore deployment configured log level.

Email notifications (EmailNotifications)

Requires input

Email address for receiving Sitecore auto scaling notifications.

Lambda S3 bucket name (LambdaZipsBucketName)

Optional

[Optional] Name of the S3 bucket where the Lambda zip files should be placed. If you leave this parameter blank, an S3 bucket will be created.

Table 11. SQL Server configuration
Parameter label (name) Default value Description

Database instance class (DBInstanceClass)

db.r4.2xlarge

Name of the compute and memory capacity class of the database instance.

Database auto minor version upgrade (DBAutoMinorVersionUpgrade)

false

If set to true, minor engine upgrades are applied to the database instance. If set to false, minor engine upgrades are not applied to the database instance.

MSSQL database engine edition (SQLEngineEdition)

sqlserver-se

MSSQL database engine edition.

MSSQL database engine version (SQLEngineVersion)

14.00.3223.3.v1

MSSQL database engine version.

MSSQL always on (SQLAlwaysOn)

False

[OPTIONAL] Set to true if you want SQL to be always on (high availability) for the deployment. Beware that this only applies when SQLEngineEdition is set to sqlserver-ee (Enterprise Edition) as the MSSQL database engine edition. If set to false, SQL will be deployed to one Availability Zone.

Data volume size (VolumeSize)

500

Volume size (GB) for the SQL data, logs, and TempDb volumes.

Data volume type (VolumeType)

gp2

Volume type for the SQL Data, Logs and TempDb volumes

Data volume IOPS (VolumeIops)

1000

Provisioned IOPS for the SQL Data, Logs and TempDb volumes. This parameter is only applicable when VolumeType is set to "io1"

Retention period (BackupRetentionPeriod)

7

Number of days automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.

Table 12. Redis ElastiCache configuration
Parameter label (name) Default value Description

Redis cache node type (CacheNodeType)

cache.m4.large

Instance type the nodes are launched under.

Redis port (RedisPort)

6379

Port number to be used for Redis ElastiCache.

Table 13. AWS Quick Start configuration
Parameter label (name) Default value Description

Quick Start S3 bucket name (QSS3BucketName)

aws-quickstart

S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).

Quick Start S3 bucket region (QSS3BucketRegion)

us-east-1

The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.

Quick Start S3 key prefix (QSS3KeyPrefix)

quickstart-sitecore-xp/

S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).

  1. On the options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you’re done, choose Next.

  2. On the Review page, review and confirm the template settings. Under Capabilities, select the two check boxes to acknowledge that the template creates IAM resources and might require the ability to automatically expand macros.

  3. Choose Create stack to deploy the stack.

  4. Monitor the status of the stack. When the status is CREATE_COMPLETE, the Sitecore XP 9.3 deployment is ready.

  5. Use the values displayed in the Outputs tab for the stack, as shown in Sitecore XP 9.3 outputs after successful deployment, to view the created resources.

cfn_outputs
Figure 3. Sitecore XP 9.3 outputs after successful deployment

Test the deployment

Use a web browser to find the DNS name you provided for the content delivery role.

To log in to Sitecore, retrieve the administrator password by opening AWS Secrets Manager from within the Region where you deployed this Quick Start. Search for “sitecoreadmin” to find the password value.

When you have the password, use a web browser to find the DNS name for either the content delivery role or content management role. Append /sitecore/admin to the DNS name. This displays the login screen where you can log in and configure your Sitecore environment.

Post deployment steps

Once the Quick Start deployment completes successfully, create DNS entries in your internet-facing DNS for the content delivery, content management, and identity servers. These CNAME entries correspond to the names provided in the initial parameters for the deployment and point to the listed ExternalALBDNS value in the outputs for SitecoreStack.

If you deploy this Quick Start into an existing VPC using your self-managed DNS, you must create DNS CNAME entries for the Sitecore roles. The required CNAME host name and corresponding load balancer DNS can be found in the outputs of RolesStack and SitecoreStack, respectively. When it’s updated, log in to the instance that hosts the marketing automation role, and start the Sitecore marketing automation windows service.

Best practices for using Sitecore XP 9.3 on AWS

Use AWS CloudFormation for ongoing management.

We recommend using the AWS CloudFormation console to manage updates and deletions for the resources that this Quick Start creates. Use the Amazon EC2 console, AWS command line interface (CLI), or application programming interface (API) to change or delete resources created by this Quick Start. Otherwise, future AWS CloudFormation operations on the stack may behave unexpectedly.

All Sitecore instances are in the private subnet, so there is no access to them from the internet. Both Amazon RDS and Amazon ElastiCache are accessible only from within the VPC and not from the internet. All traffic is routed to the Sitecore instances via the deployed load balancers.

Other useful information

Personalized content on Sitecore roles

Once the deployment of the Sitecore Quick Start is complete, you have a default installation of Sitecore XP 9.3 in your AWS account. Your custom Sitecore site must then be deployed to the Sitecore roles. Any media for your site (for example, pictures and videos) should be stored within an S3 bucket and referenced within the website’s code. Storing local media content through Sitecore roles should be avoided because it can increase the load on your content instances. It may also affect Auto Scaling because it takes time to transfer media to a new instance.

Parameter Store

All Sitecore role installations are done via the Sitecore Installation Framework (SIF). Using SIF allows parameters to be passed to the Sitecore role installation when the instance starts for the first time. All of these parameters are stored within AWS Systems Manager Parameter Store. If any of the values within Parameter Store are updated, the instances can be deleted so that when the instance starts up, the Sitecore installation uses the updated parameter values. For example, this could be used to update the Solr URL or Solr Core prefix for the Sitecore roles.

Secrets Manager

All Sitecore passwords are generated via AWS Secrets Manager. They are referenced when the databases are created and the Sitecore roles are installed.

Sitecore certificates

Because Sitecore requires Secure Sockets Layer (SSL) communication between roles, an internal self-signed certificate is generated. This certificate is imported into the certificate store on the Sitecore AMI and then exported and stored in the S3 bucket provided in the deployment parameters. The certificate is then converted and imported into ACM via a Lambda function and used on the internal Application Load Balancer for the HTTPS listener. All other internal Sitecore roles sit behind their own Network Load Balancers because they require TLS pass-through.

The certificate is valid for five years from the date of installation. Should a new certificate be needed for the Sitecore deployment, one can be generated by running the sc-newcerts.ps1 script, which can be found in the C:\quickstart\scripts folder. When it’s generated, the certificate must be converted, imported into ACM, and updated on the internal Application Load Balancer listener.

Sitecore Internet Information Service configurations

Because Sitecore is a database- and personalization-driven CMS, the Sitecore Internet Information Service (IIS) must be configured for preloaded content, and the application pool must always be running. When you install a Sitecore role, the corresponding application pool is set to AlwaysRunning and the website is set to preload content.

Redis for session management

While the content delivery role installs, the Sitecore configuration files update for both private- and shared-session management. If these files are overwritten by custom content, they must be updated with the correct Redis details.

The URL for Redis can be found in the CloudFormation outputs, or in the SSM Parameter Store.

FAQ

Q. I encountered a CREATE_FAILED error when I launched the Quick Start.

A. If AWS CloudFormation fails to create the stack, we recommend that you relaunch the template with Rollback on failure set to No. (This setting is under Advanced in the AWS CloudFormation console, Options page.) With this setting, the stack’s state is retained and the instance is left running, so you can troubleshoot the issue. (For Windows, look at the log files in %ProgramFiles%\Amazon\EC2ConfigService and C:\cfn\log.)

When you set Rollback on failure to Disabled, you continue to incur AWS charges for this stack. Please make sure to delete the stack when you finish troubleshooting.

For additional information, see Troubleshooting AWS CloudFormation on the AWS website.

Q. I encountered a size limitation error when I deployed the AWS CloudFormation templates.

A. We recommend that you launch the Quick Start templates from the links in this guide or from another S3 bucket. If you deploy the templates from a local copy on your computer or from a location other than an S3 bucket, you might encounter template size limitations. For more information about AWS CloudFormation quotas, see the AWS documentation.

Q. When browsing the content-delivery website, I get a 504 error.

A. This issue is experienced if the content-delivery or content-management server takes more than 60 seconds to respond to an Application Load Balancer request. Ensure that the Sitecore role has the IIS Application Pool configured to remain running. Based on the complexity of your website, responses from the database and other roles can also affect response time. Ensure that the database and instances are sized correctly for your environment.

Using browser caching or a content delivery network can also assist the caching of common content and therefore reduce the load on the Sitecore environment.

Q. When I try to log in to the Sitecore administrator interface, I get an incorrect password error.

A. Despite installation logs that show the password was correctly configured, there are known issues where the specified Sitecore administrator password in AWS Secrets Manager is not successfully applied. To log in, you must reset the password in the Sitecore Core database.

Q. How do I update SSL certificates when they expire?

A. Please see the Other useful information section for guidance about updating internal Sitecore certificates.

Q. Where are the deployment logs?

A. All resources and logs for deployments are found either in Amazon CloudWatch Logs or in the instances themselves under C:\resources\logs\.

Q. How do I apply a new license?

A. When a Sitecore license expires, manually update it for each instance by copying your Sitecore license.xml file to the /site/wwwroot/App_Data directory. But, if an Auto Scaling group creates a new instance, it attempts to retrieve the Sitecore license from the S3 bucket and prefix provided in the initial deployment. Therefore, it’s necessary to replace the existing license by uploading a new Sitecore license into the S3 bucket and prefix.

Send us feedback

To post feedback, submit feature ideas, or report bugs, use the Issues section of the GitHub repository for this Quick Start. If you’d like to submit code, please review the Quick Start Contributor’s Guide.

Quick Start reference deployments

GitHub repository

You can visit our GitHub repository to download the templates and scripts for this Quick Start, to post your comments, and to share your customizations with others.


© 2020, Amazon Web Services Inc., or its affiliates, and Sitecore. All rights reserved.

Notices

This document is provided for informational purposes only. It represents AWS’s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

The software included with this paper is licensed under the Apache License, version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at http://aws.amazon.com/apache2.0/ or in the accompanying "license" file. This code is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either expressed or implied. See the License for specific language governing permissions and limitations.