IAM Policies for AWS F5 VE HA setup?

Question

I've got a pair of HA F5 LTM 1gbps best setup in a VPC in AWS. The configsync and failover are configured correctly, but the aws API calls don't seem to be working to pass the VIPs back and forth during failover. I set the reassociate checkbox when creating the secondary IPs in the AWS console. I have the user IAM policies set to EC2-FullControl at the moment. I was testing with FullAdmin policies as well to try to remove that as a concern, but the VIPs didn't move with that config either. Any ideas? I'd like to run with the most restrictive permissions if possible, so if the exact API calls are known, I can craft an IAM policy to only allow those. But there is no public documentation about which API calls are made. Other things I can check to get the VIPs to move on failover?

jrahm · Answer

Hi John, for AWS specific implementations, you can chat with an F5 Support Engineer for assistance.&nbsp;

Forum Discussion

IAM Policies for AWS F5 VE HA setup?

1 Reply

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Can one create one virtual server with two pool members with multiple services running on it?

Maintenance page / local website that includes subfolders

AWS F5_OWASP Managed Rule Blocking requests

AST Configuration help

rSeries Configuration Backup

Related Content

Less than 60 seconds lab setup

Fine-Tuning F5 NGINX WAF Policy with Policy Lifecycle Manager and Security Dashboard

LTM Policy

iControl REST Cookbook - LTM policy (ltm policy)

How to Setup Shape Log Analysis in Fastly

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS