AWS CFT for BYOL BIG-IP 11.6 in EC2
Problem this snippet solves:
WARNING You will be billed for the AWS resources used if you create a stack from this template.
Provides a easy way to launch and test BIG-IP in AWS using Amazon CloudFormation Templates.
- Creates a new VPC, subnet, security groups, 3 sub-nets (external, internal, management)
- Launches a BYOL BIG-IP 11.6 instance from the AWS Marketplace within this VPC
- Attaches networking interfaces on BIG-IP to each of the above subnets.
- Attaches elastic IP address (EIPs) to management and external interfaces.
How to use this snippet:
-
The steps for using this codeshare item are identical to the following codeshare item: https://devcentral.f5.com/codeshare/aws-cloudformation-template-for-hourly-big-ip-116-in-ec2
-
As an additional step, you will need to license BIG-IP (BYOL = bring your own license). See support.f5.com for details on the licensing process: https://support.f5.com/kb/en-us/solutions/public/2000/500/sol2595.html
Code :
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "AWS CloudFormation Template for BYOL BIG-IP AMIs. This template launches BIG-IP as an Amazon EC2 instance. It also creates all networking resources necessary to support BIG-IP and an application server. No web-servers are launched as part of this CFT. **WARNING** You will be billed for the AWS resources used if you create a stack from this template.", "Parameters": { "BigIPInstanceType": { "Description": "F5 BIG-IP Virtual Instance Type", "Type": "String", "Default": "m3.xlarge", "AllowedValues": [ "m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "cc1.4xlarge", "cc2.8xlarge", "cg1.4xlarge" ], "ConstraintDescription": "must be a valid Big-IP EC2 instance type." }, "BigIpLicensePackage": { "Description": "F5 BigIP License Package", "Type": "String", "Default": "Good", "AllowedValues": [ "Good", "Better", "Best" ] }, "KeyName": { "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance", "Type": "AWS::EC2::KeyPair::KeyName" }, "SSHLocation": { "Description": " The IP address range that can be used to SSH to the EC2 instances", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "0.0.0.0/0", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." } }, "Mappings": { "BigIPRegionMap": { "ap-northeast-1": { "Best": "ami-ede013ed", "Better": "ami-1fe4171f", "Good": "ami-23fd0e23" }, "ap-southeast-1": { "Best": "ami-78ecdc2a", "Better": "ami-88ebdbda", "Good": "ami-c0ebdb92" }, "ap-southeast-2": { "Best": "ami-1755262d", "Better": "ami-c55625ff", "Good": "ami-f95625c3" }, "eu-central-1": { "Best": "ami-c293aedf", "Better": "ami-de93aec3", "Good": "ami-8293ae9f" }, "eu-west-1": { "Best": "ami-4f089038", "Better": "ami-21178f56", "Good": "ami-e3158d94" }, "sa-east-1": { "Best": "ami-a57cc7b8", "Better": "ami-ad7cc7b0", "Good": "ami-037cc71e" }, "us-east-1": { "Best": "ami-609db608", "Better": "ami-e29fb48a", "Good": "ami-989bb0f0" }, "us-west-1": { "Best": "ami-274fae63", "Better": "ami-7b4fae3f", "Good": "ami-674cad23" }, "us-west-2": { "Best": "ami-d94e60e9", "Better": "ami-47715f77", "Good": "ami-ff735dcf" } } }, "Resources": { "VPC": { "Type": "AWS::EC2::VPC", "Properties": { "EnableDnsSupport": "true", "EnableDnsHostnames": "true", "CidrBlock": "10.0.0.0/16", "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackName" } } ] } }, "ManagementSubnet": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPC" }, "CidrBlock": "10.0.0.0/24", "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackName" } } ] } }, "ExternalSubnet": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPC" }, "CidrBlock": "10.0.1.0/24", "AvailabilityZone": { "Fn::GetAtt": [ "ManagementSubnet", "AvailabilityZone" ] }, "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackName" } } ] } }, "InternalSubnet": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPC" }, "CidrBlock": "10.0.2.0/24", "AvailabilityZone": { "Fn::GetAtt": [ "ManagementSubnet", "AvailabilityZone" ] }, "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackName" } } ] } }, "InternetGateway": { "Type": "AWS::EC2::InternetGateway", "Properties": { "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackName" } } ] } }, "AttachGateway": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "VPC" }, "InternetGatewayId": { "Ref": "InternetGateway" } } }, "ExternalRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPC" }, "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackName" } }, { "Key": "Network", "Value": "External" } ] } }, "ExternalRoute": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "ExternalRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "InternetGateway" } } }, "ExternalSubnetRouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "ExternalSubnet" }, "RouteTableId": { "Ref": "ExternalRouteTable" } } }, "InternalRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPC" }, "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackName" } }, { "Key": "Network", "Value": "Internal" } ] } }, "InternalRoute": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "InternalRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "InternetGateway" } } }, "InternalSubnetRouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "InternalSubnet" }, "RouteTableId": { "Ref": "InternalRouteTable" } } }, "ManagementRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPC" }, "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackName" } }, { "Key": "Network", "Value": "Mgmt" } ] } }, "ManagementRoute": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "ManagementRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "InternetGateway" } } }, "ManagementSubnetRouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "ManagementSubnet" }, "RouteTableId": { "Ref": "ManagementRouteTable" } } }, "SubnetRouteTableAssociationManagement": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "ManagementSubnet" }, "RouteTableId": { "Ref": "ManagementRouteTable" } } }, "SubnetRouteTableAssociationInternal": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "InternalSubnet" }, "RouteTableId": { "Ref": "InternalRouteTable" } } }, "SubnetRouteTableAssociationExternal": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "ExternalSubnet" }, "RouteTableId": { "Ref": "ExternalRouteTable" } } }, "BigIPManagementSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref": "VPC" }, "GroupDescription": "Enable SSH access via port 22", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": { "Ref": "SSHLocation" } }, { "IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": { "Ref": "SSHLocation" } } ] } }, "BigIPExternalSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref": "VPC" }, "GroupDescription": "Enable SSH access via port 22", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": "0.0.0.0/0" } ] } }, "BigIPInternalSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref": "VPC" }, "GroupDescription": "Enable SSH access via port 22", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "8080", "ToPort": "8080", "CidrIp": "10.0.2.0/24" }, { "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": "10.0.2.0/24" }, { "IpProtocol": "icmp", "FromPort": "-1", "ToPort": "-1", "CidrIp": "10.0.2.0/24" } ] } }, "ManagementInterface": { "Type": "AWS::EC2::NetworkInterface", "Properties": { "Description": "Management Interface for the BigIP", "GroupSet": [ { "Ref": "BigIPManagementSecurityGroup" } ], "SubnetId": { "Ref": "ManagementSubnet" } } }, "InternalInterface": { "Type": "AWS::EC2::NetworkInterface", "Properties": { "Description": "Internal Interface for the BigIP", "GroupSet": [ { "Ref": "BigIPInternalSecurityGroup" } ], "SubnetId": { "Ref": "InternalSubnet" } } }, "ExternalInterface": { "Type": "AWS::EC2::NetworkInterface", "Properties": { "Description": "External Interface for the BigIP", "GroupSet": [ { "Ref": "BigIPExternalSecurityGroup" } ], "SubnetId": { "Ref": "ExternalSubnet" }, "SecondaryPrivateIpAddressCount": "1" } }, "ManagementIPAddress": { "Type": "AWS::EC2::EIP", "DependsOn": "AttachGateway", "Properties": { "Domain": "vpc" } }, "InternalWebserverIPAddress": { "Type": "AWS::EC2::EIP", "DependsOn": "AttachGateway", "Properties": { "Domain": "vpc" } }, "ManagementIPAssociation": { "Type": "AWS::EC2::EIPAssociation", "Properties": { "AllocationId": { "Fn::GetAtt": [ "ManagementIPAddress", "AllocationId" ] }, "NetworkInterfaceId": { "Ref": "ManagementInterface" } } }, "VIPIPAddress": { "Type": "AWS::EC2::EIP", "DependsOn": "AttachGateway", "Properties": { "Domain": "vpc" } }, "VIPIPAssociation": { "Type": "AWS::EC2::EIPAssociation", "Properties": { "AllocationId": { "Fn::GetAtt": [ "VIPIPAddress", "AllocationId" ] }, "NetworkInterfaceId": { "Ref": "ExternalInterface" }, "PrivateIpAddress": { "Fn::Select": [ "0", { "Fn::GetAtt": [ "ExternalInterface", "SecondaryPrivateIpAddresses" ] } ] } } }, "BigIpInstance": { "Type": "AWS::EC2::Instance", "Properties": { "ImageId": { "Fn::FindInMap": [ "BigIPRegionMap", { "Ref": "AWS::Region" }, { "Ref": "BigIpLicensePackage" } ] }, "InstanceType": { "Ref": "BigIPInstanceType" }, "KeyName": { "Ref": "KeyName" }, "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackName" } } ], "AvailabilityZone": { "Fn::GetAtt": [ "ManagementSubnet", "AvailabilityZone" ] }, "NetworkInterfaces": [ { "Description": "Management Interface", "DeviceIndex": "0", "NetworkInterfaceId": { "Ref": "ManagementInterface" } }, { "Description": "External Interface", "DeviceIndex": "1", "NetworkInterfaceId": { "Ref": "ExternalInterface" } }, { "Description": "Internal Interface", "DeviceIndex": "2", "NetworkInterfaceId": { "Ref": "InternalInterface" } } ] } }, "WebServerSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref": "VPC" }, "GroupDescription": "Enable HTTP access via port 80", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "icmp", "FromPort": "-1", "ToPort": "-1", "CidrIp": "0.0.0.0/0" } ] } } }, "Outputs": { "BigIpManagementIp": { "Value": { "Fn::Join": [ "", [ "https://", { "Fn::GetAtt": [ "BigIpInstance", "PublicIp" ] } ] ] }, "Description": "BigIP Management GUI" }, "PublicVIP": { "Value": { "Fn::Join": [ "", [ "http://", { "Ref": "VIPIPAddress" }, ":80" ] ] } }, "InternalInterfacePrivateIp": { "Description": "Internally routable IP of internal interface on BIG-IP", "Value": { "Fn::Join": [ "", ["", { "Fn::GetAtt": [ "InternalInterface", "PrimaryPrivateIpAddress" ] } ]] } }, "ExternalInterfacePrivateIp": { "Description": "Internally routable IP of external interface on BIG-IP", "Value": { "Fn::Join": [ "", ["", { "Fn::GetAtt": [ "ExternalInterface", "PrimaryPrivateIpAddress" ] } ]] } } } }
Tested this on version:
11.6Published Jul 09, 2015
Version 1.0ChrisMutzel_151
Altocumulus
Joined May 04, 2019
ChrisMutzel_151
Altocumulus
Joined May 04, 2019
No CommentsBe the first to comment