AWS CFT for BYOL BIG-IP 11.6 in EC2
Problem this snippet solves:
WARNING You will be billed for the AWS resources used if you create a stack from this template.
Provides a easy way to launch and test BIG-IP in AWS using Amazon CloudFormation Templates.
- Creates a new VPC, subnet, security groups, 3 sub-nets (external, internal, management)
- Launches a BYOL BIG-IP 11.6 instance from the AWS Marketplace within this VPC
- Attaches networking interfaces on BIG-IP to each of the above subnets.
- Attaches elastic IP address (EIPs) to management and external interfaces.
How to use this snippet:
-
The steps for using this codeshare item are identical to the following codeshare item: https://devcentral.f5.com/codeshare/aws-cloudformation-template-for-hourly-big-ip-116-in-ec2
-
As an additional step, you will need to license BIG-IP (BYOL = bring your own license). See support.f5.com for details on the licensing process: https://support.f5.com/kb/en-us/solutions/public/2000/500/sol2595.html
Code :
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "AWS CloudFormation Template for BYOL BIG-IP AMIs. This template launches BIG-IP as an Amazon EC2 instance. It also creates all networking resources necessary to support BIG-IP and an application server. No web-servers are launched as part of this CFT. **WARNING** You will be billed for the AWS resources used if you create a stack from this template.",
"Parameters": {
"BigIPInstanceType": {
"Description": "F5 BIG-IP Virtual Instance Type",
"Type": "String",
"Default": "m3.xlarge",
"AllowedValues": [
"m3.xlarge",
"m3.2xlarge",
"c1.medium",
"c1.xlarge",
"cc1.4xlarge",
"cc2.8xlarge",
"cg1.4xlarge"
],
"ConstraintDescription": "must be a valid Big-IP EC2 instance type."
},
"BigIpLicensePackage": {
"Description": "F5 BigIP License Package",
"Type": "String",
"Default": "Good",
"AllowedValues": [
"Good",
"Better",
"Best"
]
},
"KeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance",
"Type": "AWS::EC2::KeyPair::KeyName"
},
"SSHLocation": {
"Description": " The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
}
},
"Mappings": {
"BigIPRegionMap": {
"ap-northeast-1": {
"Best": "ami-ede013ed",
"Better": "ami-1fe4171f",
"Good": "ami-23fd0e23"
},
"ap-southeast-1": {
"Best": "ami-78ecdc2a",
"Better": "ami-88ebdbda",
"Good": "ami-c0ebdb92"
},
"ap-southeast-2": {
"Best": "ami-1755262d",
"Better": "ami-c55625ff",
"Good": "ami-f95625c3"
},
"eu-central-1": {
"Best": "ami-c293aedf",
"Better": "ami-de93aec3",
"Good": "ami-8293ae9f"
},
"eu-west-1": {
"Best": "ami-4f089038",
"Better": "ami-21178f56",
"Good": "ami-e3158d94"
},
"sa-east-1": {
"Best": "ami-a57cc7b8",
"Better": "ami-ad7cc7b0",
"Good": "ami-037cc71e"
},
"us-east-1": {
"Best": "ami-609db608",
"Better": "ami-e29fb48a",
"Good": "ami-989bb0f0"
},
"us-west-1": {
"Best": "ami-274fae63",
"Better": "ami-7b4fae3f",
"Good": "ami-674cad23"
},
"us-west-2": {
"Best": "ami-d94e60e9",
"Better": "ami-47715f77",
"Good": "ami-ff735dcf"
}
}
},
"Resources": {
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"CidrBlock": "10.0.0.0/16",
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
}
]
}
},
"ManagementSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": "10.0.0.0/24",
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
}
]
}
},
"ExternalSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": {
"Fn::GetAtt": [
"ManagementSubnet",
"AvailabilityZone"
]
},
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
}
]
}
},
"InternalSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": "10.0.2.0/24",
"AvailabilityZone": {
"Fn::GetAtt": [
"ManagementSubnet",
"AvailabilityZone"
]
},
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
}
]
}
},
"InternetGateway": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
}
]
}
},
"AttachGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"InternetGatewayId": {
"Ref": "InternetGateway"
}
}
},
"ExternalRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
},
{
"Key": "Network",
"Value": "External"
}
]
}
},
"ExternalRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ExternalRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "InternetGateway"
}
}
},
"ExternalSubnetRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "ExternalSubnet"
},
"RouteTableId": {
"Ref": "ExternalRouteTable"
}
}
},
"InternalRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
},
{
"Key": "Network",
"Value": "Internal"
}
]
}
},
"InternalRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "InternalRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "InternetGateway"
}
}
},
"InternalSubnetRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "InternalSubnet"
},
"RouteTableId": {
"Ref": "InternalRouteTable"
}
}
},
"ManagementRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
},
{
"Key": "Network",
"Value": "Mgmt"
}
]
}
},
"ManagementRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ManagementRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "InternetGateway"
}
}
},
"ManagementSubnetRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "ManagementSubnet"
},
"RouteTableId": {
"Ref": "ManagementRouteTable"
}
}
},
"SubnetRouteTableAssociationManagement": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "ManagementSubnet"
},
"RouteTableId": {
"Ref": "ManagementRouteTable"
}
}
},
"SubnetRouteTableAssociationInternal": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "InternalSubnet"
},
"RouteTableId": {
"Ref": "InternalRouteTable"
}
}
},
"SubnetRouteTableAssociationExternal": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "ExternalSubnet"
},
"RouteTableId": {
"Ref": "ExternalRouteTable"
}
}
},
"BigIPManagementSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"GroupDescription": "Enable SSH access via port 22",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {
"Ref": "SSHLocation"
}
},
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": {
"Ref": "SSHLocation"
}
}
]
}
},
"BigIPExternalSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"GroupDescription": "Enable SSH access via port 22",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"BigIPInternalSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"GroupDescription": "Enable SSH access via port 22",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "8080",
"ToPort": "8080",
"CidrIp": "10.0.2.0/24"
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "10.0.2.0/24"
},
{
"IpProtocol": "icmp",
"FromPort": "-1",
"ToPort": "-1",
"CidrIp": "10.0.2.0/24"
}
]
}
},
"ManagementInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "Management Interface for the BigIP",
"GroupSet": [
{
"Ref": "BigIPManagementSecurityGroup"
}
],
"SubnetId": {
"Ref": "ManagementSubnet"
}
}
},
"InternalInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "Internal Interface for the BigIP",
"GroupSet": [
{
"Ref": "BigIPInternalSecurityGroup"
}
],
"SubnetId": {
"Ref": "InternalSubnet"
}
}
},
"ExternalInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "External Interface for the BigIP",
"GroupSet": [
{
"Ref": "BigIPExternalSecurityGroup"
}
],
"SubnetId": {
"Ref": "ExternalSubnet"
},
"SecondaryPrivateIpAddressCount": "1"
}
},
"ManagementIPAddress": {
"Type": "AWS::EC2::EIP",
"DependsOn": "AttachGateway",
"Properties": {
"Domain": "vpc"
}
},
"InternalWebserverIPAddress": {
"Type": "AWS::EC2::EIP",
"DependsOn": "AttachGateway",
"Properties": {
"Domain": "vpc"
}
},
"ManagementIPAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ManagementIPAddress",
"AllocationId"
]
},
"NetworkInterfaceId": {
"Ref": "ManagementInterface"
}
}
},
"VIPIPAddress": {
"Type": "AWS::EC2::EIP",
"DependsOn": "AttachGateway",
"Properties": {
"Domain": "vpc"
}
},
"VIPIPAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"VIPIPAddress",
"AllocationId"
]
},
"NetworkInterfaceId": {
"Ref": "ExternalInterface"
},
"PrivateIpAddress": {
"Fn::Select": [
"0",
{
"Fn::GetAtt": [
"ExternalInterface",
"SecondaryPrivateIpAddresses"
]
}
]
}
}
},
"BigIpInstance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": {
"Fn::FindInMap": [
"BigIPRegionMap",
{
"Ref": "AWS::Region"
},
{
"Ref": "BigIpLicensePackage"
}
]
},
"InstanceType": {
"Ref": "BigIPInstanceType"
},
"KeyName": {
"Ref": "KeyName"
},
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
}
],
"AvailabilityZone": {
"Fn::GetAtt": [
"ManagementSubnet",
"AvailabilityZone"
]
},
"NetworkInterfaces": [
{
"Description": "Management Interface",
"DeviceIndex": "0",
"NetworkInterfaceId": {
"Ref": "ManagementInterface"
}
},
{
"Description": "External Interface",
"DeviceIndex": "1",
"NetworkInterfaceId": {
"Ref": "ExternalInterface"
}
},
{
"Description": "Internal Interface",
"DeviceIndex": "2",
"NetworkInterfaceId": {
"Ref": "InternalInterface"
}
}
]
}
},
"WebServerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"GroupDescription": "Enable HTTP access via port 80",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "icmp",
"FromPort": "-1",
"ToPort": "-1",
"CidrIp": "0.0.0.0/0"
}
]
}
}
},
"Outputs": {
"BigIpManagementIp": {
"Value": {
"Fn::Join": [
"",
[
"https://",
{
"Fn::GetAtt": [
"BigIpInstance",
"PublicIp"
]
}
]
]
},
"Description": "BigIP Management GUI"
},
"PublicVIP": {
"Value": {
"Fn::Join": [
"",
[
"http://",
{
"Ref": "VIPIPAddress"
},
":80"
]
]
}
},
"InternalInterfacePrivateIp": {
"Description": "Internally routable IP of internal interface on BIG-IP",
"Value": {
"Fn::Join": [
"", ["",
{
"Fn::GetAtt": [
"InternalInterface",
"PrimaryPrivateIpAddress"
]
}
]]
}
},
"ExternalInterfacePrivateIp": {
"Description": "Internally routable IP of external interface on BIG-IP",
"Value": {
"Fn::Join": [
"", ["",
{
"Fn::GetAtt": [
"ExternalInterface",
"PrimaryPrivateIpAddress"
]
}
]]
}
}
}
}Tested this on version:
11.6Published Jul 09, 2015
Version 1.0
ChrisMutzel_151
Altocumulus
AltocumulusChrisMutzel_151Altocumulus
AltocumulusNo CommentsBe the first to comment