Build a Simple F5 Application Services Evaluation Lab on AWS Part 1 The Plan and Plumbing


In my ongoing attempts to both help our customers, and potential customers understand and test all the cool things you can do with a BIG-IP, I thought it was time we built a simple and easy to deploy demo environment.

The aim is to help you create a sandbox with some application servers, a BIG-IP, and some test tools, along with some examples and guidance on how to explore the more advanced traffic management and security services like blue-green deployments and bot detection.

There are plenty of more advanced deployment scenarios and production-ready deployment examples, but this is supposed to be simple deployment that can be run in a limited number of places, and is all about the application services, not about the plumbing.

This guide will take you through some of the very basics of the tools we will be using as we build the lab. If you’re familiar with building cloud infrastructure templates, tools to launch and monitor cloud configs and infrastructure-as-code, then you will probably want to wait for the later parts of this series, because ware starting very simply

So, what are we going to need?

  • Some simple applications
  • A BIG-IP
  • Somewhere to run and manage tests
  • Some documentation

I’m aiming to build an environment that looks a bit like this:

The most obvious thing to build is some kind of Cloud Infrastructure-as-a-Service (Iaas) infrastructure as Code (IaC) template solution and the most obvious place to pilot that is AWS as it’s the most-used cloud IaaS platform with a mature IaC system: CloudFormation.

AWS CloudFormation lets you build and configure a Virtual Private Cloud and populate it with networking and compute infrastructure, all based on a (relatively) simple YAML or JSON file called a Cloud Formation Template (CFT). SDK’s and CLI tools for things like PowerShell and Linux make launching, monitoring and deleting ‘stacks’ created with CFTs fast and mainly intuitive. Deleting a stack deletes all the resources created by it – which is really handy since there is going to be a lot of trial and even more error during the development of this lab.

What tools am I going to use?

  • A text editor – personally I like SublimeText – but whatever floats your boat.
  • The AWS tools for PowerShell – while from a server perspective I’m Unix/Linux all the way, purely due to familiarity, like many, my workstation is Windows and I really want to be able to develop and test the CFT’s without added complexity. Despite a sub-101 knowledge of PowerShell, it’s turning out to be easy to use.
  • An AWS account. Obviously.
  • The F5 CloudFormation Templates collection - these large, full featured, and supported templates will serve as a useful guide to building our simplified, more comprehensible template.
  • Google, just so much google to find out what I’ve done wrong, and to hunt for clues to get it right. 


  • An AWS account and IAM user – take a look at my recent article for more information on that.
  • Install the AWS CLI tools for PowerShell – you *may* run into PowerShell Constrained Language Mode issues depending on your IT policy, so it might be worth testing you language mode early by using the PS C:\> $ExecutionContext.SessionState.LanguageMode command – you want to be getting FullLanguage as the response. If you are in constrained language mode then you should talk nicely to your IT security team to get that addressed.
  •  Next, configure credentials for your IAM user within PowerShell

Getting to “hello world”

Test your PowerShell Setup:

PS C:\> Get-EC2ImageByName


Create an S3 Bucket to keep your CFT’s in

PS C:\> New-S3Bucket -BucketName f5cft101 -Region us-west-1
CreationDate          BucketName
------------          ----------
5/3/2019 9:08:15 PM   f5cft101

Deploying infrastructure with CFT – a ‘Hello World’ CFT deployment

So first let’s make the world’s simplest CFT:

Type: AWS::S3::Bucket

We now need to get it into our S3 bucket – use whatever you feel like but I’ve been using a PowerShell command that looks like this:

PS C:\> Write-S3Object -BucketName as3bkt -File .\HelloWorld.templ

Now we can launch a stack based on our template:

PS C:\>New-CFNStack -StackName HelloWorld -TemplateURL

Calling Get-CFNStack shows:

StackName                                CreationTime         LastUpdatedTime     Capabilities                                  StackStatus      DisableRollback
---------                                ------------         ---------------     ------------                                  -----------      ---------------
HelloWorld                               5/10/2019 2:36:50 PM 1/1/0001 12:00:00 AM {}                                            CREATE_COMPLETE  False

Check we have actually created the bucket from the CloudFormation template:

 PS C:\> Get-S3Bucket | findstr -i hellobucket

5/10/2019 2:36:56 PM  helloworld-hellobucket-apbufnqznzo3

And then delete the bucket by deleting the stack:

 Remove-CFNStack -StackName HelloWorld –force

And confirm that Get-S3Bucket | findstr -i hellobucket shows that our bucket is gone

Building the Base VPC infrastructure:

The Resources Section of the CFT is where all our components are defined. We’ll start with the VPC, Intnernet gateway, subnet and other networking infrastructure:

AWSTemplateFormatVersion: 2010-09-09
# This CloudFormation template deploys a basic F5 Demo Environment in a VPC
# It is not production ready and is intended for test use only
# No warraty explicit or implied is granted
# Plumbing
    Type: AWS::EC2::VPC
      EnableDnsSupport: true
      EnableDnsHostnames: true
      - Key: Name
        Value: !Join ['', [!Ref "AWS::StackName", "-VPC" ]]
  # Our VPC will need internet access:    
    Type: AWS::EC2::InternetGateway
    DependsOn: VPC
      - Key: Name
        Value: !Join ['', [!Ref "AWS::StackName", "-IGW" ]]
    Type: AWS::EC2::VPCGatewayAttachment
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway
    Type: AWS::EC2::Subnet
      VpcId: !Ref VPC
      AvailabilityZone: !Select [ 0, !GetAZs ]   # Get the first AZ in the list      
      - Key: Name
        Value: !Sub ${AWS::StackName}-Public-SN
  # Route table for subnet:
    Type: AWS::EC2::RouteTable
      VpcId: !Ref VPC
      - Key: Name
        Value: !Sub ${AWS::StackName}-Public-RT
  PublicRoute1:  # Public route table has direct routing to IGW:
    Type: AWS::EC2::Route
    DependsOn: AttachGateway
      RouteTableId: !Ref PublicRouteTable
      GatewayId: !Ref InternetGateway 
  # A NAT Gateway:
    Type: AWS::EC2::NatGateway
      AllocationId: !GetAtt NgElasticIPAddress.AllocationId
      SubnetId: !Ref PublicSubnet
      - Key: Name
        Value: !Sub NAT-${AWS::StackName}
    Type: AWS::EC2::EIP
      Domain: VPC
    Type: AWS::EC2::EIP
      Domain: VPC
  # Associate A the public Subnet with the Route Table
    Type: AWS::EC2::SubnetRouteTableAssociation
      SubnetId: !Ref PublicSubnet
      RouteTableId: !Ref PublicRouteTable

Most of the entries are pretty self-explanatory – but notice the !<command> entries that perform some functions in cloud formation. These are known as Intrinsic Functions and we’ll be using them frequently to make our CFT do ‘stuff’. Notice also there are some Pseudo Parameters like AWS::StackName that are predefined by AWS CloudFormation.

Adding this to our S3 bucket would look something like this:

 New-CFNStack -StackName justPlumbing -TemplateURL https://<your bucket>JustPlumbing.tmpl

Running the CFT

PS C:\ New-CFNStack -StackName justPlumbing -TemplateURL

Checking the status should (eventually) show us that our stack is created:

PS C:\ Get-CFNStack
StackName                                CreationTime         LastUpdatedTime     Capabilities                                  StackStatus      DisableRollback
---------                                ------------         ---------------     ------------                                  -----------      ---------------
justPlumbing                             5/14/2019 9:29:11 AM 1/1/0001 12:00:00 AM {}                                            CREATE_COMPLETE  False

So there we have a basic empty VPC with a subnet, routing and a gateway.

In part II, we will install some servers, provision them with Docker and then download and run some containers.

Published Jun 28, 2019
Version 1.0

Was this article helpful?

No CommentsBe the first to comment