cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
ChrisMutzel_151
Altocumulus
Altocumulus

Problem this snippet solves:

WARNING You will be billed for the AWS resources used if you create a stack from this template.

Provides a easy way to launch and test BIG-IP in AWS using Amazon CloudFormation Templates.

  • Creates a new VPC, subnet, security groups, 3 sub-nets (external, internal, management)
  • Launches a BYOL BIG-IP 11.6 instance from the AWS Marketplace within this VPC
  • Attaches networking interfaces on BIG-IP to each of the above subnets.
  • Attaches elastic IP address (EIPs) to management and external interfaces.

How to use this snippet:

  • The steps for using this codeshare item are identical to the following codeshare item: https://devcentral.f5.com/codeshare/aws-cloudformation-template-for-hourly-big-ip-116-in-ec2

  • As an additional step, you will need to license BIG-IP (BYOL = bring your own license). See support.f5.com for details on the licensing process: https://support.f5.com/kb/en-us/solutions/public/2000/500/sol2595.html

Code :

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "AWS CloudFormation Template for BYOL BIG-IP AMIs. This template launches BIG-IP as an Amazon EC2 instance.  It also creates all networking resources necessary to support BIG-IP and an application server.  No web-servers are launched as part of this CFT. **WARNING** You will be billed for the AWS resources used if you create a stack from this template.",
  "Parameters": {
    "BigIPInstanceType": {
      "Description": "F5 BIG-IP Virtual Instance Type",
      "Type": "String",
      "Default": "m3.xlarge",
      "AllowedValues": [
        "m3.xlarge",
        "m3.2xlarge",
        "c1.medium",
        "c1.xlarge",
        "cc1.4xlarge",
        "cc2.8xlarge",
        "cg1.4xlarge"
      ],
      "ConstraintDescription": "must be a valid Big-IP EC2 instance type."
    },
    "BigIpLicensePackage": {
      "Description": "F5 BigIP License Package",
      "Type": "String",
      "Default": "Good",
      "AllowedValues": [
        "Good",
        "Better",
        "Best"
      ]
    },
    "KeyName": {
      "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance",
      "Type": "AWS::EC2::KeyPair::KeyName"
    },
    "SSHLocation": {
      "Description": " The IP address range that can be used to SSH to the EC2 instances",
      "Type": "String",
      "MinLength": "9",
      "MaxLength": "18",
      "Default": "0.0.0.0/0",
      "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
      "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
    }
  },
  "Mappings": {
    "BigIPRegionMap": {
      "ap-northeast-1": {
        "Best": "ami-ede013ed",
        "Better": "ami-1fe4171f",
        "Good": "ami-23fd0e23"
      },
      "ap-southeast-1": {
        "Best": "ami-78ecdc2a",
        "Better": "ami-88ebdbda",
        "Good": "ami-c0ebdb92"
      },
      "ap-southeast-2": {
        "Best": "ami-1755262d",
        "Better": "ami-c55625ff",
        "Good": "ami-f95625c3"
      },
      "eu-central-1": {
        "Best": "ami-c293aedf",
        "Better": "ami-de93aec3",
        "Good": "ami-8293ae9f"
      },
      "eu-west-1": {
        "Best": "ami-4f089038",
        "Better": "ami-21178f56",
        "Good": "ami-e3158d94"
      },
      "sa-east-1": {
        "Best": "ami-a57cc7b8",
        "Better": "ami-ad7cc7b0",
        "Good": "ami-037cc71e"
      },
      "us-east-1": {
        "Best": "ami-609db608",
        "Better": "ami-e29fb48a",
        "Good": "ami-989bb0f0"
      },
      "us-west-1": {
        "Best": "ami-274fae63",
        "Better": "ami-7b4fae3f",
        "Good": "ami-674cad23"
      },
      "us-west-2": {
        "Best": "ami-d94e60e9",
        "Better": "ami-47715f77",
        "Good": "ami-ff735dcf"
      }
    }
  },
  "Resources": {
    "VPC": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "EnableDnsSupport": "true",
        "EnableDnsHostnames": "true",
        "CidrBlock": "10.0.0.0/16",
        "Tags": [
          {
            "Key": "Application",
            "Value": {
              "Ref": "AWS::StackName"
            }
          }
        ]
      }
    },
    "ManagementSubnet": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "CidrBlock": "10.0.0.0/24",
        "Tags": [
          {
            "Key": "Application",
            "Value": {
              "Ref": "AWS::StackName"
            }
          }
        ]
      }
    },
    "ExternalSubnet": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "CidrBlock": "10.0.1.0/24",
        "AvailabilityZone": {
          "Fn::GetAtt": [
            "ManagementSubnet",
            "AvailabilityZone"
          ]
        },
        "Tags": [
          {
            "Key": "Application",
            "Value": {
              "Ref": "AWS::StackName"
            }
          }
        ]
      }
    },
    "InternalSubnet": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "CidrBlock": "10.0.2.0/24",
        "AvailabilityZone": {
          "Fn::GetAtt": [
            "ManagementSubnet",
            "AvailabilityZone"
          ]
        },
        "Tags": [
          {
            "Key": "Application",
            "Value": {
              "Ref": "AWS::StackName"
            }
          }
        ]
      }
    },
    "InternetGateway": {
      "Type": "AWS::EC2::InternetGateway",
      "Properties": {
        "Tags": [
          {
            "Key": "Application",
            "Value": {
              "Ref": "AWS::StackName"
            }
          }
        ]
      }
    },
    "AttachGateway": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "InternetGatewayId": {
          "Ref": "InternetGateway"
        }
      }
    },
    "ExternalRouteTable": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "Tags": [
          {
            "Key": "Application",
            "Value": {
              "Ref": "AWS::StackName"
            }
          },
          {
            "Key": "Network",
            "Value": "External"
          }
        ]
      }
    },
    "ExternalRoute": {
      "Type": "AWS::EC2::Route",
      "Properties": {
        "RouteTableId": {
          "Ref": "ExternalRouteTable"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "GatewayId": {
          "Ref": "InternetGateway"
        }
      }
    },
    "ExternalSubnetRouteTableAssociation": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "SubnetId": {
          "Ref": "ExternalSubnet"
        },
        "RouteTableId": {
          "Ref": "ExternalRouteTable"
        }
      }
    },
    "InternalRouteTable": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "Tags": [
          {
            "Key": "Application",
            "Value": {
              "Ref": "AWS::StackName"
            }
          },
          {
            "Key": "Network",
            "Value": "Internal"
          }
        ]
      }
    },
    "InternalRoute": {
      "Type": "AWS::EC2::Route",
      "Properties": {
        "RouteTableId": {
          "Ref": "InternalRouteTable"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "GatewayId": {
          "Ref": "InternetGateway"
        }
      }
    },
    "InternalSubnetRouteTableAssociation": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "SubnetId": {
          "Ref": "InternalSubnet"
        },
        "RouteTableId": {
          "Ref": "InternalRouteTable"
        }
      }
    },
    "ManagementRouteTable": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "Tags": [
          {
            "Key": "Application",
            "Value": {
              "Ref": "AWS::StackName"
            }
          },
          {
            "Key": "Network",
            "Value": "Mgmt"
          }
        ]
      }
    },
    "ManagementRoute": {
      "Type": "AWS::EC2::Route",
      "Properties": {
        "RouteTableId": {
          "Ref": "ManagementRouteTable"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "GatewayId": {
          "Ref": "InternetGateway"
        }
      }
    },
    "ManagementSubnetRouteTableAssociation": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "SubnetId": {
          "Ref": "ManagementSubnet"
        },
        "RouteTableId": {
          "Ref": "ManagementRouteTable"
        }
      }
    },
    "SubnetRouteTableAssociationManagement": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "SubnetId": {
          "Ref": "ManagementSubnet"
        },
        "RouteTableId": {
          "Ref": "ManagementRouteTable"
        }
      }
    },
    "SubnetRouteTableAssociationInternal": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "SubnetId": {
          "Ref": "InternalSubnet"
        },
        "RouteTableId": {
          "Ref": "InternalRouteTable"
        }
      }
    },
    "SubnetRouteTableAssociationExternal": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "SubnetId": {
          "Ref": "ExternalSubnet"
        },
        "RouteTableId": {
          "Ref": "ExternalRouteTable"
        }
      }
    },
    "BigIPManagementSecurityGroup": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "GroupDescription": "Enable SSH access via port 22",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "FromPort": "22",
            "ToPort": "22",
            "CidrIp": {
              "Ref": "SSHLocation"
            }
          },
          {
            "IpProtocol": "tcp",
            "FromPort": "443",
            "ToPort": "443",
            "CidrIp": {
              "Ref": "SSHLocation"
            }
          }
        ]
      }
    },
    "BigIPExternalSecurityGroup": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "GroupDescription": "Enable SSH access via port 22",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "FromPort": "80",
            "ToPort": "80",
            "CidrIp": "0.0.0.0/0"
          },
          {
            "IpProtocol": "tcp",
            "FromPort": "443",
            "ToPort": "443",
            "CidrIp": "0.0.0.0/0"
          }
        ]
      }
    },
    "BigIPInternalSecurityGroup": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "GroupDescription": "Enable SSH access via port 22",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "FromPort": "8080",
            "ToPort": "8080",
            "CidrIp": "10.0.2.0/24"
          },
          {
            "IpProtocol": "tcp",
            "FromPort": "22",
            "ToPort": "22",
            "CidrIp": "10.0.2.0/24"
          },
          {
            "IpProtocol": "icmp",
            "FromPort": "-1",
            "ToPort": "-1",
            "CidrIp": "10.0.2.0/24"
          }
        ]
      }
    },
    "ManagementInterface": {
      "Type": "AWS::EC2::NetworkInterface",
      "Properties": {
        "Description": "Management Interface for the BigIP",
        "GroupSet": [
          {
            "Ref": "BigIPManagementSecurityGroup"
          }
        ],
        "SubnetId": {
          "Ref": "ManagementSubnet"
        }
      }
    },
    "InternalInterface": {
      "Type": "AWS::EC2::NetworkInterface",
      "Properties": {
        "Description": "Internal Interface for the BigIP",
        "GroupSet": [
          {
            "Ref": "BigIPInternalSecurityGroup"
          }
        ],
        "SubnetId": {
          "Ref": "InternalSubnet"
        }
      }
    },
    "ExternalInterface": {
      "Type": "AWS::EC2::NetworkInterface",
      "Properties": {
        "Description": "External Interface for the BigIP",
        "GroupSet": [
          {
            "Ref": "BigIPExternalSecurityGroup"
          }
        ],
        "SubnetId": {
          "Ref": "ExternalSubnet"
        },
        "SecondaryPrivateIpAddressCount": "1"
      }
    },
    "ManagementIPAddress": {
      "Type": "AWS::EC2::EIP",
      "DependsOn": "AttachGateway",
      "Properties": {
        "Domain": "vpc"
      }
    },
    "InternalWebserverIPAddress": {
      "Type": "AWS::EC2::EIP",
      "DependsOn": "AttachGateway",
      "Properties": {
        "Domain": "vpc"
      }
    },
    "ManagementIPAssociation": {
      "Type": "AWS::EC2::EIPAssociation",
      "Properties": {
        "AllocationId": {
          "Fn::GetAtt": [
            "ManagementIPAddress",
            "AllocationId"
          ]
        },
        "NetworkInterfaceId": {
          "Ref": "ManagementInterface"
        }
      }
    },
    "VIPIPAddress": {
      "Type": "AWS::EC2::EIP",
      "DependsOn": "AttachGateway",
      "Properties": {
        "Domain": "vpc"
      }
    },
    "VIPIPAssociation": {
      "Type": "AWS::EC2::EIPAssociation",
      "Properties": {
        "AllocationId": {
          "Fn::GetAtt": [
            "VIPIPAddress",
            "AllocationId"
          ]
        },
        "NetworkInterfaceId": {
          "Ref": "ExternalInterface"
        },
        "PrivateIpAddress": {
          "Fn::Select": [
            "0",
            {
              "Fn::GetAtt": [
                "ExternalInterface",
                "SecondaryPrivateIpAddresses"
              ]
            }
          ]
        }
      }
    },
    "BigIpInstance": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "BigIPRegionMap",
            {
              "Ref": "AWS::Region"
            },
            {
              "Ref": "BigIpLicensePackage"
            }
          ]
        },
        "InstanceType": {
          "Ref": "BigIPInstanceType"
        },
        "KeyName": {
          "Ref": "KeyName"
        },
        "Tags": [
          {
            "Key": "Application",
            "Value": {
              "Ref": "AWS::StackName"
            }
          }
        ],
        "AvailabilityZone": {
          "Fn::GetAtt": [
            "ManagementSubnet",
            "AvailabilityZone"
          ]
        },
        "NetworkInterfaces": [
          {
            "Description": "Management Interface",
            "DeviceIndex": "0",
            "NetworkInterfaceId": {
              "Ref": "ManagementInterface"
            }
          },
          {
            "Description": "External Interface",
            "DeviceIndex": "1",
            "NetworkInterfaceId": {
              "Ref": "ExternalInterface"
            }
          },
          {
            "Description": "Internal Interface",
            "DeviceIndex": "2",
            "NetworkInterfaceId": {
              "Ref": "InternalInterface"
            }
          }
        ]
      }
    },
    "WebServerSecurityGroup": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "GroupDescription": "Enable HTTP access via port 80",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "FromPort": "80",
            "ToPort": "80",
            "CidrIp": "0.0.0.0/0"
          },
          {
            "IpProtocol": "tcp",
            "FromPort": "80",
            "ToPort": "80",
            "CidrIp": "0.0.0.0/0"
          },
          {
            "IpProtocol": "tcp",
            "FromPort": "22",
            "ToPort": "22",
            "CidrIp": "0.0.0.0/0"
          },
          {
            "IpProtocol": "icmp",
            "FromPort": "-1",
            "ToPort": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ]
      }
    }
  },
  "Outputs": {
    "BigIpManagementIp": {
      "Value": {
        "Fn::Join": [
          "",
          [
            "https://",
            {
              "Fn::GetAtt": [
                "BigIpInstance",
                "PublicIp"
              ]
            }
          ]
        ]
      },
      "Description": "BigIP Management GUI"
    },
    "PublicVIP": {
      "Value": {
        "Fn::Join": [
          "",
          [
            "http://",
            {
              "Ref": "VIPIPAddress"
            },
            ":80"
          ]
        ]
      }
    },
    "InternalInterfacePrivateIp": {
      "Description": "Internally routable IP of internal interface on BIG-IP",
      "Value": {
        "Fn::Join": [
          "", ["",
          {
            "Fn::GetAtt": [
              "InternalInterface",
              "PrimaryPrivateIpAddress"
            ]
          }
        ]]
      }
    },
    "ExternalInterfacePrivateIp": {
      "Description": "Internally routable IP of external interface on BIG-IP",
      "Value": {
        "Fn::Join": [
          "", ["",
          {
            "Fn::GetAtt": [
              "ExternalInterface",
              "PrimaryPrivateIpAddress"
            ]
          }
        ]]
      }
    }
  }
}

Tested this on version:

11.6
Version history
Last update:
‎09-Jul-2015 12:18
Updated by:
Contributors