Technical Articles
F5 SMEs share good practice.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner
F5 Employee
F5 Employee


Learn how to automate the deployment of SSL Orchestrator in Amazon Web Services.  

This article is based on the automation templates available here:

This will deploy SSL Orchestrator with an L3 Inbound Topology and two L3 Services in a Service Chain.

Follow the instructions here:

A demo video of this article is available HERE

Steps Performed:

  • Install the Container Environment
  • Clone the Repository
  • Subscribe to EC2 Instances
  • Export your AWS Credentials
  • Copy the Terraform variables file and update the values         
  • Deploy the Terraform configuration
  • Build the SSL Orchestrator Topology using Ansible
  • Deploy the Ansible Configuration
  • Check the results

Launch the development container environment

Screen Shot 2022-12-30 at 8.40.51 AM.png

Restart the container and attach to the console:

Screen Shot 2022-12-30 at 8.42.48 AM.png

Clone the Repository

Screen Shot 2022-12-30 at 8.46.36 AM.png

Subscribe to EC2 Instances

From a web browser client - subscribe to the following EC2 instances:

Export your AWS Credentials

From inside your development environment - export the AWS credentials

  • export AWS_ACCESS_KEY_ID="your-aws-access-key-id"
  • export AWS_SECRET_ACCESS_KEY="your-aws-secret-access-key"
  • export AWS_SESSION_TOKEN="your-aws-session-token"

Copy the Terraform variables file and update the values

From the terraform-aws-sslo folder - Copy the included terraform.tfvars.example file to terraform.tfvars and update the values

Screen Shot 2022-12-30 at 9.07.48 AM.png

It should look like this:

Screen Shot 2022-12-30 at 10.22.59 AM.png

Deploy the Terraform Configuration

From inside your development environment - deploy the Terraform configuration

  • terraform init
  • terraform validate
  • terraform plan
  • terraform apply -auto-approve

Build the SSL Orchestrator Topology using Ansible

Edit the ansible.cfg file and add the two lines at the bottom:

host_key_checking	  = False
retry_files_enabled = False
inventory           = ./inventory/hosts
library             = ./library
roles_path          = ./roles
collections_paths   = ./collection
server =
  • cd ansible
  • ansible-galaxy collection install f5networks.f5_modules f5networks.f5_bigip -f

Screen Shot 2022-12-30 at 9.41.43 AM.png

Deploy the Ansible Configuration

Deploy an Ansible config using the variables file that was created by the accompanying Terraform. This will create an inbound layer 3 SSL Orchestrator topology. From the 'ansible' folder:

cp ../terraform-aws-sslo/ansible_vars.yaml . ansible-playbook -e @ansible_vars.yaml playbooks/config-sslo-inbound-l3-complete.yaml

Check the Results

Login to the BIG-IP GUI and verify SSL Orchestrator has been configured and deployed

Screen Shot 2022-12-30 at 10.15.02 AM.png


You're done!  These templates and configuration files can be cusomized by you and re-used for future SSL Orchestrator deployments in AWS.

Version history
Last update:
‎21-Nov-2023 11:47
Updated by: