This document covers the initial setup and configuration of the AWS BIG-IQ/BIG-IP SSLO demonstration deployment.
This F5 AWS BIG-IP Demo exposes both the BIG-IP & BIG-IQ management interfaces with ElasticIP's to the public internet.
This example comes about based on previous work from F5 Development & Field, to provide automation examples leveraging BIG-IQ Cloud Edition and BIG-IQ VE's Transparent-Proxy deployment model.
To deploy the Terraform example both BIG-IQ and BIG-IP trial licenses are required. To do this, go to F5 Trial and;
- Select BIG-IP VE and BIG-IQ
To deploy within AWS using Terraform a valid AWS Subscription is also required, select Subscribe and accept the Terms and Conditions for these F5 products:
NOTE: This architecture deploys two c4.2xlage PAYG BIG-IP Marketplace instances, it is recommended to perform a
terraform destroy
to not incur excessive usage costs outside of free tier.
BIG-IQ Evaulation/BYOL licenses are required for the externally called terraform-aws-bigiq
To support this deployment pattern the following components are required:
- F5 BIG-IP PAYG Marketplace Active Subscription
- F5 BIG-IQ CloudEdition VE Licenses
- Terraform CLI
- git
- AWS CLI access.
- AWS Access Credentials
This deployment example uses the following external community modules for Terraform;
The deployment pattern that is covered in this example of F5 SSLO Automation is as follows;
To deploy the SSLO example;
a) First, clone the repo:
git clone https://github.com/merps/f5-sslo-demo.git
b) Second, create a tfvars file in the following format to deploy the environment;
Name | Description | Type | Default | Required |
---|---|---|---|---|
aws_vpc_parameters | AWS VPC Input Parameters | object({ |
{ |
no |
cidr_offsets | VPC CIDR Offsets for C Octet | object({ |
{ |
no |
ec2_public_key | EC2 Keypair for provisioning | any |
n/a | yes |
licenses | BIQ-IQ (CM/DCD) License Keys | object({ |
n/a | yes |
tags | AWS Tags | object({ |
{ |
no |
The minimum required variables are the BIG-IQ (CM/DCD) licenses. This deployment defaults to what is currently defined in variables.tf
c) Third, get and initialise the Terraform deployment as follows:
cd src/
terraform get ; terraform init
This will download the required modules from both GitHub and the Terraform Registry.
d) Validation of the default values and created variables file from the previous step can be performed as such;
terraform validate
e) Plan the deployment;
terraform plan -var-file=variables.tfvars
this will produce and display the deployment plan using the previously created varibles.tfvars
file.
d) Then finally to deploy the successfully plan;
terraform apply -var-file=variables.tfvars --auto-approve
NOTE: This architecture deploys two c4.2xlage PAYG BIG-IP Marketplace instances, it is recommended to perform a
terraform destroy
to not incur excessive usage costs outside of free tier.
This deployment also covers the provisioning of the additional F5 prerequisite components so required for deployment example covered in the F5 SSLO Demo
This example deployment, when successfully, will deploy an example Transparent Proxy deployment of BIG-IP SSLO within AWS leveraging BIG-IQ Centralised Manager.
Further resources on both BIG-IQ and BIG-IP, including an extensive lab guide, are found at these locations:
List of task to make the process my automated;
- Workflow improvements for DO/AS3/TS
- Clear SSLO object errors on BIG-IQ
- Address automatic onboarding of CM/DCD as per TF Module
PRs accepted.
If you find an issue, we would love to hear about it. You have a choice when it comes to filing issues:
- Use the Issues link on the GitHub menu bar in this repository for items such as enhancement or feature requests and non-urgent bug fixes. Tell us as much as you can about what you found and how you found it.