F5 Public Cloud Solutions > 6. Welcome to F5 Agility 2018 – Secure BIG-IP and Application deployments in AWS documentation! > 6.1. Building Network and BIG-IP in AWS Source | Edit on
6.1.3. Deploy the BIG-IP¶
In Module 2 we will deploy the BIG-IP into the AWS VPC created in Module 1.
F5 publishes CFTs on a regular basis to Github.
6.1.3.1. Launch BIG-IP into existing VPC¶
We will use the instructor provided CFT to launch a BIG-IP into the VPC that already exists.
First, we need to create and save a key pair.
- In the AWS Management Console, navigate to EC2 and then under Network & Security to Key Pairs
- Click Create Key Pair and name it Student#-BIG-IP.
- Click Create and it will download the Student#-BIG-IP.pem file to your local machine. Be sure to keep track of this file as you will need it to access the BIG-IP later.
- You will need to change the permissions of the Student#-BIG-IP.pem key pair. On a MAC, open a terminal and go to the folder you saved the Student#-BIG-IP.pem key pair. To change the file permissions type:
chmod 400 Student#-BIG-IP.pem
Next, we’re ready to deploy the CFT.
- Go to: F5 Advanced WAF Cloud Formation Template
- At the Select Template page, ensure you are still in the same region where you created your VPC, note the template URL is already selected, and click Next.
- For Stack name enter a value of Student#-BIG-IP-CFT.
- In the VPC in the drop down, find your Student#-VPC-CFT (you may have to scroll down the list).
- For the Management Subnet AZ1 select Student#-VPC-CFT-MgmtSubnet.
- Similarly, for Subnet1 and Subnet2 assign the Student#-VPC-CFT-External Subnet and Student#-VPC-CFT-Internal Subnet subnets from the drop down.
- Ensure the BIG-IP Image Name is set to AWAF25Mbps.
- Ensure the AWS Instance Size is set to t2.large.
- For the SSH Key utilize the Student#-BIG-IP key in the drop down.
- In the Source Address(es) for Management Access, enter 64.251.121.0/24.
- in the Source Address(es) for Web Application Access (80/443) field, enter 0.0.0.0/0.
- Leave all other fields at default values and select Next.
- Leave all fields in the Options page at defaults and select Next.
- Review the settings, check the I acknowledge that AWS CloudFormation might create IAM resources box and click Create.
- Refresh the page to see the status of the deployment.
- Wait until the status of the CFT shows CREATE_COMPLETE.
6.1.3.2. Set the admin password for BIG-IP VE¶
To initially change the password for the BIG-IP management utility we need to connect via SSH and then modify the admin password.
- Navigate to EC2 -> Network Interfaces and filter for Student#-BIG-IP. Find Management interface of your BIG-IP instance . Note the IPv4 Public IP address for the Management interface.
You can connect using an SSH utility - make sure to use admin as the username (do not use
root) and the Management IPv4 Public IP from the previous step. Use the Student#-BIG-IP.pem key pair you saved when you created the instance in Lab 1. For example:ssh -i Student#.pem admin@<IPv4-Public-IP>
After connecting via SSH issue the command modify auth password admin - change the admin password to one that you will remember
Save the password change by issuing the command save sys config
You can now connect to the BIG-IP Web UI on HTTPS using the IPv4 Public IP for the Management interface (bypass the self-signed cert warning) and use the credentials admin/<password-from-step-4>
Once logged in to the F5 management console click on System -> Resource Provisioning.
Select ASM, Fraud Protection Service, and iRules Language Extensions (iRulesLX).
Unselect LTM
Click on Submit and then OK. The admin console will be inaccessible for a couple minutes as the new options are enabled.