--- bigip_ready_enabled: [] controls: logLevel: info logFilename: /var/log/cloud/bigIpRuntimeInit.log extension_packages: install_operations: - extensionType: do extensionVersion: 1.33.0 extensionHash: 4ac7b7c6eb93320df20f964f32ce7bc6e0454858a36440761f774a8a42a01020 - extensionType: as3 extensionVersion: 3.40.0 extensionHash: 708533815cb8e608b4d28fbb730f0ed34617ce5def53c5462c0ab98bd54730fc - extensionType: cf extensionVersion: 1.13.0 extensionHash: 93be496d250838697d8a9aca8bd0e6fe7480549ecd43280279f0a63fc741ab50 extension_services: service_operations: - extensionType: do type: inline value: schemaVersion: 1.0.0 class: Device async: true label: Standalone 2NIC BIG-IP declaration for Declarative Onboarding with PAYG license Common: class: Tenant My_DbVars: class: DbVariables config.allow.rfc3927: enable tm.tcpudptxchecksum: Software-only My_Dns: class: DNS nameServers: - 169.254.169.253 search: - f5.com My_Ntp: class: NTP servers: - 0.pool.ntp.org - 1.pool.ntp.org timezone: UTC My_Provisioning: asm: nominal class: Provision ltm: nominal My_System: autoPhonehome: true class: System hostname: 'failover01.local' admin: class: User userType: regular password: '{{{BIGIP_PASSWORD}}}' shell: bash external: class: VLAN tag: 4094 mtu: 1500 interfaces: - name: '1.1' tagged: false external-self: class: SelfIp address: '{{{SELF_IP_EXTERNAL}}}' vlan: external allowService: 'default' trafficGroup: traffic-group-local-only default: class: Route gw: '{{{DEFAULT_ROUTE}}}' network: default mtu: 1500 localOnly: true - extensionType: cf type: inline value: schemaVersion: 1.0.0 class: Cloud_Failover environment: aws controls: class: Controls logLevel: silly externalStorage: encryption: serverSide: enabled: true algorithm: AES256 scopingTags: f5_cloud_failover_label: aws_quickstart failoverAddresses: enabled: true scopingTags: f5_cloud_failover_label: aws_quickstart requireScopingTags: false - extensionType: as3 type: inline value: class: ADC schemaVersion: 3.0.0 label: Failover remark: Failover Tenant_1: class: Tenant Shared: class: Application template: shared Service_01_Pool: class: Pool remark: Service 1 shared pool members: - servicePort: 80 addressDiscovery: aws region: '{{{REGION}}}' updateInterval: 60 tagKey: 'aws:cloudformation:logical-id' tagValue: AppInstance addressRealm: private monitors: - http Custom_HTTP_Profile: class: HTTP_Profile xForwardedFor: true Custom_WAF_Policy: class: WAF_Policy url: >- https://f5-cft.s3.amazonaws.com/quickstarts-v2/declarations/Rapid_Deployment_Policy_13_1.xml enforcementMode: blocking ignoreChanges: false Service_Address_01_A: class: Service_Address virtualAddress: 10.0.10.101 trafficGroup: none Service_Address_01_B: class: Service_Address virtualAddress: 10.0.20.101 trafficGroup: none HTTP_Service_01_A: class: Application template: http serviceMain: class: Service_HTTP virtualAddresses: - use: /Tenant_1/Shared/Service_Address_01_A snat: auto pool: /Tenant_1/Shared/Service_01_Pool profileHTTP: use: /Tenant_1/Shared/Custom_HTTP_Profile policyWAF: use: /Tenant_1/Shared/Custom_WAF_Policy HTTP_Service_01_B: class: Application template: http serviceMain: class: Service_HTTP virtualAddresses: - use: /Tenant_1/Shared/Service_Address_01_B snat: auto pool: /Tenant_1/Shared/Service_01_Pool profileHTTP: use: /Tenant_1/Shared/Custom_HTTP_Profile policyWAF: use: /Tenant_1/Shared/Custom_WAF_Policy HTTPS_Service_01_A: class: Application template: https serviceMain: class: Service_HTTPS virtualAddresses: - use: /Tenant_1/Shared/Service_Address_01_A snat: auto pool: /Tenant_1/Shared/Service_01_Pool serverTLS: bigip: /Common/clientssl redirect80: false profileHTTP: use: /Tenant_1/Shared/Custom_HTTP_Profile policyWAF: use: /Tenant_1/Shared/Custom_WAF_Policy HTTPS_Service_01_B: class: Application template: https serviceMain: class: Service_HTTPS virtualAddresses: - use: /Tenant_1/Shared/Service_Address_01_B snat: auto pool: /Tenant_1/Shared/Service_01_Pool serverTLS: bigip: /Common/clientssl redirect80: false profileHTTP: use: /Tenant_1/Shared/Custom_HTTP_Profile policyWAF: use: /Tenant_1/Shared/Custom_WAF_Policy - extensionType: do type: inline value: schemaVersion: 1.0.0 class: Device async: true label: Standalone 2NIC BIG-IP declaration for Declarative Onboarding with PAYG license Common: class: Tenant My_DbVars: class: DbVariables config.allow.rfc3927: enable tm.tcpudptxchecksum: Software-only My_Dns: class: DNS nameServers: - 169.254.169.253 search: - f5.com My_Ntp: class: NTP servers: - 0.pool.ntp.org - 1.pool.ntp.org timezone: UTC My_Provisioning: asm: nominal class: Provision ltm: nominal My_System: autoPhonehome: true class: System hostname: 'failover01.local' admin: class: User userType: regular password: '{{{BIGIP_PASSWORD}}}' shell: bash external: class: VLAN tag: 4094 mtu: 1500 interfaces: - name: '1.1' tagged: false external-self: class: SelfIp address: '{{{SELF_IP_EXTERNAL}}}' vlan: external allowService: 'default' trafficGroup: traffic-group-local-only default: class: Route gw: '{{{DEFAULT_ROUTE}}}' network: default mtu: 1500 localOnly: true configSync: class: ConfigSync configsyncIp: /Common/external-self/address failoverAddress: class: FailoverUnicast address: /Common/external-self/address failoverGroup: class: DeviceGroup type: sync-failover members: - failover01.local - failover02.local owner: /Common/failoverGroup/members/0 autoSync: true saveOnAutoSync: false networkFailover: true fullLoadOnSync: false asmSync: false trust: class: DeviceTrust localUsername: admin localPassword: '{{{BIGIP_PASSWORD}}}' remoteHost: /Common/failoverGroup/members/0 remoteUsername: admin remotePassword: '{{{BIGIP_PASSWORD}}}' post_onboard_enabled: [] pre_onboard_enabled: [] runtime_parameters: - name: SECRET_ID type: url value: file:///config/cloud/secret_id - name: BIGIP_PASSWORD type: secret secretProvider: environment: aws secretId: "{{{SECRET_ID}}}" type: SecretsManager version: AWSCURRENT - name: SELF_IP_EXTERNAL type: metadata metadataProvider: environment: aws type: network field: local-ipv4s index: 1 - name: DEFAULT_ROUTE type: metadata metadataProvider: environment: aws type: network field: subnet-ipv4-cidr-block index: 1 - name: REGION type: metadata metadataProvider: environment: aws type: uri value: /latest/dynamic/instance-identity/document query: region