AWSTemplateFormatVersion: 2010-09-09 Description: >- This template deploys a full application stack, including a network, bastion host, high availability pair of BIG-IP VEs and demo applications. It creates a VPC infrastructure for a multi-AZ, multi-tier deployment of a Linux based Application infrastructure. It will deploy a bastion and managed NAT gateways or NAT instances into the public subnet for each Availability Zone. Finally, it will create an optional webapp template for demonstration purposes. **WARNING** This template creates multiple AWS resources. You will be billed for the AWS resources used if you create a stack from this template.(qs-1p2474b65) Conditions: createKeyPair: !Equals - '' - !Ref keyPairName createSecret: !Equals - '' - !Ref secretArn useDefaultBucket: !Equals [!Ref qss3BucketName, 'aws-quickstart'] usePublicIpVip: !Equals - 'true' - !Ref provisionExampleApp Metadata: QuickStartDocumentation: EntrypointName: "Launch into a new VPC" 'AWS::CloudFormation::Interface': ParameterGroups: - Label: default: Deployment Configuration Parameters: - uniqueString - Label: default: Network Configuration Parameters: - vpcCIDR - availabilityZones - peerConfigSyncAddr - publicSubnet1CIDR - publicSubnet1SelfAddress - privateSubnet1ACIDR - privateSubnet1ASelfAddress - privateSubnet1BCIDR - publicSubnet2CIDR - publicSubnet2SelfAddress - privateSubnet2ACIDR - privateSubnet2ASelfAddress - privateSubnet2BCIDR - Label: default: Amazon EC2 Configuration Parameters: - keyPairName - remoteAccessCIDR - restrictedSrcAddressMgmt - restrictedSrcAddressApp - Label: default: BIG-IP Configuration Parameters: - allowUsageAnalytics - bigIpInstanceType - bigIpImageId - bigIpImageName - bigIpThroughput - bigIpRuntimeInitConfig01 - bigIpRuntimeInitConfig02 - bigIpRuntimeInitPackageUrl - cfeS3Bucket - cfeTag - cfeVipTag - secretArn - Label: default: Resources Tags Parameters: - application - cost - environment - group - owner - Label: default: Example Application Configuration Parameters: - provisionExampleApp - appDockerImageName - publicSubnet1VipAddress - publicSubnet2VipAddress - Label: default: Quick Start configuration Parameters: - qss3BucketName - qss3BucketRegion - qss3KeyPrefix ParameterLabels: allowUsageAnalytics: default: Send anonymous statistics to F5 appDockerImageName: default: Application Docker image name application: default: Application availabilityZones: default: Availability Zones bigIpImageName: default: BIG-IP performance type bigIpInstanceType: default: AWS instance type bigIpRuntimeInitConfig01: default: BIG-IP Runtime Init config for first BIG-IP instance bigIpRuntimeInitConfig02: default: BIG-IP Runtime Init config for second BIG-IP instance bigIpRuntimeInitPackageUrl: default: BIG-IP Runtime Init Package URL to install a specific version. bigIpThroughput: default: BIG-IP VE throughput (PAYG) cfeS3Bucket: default: S3 bucket used as BIG-IP storage for failover solution cfeTag: default: Deployment tag value used for cloud failover cfeVipTag: default: VIP tag value used for cloud failover cost: default: Cost Center bigIpImageId: default: Image Id environment: default: Environment group: default: Group keyPairName: default: EC2 KeyPair to enable SSH access to EC2 instances owner: default: Owner peerConfigSyncAddr: default: Static self IP address for peer device. privateSubnet1ACIDR: default: CIDR block for private subnet 1 in AZ1 privateSubnet1ASelfAddress: default: Static self IP address for private subnet 1 in AZ1. privateSubnet1BCIDR: default: CIDR block for private subnet 1 in AZ2 privateSubnet2ACIDR: default: CIDR block for private subnet 2 in AZ1 privateSubnet2ASelfAddress: default: Static self IP address for private subnet 2 in AZ1. privateSubnet2BCIDR: default: CIDR block for private subnet 2 in AZ2 provisionExampleApp: default: Provision Example App publicSubnet1CIDR: default: CIDR block for public subnet 1 in AZ1 publicSubnet1SelfAddress: default: Static self IP address for public subnet 1 in AZ1. publicSubnet1VipAddress: default: Static VIP IP address for public subnet 1 in AZ1. publicSubnet2CIDR: default: CIDR block for public subnet 2 in AZ2 publicSubnet2SelfAddress: default: Static self IP address for public subnet 2 in AZ1. publicSubnet2VipAddress: default: Static VIP IP address for public subnet 2 in AZ1. qss3BucketName: default: S3 bucket where templates are located qss3BucketRegion: default: Region where S3 bucket is located qss3KeyPrefix: default: S3 key prefix remoteAccessCIDR: default: Restricted source address to bastion restrictedSrcAddressMgmt: default: Restricted source address to BIG-IP management restrictedSrcAddressApp: default: Restricted source address to application secretArn: default: ARN of Secrets Manager secret vpcCIDR: default: VPC CIDR uniqueString: default: unique string value which gets append to cloud resources names Version: 1.0.0 Parameters: allowUsageAnalytics: AllowedValues: - 'true' - 'false' Default: 'true' Description: This deployment can send anonymous statistics to F5 to help us determine how to improve our solutions. If you select **false** statistics are not sent. Type: String appDockerImageName: Default: f5devcentral/f5-demo-httpd:latest Description: Application docker image name. Type: String application: Default: f5app Description: Name of the Application Tag. Type: String availabilityZones: Description: 'List of Availability Zones to use for the subnets in the VPC. Note: The logical order is preserved and only 2 AZs are used for this deployment.' Type: 'List' bigIpImageName: AllowedValues: - Best - AdvancedWaf - AllTwoBootLocations ConstraintDescription: Must be a valid F5 BIG-IP VE image type. Default: Best Description: F5 BIG-IP Performance Type. Type: String bigIpInstanceType: AllowedValues: - m3.2xlarge - m4.xlarge - m4.2xlarge - m4.4xlarge - m4.10xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge - c3.4xlarge - c3.8xlarge - c4.4xlarge - c4.8xlarge - c5.large - c5.xlarge - c5.2xlarge - c5.4xlarge - cc2.8xlarge - c5n.2xlarge - c5n.4xlarge ConstraintDescription: Must be a valid EC2 instance type for BIG-IP. Default: m5.2xlarge Description: AWS instance type. Type: String bigIpThroughput: AllowedValues: - 25Mbps - 200Mbps - 1000Mbps - 3000Mbps - 5000Mbps - 10000Mbps ConstraintDescription: Select the BIG-IP throughput you want to use Default: 1000Mbps Description: Maximum amount of throughput for BIG-IP VE Type: String bigIpRuntimeInitConfig01: Description: 'Supply a URL to the bigip-runtime-init configuration file in YAML or JSON format, or an escaped JSON string to use for f5-bigip-runtime-init configuration.' Type: String Default: 'https://aws-quickstart.s3.amazonaws.com/quickstart-f5-big-ip-virtual-edition-ha/declarations/runtime-init-conf-2nic-payg-instance01.yaml' bigIpRuntimeInitConfig02: Description: 'Supply a URL to the bigip-runtime-init configuration file in YAML or JSON format, or an escaped JSON string to use for f5-bigip-runtime-init configuration.' Type: String Default: 'https://aws-quickstart.s3.amazonaws.com/quickstart-f5-big-ip-virtual-edition-ha/declarations/runtime-init-conf-2nic-payg-instance02.yaml' bigIpRuntimeInitPackageUrl: Description: 'Supply a URL for the F5 BIG-IP Runtime Init Package install script.' Type: String Default: 'https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v1.5.1/dist/f5-bigip-runtime-init-1.5.1-1.gz.run' provisionExampleApp: AllowedValues: - 'true' - 'false' Default: 'false' Description: Flag to deploy the demo web application. Type: String cfeS3Bucket: ConstraintDescription: 'S3 bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).' Default: "" Description: S3 bucket used as BIG-IP storage for Failover solution. Type: String cfeTag: Description: Cloud Failover deployment tag value. Type: String Default: aws_quickstart cfeVipTag: Description: Cloud Failover VIP tag value; provides private ip addresses to be assigned to VIP public ip. Type: String Default: '10.0.20.101,10.0.10.101' cost: Default: f5cost Description: Cost Center Tag. Type: String bigIpImageId: ConstraintDescription: Must be a valid AMI Id. Default: '' Description: 'If you would like to deploy using a custom BIG-IP image, provide the AMI Id. **Note**: Unless specifically required, leave the default of **OPTIONAL**' MaxLength: 255 MinLength: 0 Type: String environment: Default: f5env Description: Environment Tag. Type: String group: Default: f5group Description: Group Tag. Type: String keyPairName: Default: '' Description: Name of an existing EC2 KeyPair to enable SSH access to EC2 instances which include BIG-IP, Bastion, and demo application instances. If left empty, one will be created. Type: String owner: Default: f5owner Description: Owner Tag Type: String peerConfigSyncAddr: Default: 10.0.10.11 Description: Type the static self IP address of the remote host here. Leave empty if not configuring peering with a remote host on this device. Type: String privateSubnet1ACIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.11.0/24 Description: CIDR block for private subnet 1 located in Availability Zone 1. Type: String privateSubnet1ASelfAddress: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' ConstraintDescription: IP address parameter must be in the form x.x.x.x and a member of the privateSubnet1ACIDR block Default: 10.0.11.11 Description: Required. Type the static self IP address here. Type: String privateSubnet1BCIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.12.0/24 Description: CIDR block for private subnet 1 located in Availability Zone 1. Type: String privateSubnet2ACIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.21.0/24 Description: CIDR block for private subnet 2 located in Availability Zone 2. Type: String privateSubnet2ASelfAddress: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' ConstraintDescription: IP address parameter must be in the form x.x.x.x and a member of the privateSubnet2ACIDR block Default: 10.0.21.11 Description: Required. Type the static self IP address here. Type: String privateSubnet2BCIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.22.0/24 Description: CIDR block for private subnet 2 located in Availability Zone 2. Type: String publicSubnet1CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.10.0/24 Description: CIDR block for the public DMZ subnet 1 located in Availability Zone 1. Type: String publicSubnet1SelfAddress: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' ConstraintDescription: IP address parameter must be in the form x.x.x.x and a member of the publicSubnet1CIDR block Default: 10.0.10.11 Description: Required. Type the static external self IP address here. Type: String publicSubnet1VipAddress: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' ConstraintDescription: IP address parameter must be in the form x.x.x.x and a member of the publicSubnet1CIDR block Default: 10.0.10.101 Description: Required. Type the static external service IP address here. Type: String publicSubnet2CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.20.0/24 Description: CIDR block for the public DMZ subnet 2 located in Availability Zone 2. Type: String publicSubnet2SelfAddress: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' ConstraintDescription: IP address parameter must be in the form x.x.x.x and a member of the publicSubnet2CIDR block Default: 10.0.20.11 Description: Required. Type the static external self IP address here. Type: String publicSubnet2VipAddress: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' ConstraintDescription: IP address parameter must be in the form x.x.x.x and a member of the publicSubnet2CIDR block Default: 10.0.20.101 Description: Required. Type the static external service IP address here. Type: String qss3BucketName: AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' ConstraintDescription: 'S3 bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).' Default: aws-quickstart Description: 'S3 bucket name for the modules. S3 bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).' Type: String qss3BucketRegion: Default: us-east-1 Description: 'Region where the Quick Start S3 bucket (qss3BucketName) is hosted. When using your own bucket, you must specify this value.' Type: String qss3KeyPrefix: AllowedPattern: '^[0-9a-zA-Z-/_.-]*$' ConstraintDescription: 'Use defaults unless customizing templates and assests that require alternate location. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).' Default: quickstart-f5-big-ip-virtual-edition-ha/ Description: 'S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).' Type: String remoteAccessCIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: Allowed CIDR block for external SSH access to the bastions. Type: String restrictedSrcAddressMgmt: AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. Description: 'REQUIRED - The IP address range used to SSH and access BIG-IP management port. Restrict to your client IP. Ex. X.X.X.X/32. WARNING - For eval purposes only. Production should never have Management interface exposed to Internet.' MaxLength: '18' MinLength: '9' Type: String restrictedSrcAddressApp: AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. Description: 'REQUIRED - The IP address range that can be used to access web traffic (80/443) to the EC2 instances.' MaxLength: '18' MinLength: '9' Type: String secretArn: Default: '' Description: ARN of an existing AWS Secrets Manager secret. If left empty, a secret will be created. Type: String vpcCIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: CIDR block for the VPC Type: String uniqueString: AllowedPattern: ^[a-zA-Z][a-zA-Z0-9]{1,11}$ ConstraintDescription: Must Contain between 1 and 12 alphanumeric characters with first character as a letter. Default: myUniqStr Description: Unique String used when creating object names or Tags. Type: String Resources: BastionStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${qss3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template - S3Region: !If [useDefaultBucket, !Ref AWS::Region, !Ref qss3BucketRegion] S3Bucket: !If [useDefaultBucket, !Sub '${qss3BucketName}-${AWS::Region}', !Ref qss3BucketName] Parameters: BastionHostName: !Join - '' - - !Ref 'uniqueString' - '-linux-bastion' BastionAMIOS: Amazon-Linux2-HVM BastionBanner: '' BastionInstanceType: t2.micro EnableBanner: 'false' EnableTCPForwarding: 'true' EnableX11Forwarding: 'true' KeyPairName: !If [createKeyPair, !GetAtt 'WorkLoadStack.Outputs.keyPairName', !Ref 'keyPairName'] NumBastionHosts: '1' PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' PublicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' QSS3BucketName: !Ref 'qss3BucketName' QSS3KeyPrefix: !Sub '${qss3KeyPrefix}submodules/quickstart-linux-bastion/' QSS3BucketRegion: !Ref 'qss3BucketRegion' RemoteAccessCIDR: !Ref 'remoteAccessCIDR' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' WorkLoadStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${qss3KeyPrefix}templates/workload.template.yaml - S3Region: !If [useDefaultBucket, !Ref AWS::Region, !Ref qss3BucketRegion] S3Bucket: !If [useDefaultBucket, !Sub '${qss3BucketName}-${AWS::Region}', !Ref qss3BucketName] Parameters: allowUsageAnalytics: !Ref 'allowUsageAnalytics' appDockerImageName: !Ref appDockerImageName application: !Ref application bigIpImageId: !Ref bigIpImageId bigIpImageName: !Ref bigIpImageName bigIpInstanceType: !Ref bigIpInstanceType bigIpThroughput: !Ref bigIpThroughput CustomBigIPRuntimeInit01: !Ref bigIpRuntimeInitConfig01 CustomBigIPRuntimeInit02: !Ref bigIpRuntimeInitConfig02 bigIpRuntimeInitPackageUrl: !Ref bigIpRuntimeInitPackageUrl cfeS3Bucket: !Ref cfeS3Bucket cfeVipTag: !Ref cfeVipTag cfeTag: !Ref cfeTag cost: !Ref cost environment: !Ref environment group: !Ref group owner: !Ref owner peerConfigSyncAddr: !Ref peerConfigSyncAddr privateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' privateSubnet1SelfAddress: !Ref privateSubnet1ASelfAddress privateSubnet2ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' privateSubnet2SelfAddress: !Ref privateSubnet2ASelfAddress privateSubnet3ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1BID' privateSubnet4ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2BID' provisionExampleApp: !Ref provisionExampleApp publicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' publicSubnet1SelfAddress: !Ref publicSubnet1SelfAddress publicSubnet1VipAddress: !Ref publicSubnet1VipAddress publicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' publicSubnet2SelfAddress: !Ref publicSubnet2SelfAddress publicSubnet2VipAddress: !Ref publicSubnet2VipAddress restrictedSrcAddressMgmt: !Ref restrictedSrcAddressMgmt restrictedSrcAddressApp: !Ref restrictedSrcAddressApp s3BucketName: !Ref qss3BucketName s3KeyPrefix: !Ref qss3KeyPrefix s3BucketRegion: !Ref qss3BucketRegion secretArn: !Ref secretArn sshKey: !Ref keyPairName vpc: !GetAtt 'VPCStack.Outputs.VPCID' uniqueString: !Ref uniqueString VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${qss3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml - S3Region: !If [useDefaultBucket, !Ref AWS::Region, !Ref qss3BucketRegion] S3Bucket: !If [useDefaultBucket, !Sub '${qss3BucketName}-${AWS::Region}', !Ref qss3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref 'availabilityZones' CreateAdditionalPrivateSubnets: 'true' NumberOfAZs: '2' PrivateSubnet1ACIDR: !Ref 'privateSubnet1ACIDR' PrivateSubnet1BCIDR: !Ref 'privateSubnet1BCIDR' PrivateSubnet2ACIDR: !Ref 'privateSubnet2ACIDR' PrivateSubnet2BCIDR: !Ref 'privateSubnet2BCIDR' PublicSubnet1CIDR: !Ref 'publicSubnet1CIDR' PublicSubnet2CIDR: !Ref 'publicSubnet2CIDR' VPCCIDR: !Ref 'vpcCIDR' Outputs: access: Description: access nested stack name Value: !GetAtt [WorkLoadStack, Outputs.access] applicationPublicIp: Condition: usePublicIpVip Description: application vip Public Ip Value: !GetAtt [WorkLoadStack, Outputs.applicationPublicIp] bastionHost: Description: bastion host public ip Value: !GetAtt [BastionStack, Outputs.EIP1] bigipInstance01: Description: bigip instance 1 nested stack name Value: !GetAtt [WorkLoadStack, Outputs.bigipInstance01] bigipInstance02: Description: bigip instance 2 nested stack name Value: !GetAtt [WorkLoadStack, Outputs.bigipInstance02] bigipInstance01MgmtPrivateIp: Description: private management ip for BIGIP instance 01 Value: !GetAtt [WorkLoadStack, Outputs.bigipInstanceMgmtPrivateIp01] bigipInstance02MgmtPrivateIp: Description: private management ip for BIGIP instance 02 Value: !GetAtt [WorkLoadStack, Outputs.bigipInstanceMgmtPrivateIp02] cfeS3Bucket: Description: cfe s3 bucket created and used for cloud-failover-extension Value: !Ref cfeS3Bucket dag: Description: dag nested stack name Value: !GetAtt [WorkLoadStack, Outputs.dag] keyPairName: Condition: createKeyPair Description: SSH key pair name Value: !GetAtt [WorkLoadStack, Outputs.keyPairName] workLoadStack: Description: workload nested stack name Value: !GetAtt [WorkLoadStack, Outputs.stackName]