AWSTemplateFormatVersion: '2010-09-09' Description: >- BIG-IP Standalone Template is intended to deploy standalone BIG-IP VE instance virtual editions.(qs-1p2474b65) Conditions: is3Nic: !And - !Not - !Equals - !Ref 'externalSubnetId' - '' - !Not - !Equals - !Ref 'mgmtSubnetId' - '' - !Not - !Equals - !Ref 'internalSubnetId' - '' is2Nic: !And - !Not - !Equals - !Ref 'mgmtSubnetId' - '' - !Not - !Equals - !Ref 'externalSubnetId' - '' - !Equals - !Ref 'internalSubnetId' - '' is1Nic: !And - !Equals - !Ref 'externalSubnetId' - '' - !Equals - !Ref 'internalSubnetId' - '' - !Not - !Equals - !Ref 'mgmtSubnetId' - '' noExternalServiceIPs: !And - !Condition 'is1Nic' - !Equals - !Join ['', !Ref 'externalServiceIps'] - '' hasExternalServiceIPs: !And - !Condition 'is1Nic' - !Not - !Equals - !Join ['', !Ref 'externalServiceIps'] - '' useMgmtSecondary: !Or - !Condition 'useDynamicExternalIpAddr' - !Condition 'useStaticExternalIpAddr' useDynamicExternalIpAddr: !And - !Equals - !Ref 'externalSelfIp' - '' - !Not - !Equals - !Ref 'mgmtSubnetId' - '' - !Not - !Equals - !Ref 'externalSubnetId' - '' useDynamicInternalIpAddr: !And - !Equals - !Ref 'internalSelfIp' - '' - !Not - !Equals - !Ref 'externalSubnetId' - '' - !Not - !Equals - !Ref 'mgmtSubnetId' - '' - !Not - !Equals - !Ref 'internalSubnetId' - '' useInternalSecurityGroupId: !Not - !Equals - !Ref 'internalSecurityGroupId' - '' useDynamicManagementIpAddr: !Equals - !Ref 'mgmtSelfIp' - '' useMgmtPublicIP: !Not - !Equals - !Ref 'mgmtPublicIpId' - '' associateVip1: !And - !Condition 'useExternalPublicIP' - !Or - !Equals - !Ref 'numSecondaryPrivateIpAddress' - '1' - !Equals - !Ref 'numSecondaryPrivateIpAddress' - '2' - !Equals - !Ref 'numSecondaryPrivateIpAddress' - '3' - !Equals - !Ref 'numSecondaryPrivateIpAddress' - '4' - !Condition 'associateVip2' associateVip2: !And - !Condition 'useExternalPublicIP' - !Or - !Equals - !Ref 'numSecondaryPrivateIpAddress' - '2' - !Condition 'associateVip3' - !Not - !Condition 'useStaticExternalIpAddr' associateVip3: !And - !Condition 'useExternalPublicIP' - !Or - !Equals - !Ref 'numSecondaryPrivateIpAddress' - '3' - !Condition 'associateVip4' - !Not - !Condition 'useStaticExternalIpAddr' associateVip4: !And - !Condition 'useExternalPublicIP' - !Not - !Equals - !Ref 'numSecondaryPrivateIpAddress' - '3' - !Not - !Equals - !Ref 'numSecondaryPrivateIpAddress' - '2' - !Not - !Equals - !Ref 'numSecondaryPrivateIpAddress' - '1' - !Not - !Condition 'useStaticExternalIpAddr' useExternalPublicIP: !And - !Not - !Equals - !Ref 'externalPrimaryPublicId' - '' - !Not - !Equals - !Ref 'mgmtSubnetId' - '' bigIpVipEipAssociation: !And - !Condition 'useExternalPublicIP' - !Not - !Condition 'is1Nic' useStaticExternalIpAddr: !And - !Not - !Equals - !Ref 'externalSelfIp' - '' - !Not - !Equals - !Ref 'mgmtSubnetId' - '' - !Not - !Equals - !Ref 'externalSubnetId' - '' useStaticInternalIpAddr: !And - !Not - !Equals - !Ref 'internalSelfIp' - '' - !Not - !Equals - !Ref 'externalSubnetId' - '' - !Not - !Equals - !Ref 'mgmtSubnetId' - '' - !Not - !Equals - !Ref 'internalSubnetId' - '' useStaticManagementIpAddr: !Not - !Equals - !Ref 'mgmtSelfIp' - '' useBigIpInstanceProfile: !Not - !Equals - !Ref 'bigIpInstanceProfile' - "" createS3Bucket: !Not - !Equals - !Ref cfeS3Bucket - "" Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: BIG-IP Configuration Parameters: - bigIpRuntimeInitConfig - bigIpRuntimeInitPackageUrl - cfeS3Bucket - cfeTag - secretArn - allowUsageAnalytics - Label: default: EC2 Instances Parameters: - instanceType - imageId - externalPublicIpIds - numSecondaryPrivateIpAddress - sshKey - bigIpInstanceProfile - deleteBucketContentsRole - Label: default: Networking Parameters: - externalSelfIp - externalServiceIps - externalSubnetId - internalSelfIp - internalSubnetId - mgmtSelfIp - mgmtSubnetId - peerConfigSyncAddr - Label: default: Disaggregation Parameters: - mgmtPublicIpId - externalPrimaryPublicId - mgmtSecurityGroupId - externalSecurityGroupId - internalSecurityGroupId - Label: default: Resource Tags Parameters: - uniqueString - application - cost - environment - group - owner ParameterLabels: allowUsageAnalytics: default: Send anonymous statistics to F5 application: default: Application bigIpInstanceProfile: default: Instance profile bigIpRuntimeInitConfig: default: Runtime Init Configuration bigIpRuntimeInitPackageUrl: default: Runtime Init Package cost: default: Cost Center deleteBucketContentsRole: default: IAM role imageId: default: Image Id environment: default: Environment externalPrimaryPublicId: default: External Primary Public Id externalPublicIpIds: default: Public IP IDs externalSecurityGroupId: default: External Security Group Id externalSelfIp: default: External Private IP Address externalServiceIps: default: External private IP's externalSubnetId: default: External Subnet Id group: default: Group cfeS3Bucket: default: S3 bucket used as BIGIP storage for Failover solution cfeTag: default: CFE Deployment tag value instanceType: default: Enter valid instance type. internalSecurityGroupId: default: Internal Security Group Id internalSelfIp: default: Internal Private IP Address internalSubnetId: default: Internal Subnet Id mgmtPublicIpId: default: Management Public Ip Id mgmtSecurityGroupId: default: Management Security Group Id mgmtSelfIp: default: Management Private IP Address mgmtSubnetId: default: Management Subnet Id numSecondaryPrivateIpAddress: default: Number of Secondary Private Ips owner: default: Owner peerConfigSyncAddr: default: Static self IP address for peer device. secretArn: default: Secret sshKey: default: EC2 KeyPair uniqueString: default: Unique string Version: 1.1.0.0 Outputs: stackName: Description: BIG-IP nested stack name Value: !Ref "AWS::StackName" bigIpInstanceId: Description: BIG-IP instance id Value: !If - is1Nic - !Ref 'Bigip1NicInstance' - !If - is2Nic - !Ref 'Bigip2NicInstance' - !If - is3Nic - !Ref 'Bigip3NicInstance' - !Ref 'AWS::NoValue' bigIpManagementInterfacePrivateIp: Description: Internally routable IP of BIG-IP instance NIC eth0 Value: !If - useDynamicManagementIpAddr - !GetAtt - BigipManagementInterface - PrimaryPrivateIpAddress - !GetAtt - BigipStaticManagementInterface - PrimaryPrivateIpAddress bigIp2nicExternalInterfacePrivateIp: Condition: is2Nic Description: Internally routable IP of BIG-IP instance NIC eth1 Value: !If - useDynamicExternalIpAddr - !GetAtt - BigipExternalInterface - PrimaryPrivateIpAddress - !GetAtt - BigipStaticExternalInterface - PrimaryPrivateIpAddress bigIp3NicExternalInterfacePrivateIp: Condition: is3Nic Description: Internally routable IP of BIG-IP instance NIC eth1 Value: !If - useDynamicExternalIpAddr - !GetAtt - BigipExternalInterface - PrimaryPrivateIpAddress - !GetAtt - BigipStaticExternalInterface - PrimaryPrivateIpAddress bigIp3NicInternalInterfacePrivateIp: Condition: is3Nic Description: Internally routable IP of BIG-IP instance NIC eth2 Value: !If - useDynamicInternalIpAddr - !GetAtt - BigipInternalInterface - PrimaryPrivateIpAddress - !GetAtt - BigipStaticInternalInterface - PrimaryPrivateIpAddress Parameters: allowUsageAnalytics: AllowedValues: - 'true' - 'false' Default: 'true' Description: This deployment can send anonymous statistics to F5 to help us determine how to improve our solutions. If you select **false** statistics are not sent. Type: String application: Default: f5app Description: Application Tag. Type: String bigIpInstanceProfile: Default: '' Description: BIG-IP instance profile with applied IAM policy. Type: String bigIpRuntimeInitConfig: Description: 'REQUIRED - Supply a URL to the bigip-runtime-init configuration file in YAML or JSON format, or an escaped JSON string to use for f5-bigip-runtime-init configuration.' Type: String bigIpRuntimeInitPackageUrl: Default: 'https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v1.5.1/dist/f5-bigip-runtime-init-1.5.1-1.gz.run' Description: URL for BIG-IP Runtime Init package. Type: String cost: Default: f5cost Description: Cost Center Tag. Type: String deleteBucketContentsRole: Default: '' Description: Lambda function role with applied IAM policy. Type: String environment: Default: f5env Description: Environment Tag. Type: String externalPrimaryPublicId: Default: '' Description: The allocation ID of the public IP address to apply to the primary IP configuration on the external network interface. Default is empty which does not provision public ip. Type: String externalPublicIpIds: Default: '' Description: A comma separated list of one or more Public IP addresses to associate to the external network interface secondary private addresses. **Note template only supports up to 4 addresses. numSecondaryPrivateIpAddress parameter needs to be equal to our greater than the number of addresses sent. Leaving default empty will not associate EIPS to secondary addresses. Type: CommaDelimitedList externalSecurityGroupId: Default: '' Description: The optional resource ID of a security group to apply to the external network interface. Type: String externalSelfIp: Default: '' Description: 'The private IP address to apply to external network interfaces as primary private address. The address must reside in the subnet provided in the externalSubnetId parameter. ***NOTE:*** When set to empty string, DHCP will be used for allocating ip address.' Type: String externalServiceIps: Default: '' Description: An array of one or more private IP addresses to apply to the external network interface as secondary private addresses. Type: CommaDelimitedList externalSubnetId: Default: '' Description: 'The resource ID of the external subnet. ***Note:*** Subnet ID parameters used for identifying number of network interfaces. Example: 1NIC - only Mgmt subnet id provided, 2NIC - Mgmt and Externa subnets id providedl, 3NIC - Mgmt, External and Internal subnets id provided).' Type: String group: Default: f5group Description: Group Tag. Type: String imageId: Description: REQUIRED - Provide BIG-IP AMI ID you wish to deploy. MaxLength: 255 MinLength: 1 Type: String instanceType: ConstraintDescription: Must be a valid EC2 instance type for BIG-IP Default: m5.2xlarge Description: Enter valid instance type. Type: String internalSecurityGroupId: Default: '' Description: The optional resource ID of a security group to apply to the internal network interface. Type: String internalSelfIp: Default: '' Description: The private IP address to apply to the internal network interface. The address must reside in the subnet provided in the internalSubnetId parameter. Type: String internalSubnetId: Default: '' Description: The resource ID of the internal subnet. Type: String mgmtPublicIpId: Default: '' Description: The resource ID of the public IP address to apply to the management network interface. Leave this parameter blank to create a management network interface without a public IP address. Default is empty which does not provision public ip. Type: String mgmtSecurityGroupId: Description: REQUIRED - The resource ID of a security group to apply to the management network interface. Type: String mgmtSelfIp: Default: '' Description: 'The private IP address to apply to the management network interface. The address must reside in the subnet provided in the mgmtSubnetId parameter. ***NOTE:*** When set to empty string, DHCP will be used for allocating ip address.' Type: String mgmtSubnetId: ConstraintDescription: Must be populated. Default: '' Description: 'The resource ID of the management subnet. ***Note:*** SubnetId parameters used for identifying number of network interfaces. Example: 1NIC - only Mgmt subnet id provided, 2NIC - Mgmt and Externa subnets id providedl, 3NIC - Mgmt, External and Internal subnets id provided).' Type: String numSecondaryPrivateIpAddress: Default: 1 Description: The number of dynamic secondary private IP's to associate to external nic. MinValue: 0 Type: Number cfeS3Bucket: Description: Provides BIG-IP S3 Bucket name Type: String Default: "" cfeTag: Description: Cloud Failover deployment tag value. Type: String Default: aws_quickstart owner: Default: f5owner Description: Owner Tag. Type: String peerConfigSyncAddr: Default: '' Description: Type the static self IP address of the remote host here. Leave empty if not configuring peering with a remote host on this device. Type: String secretArn: Default: '' Description: The ARN of a Secrets Manager secret to create READ permissions for. For example, if customizing your runtime-init config with an admin password, logging credential, etc. Type: String sshKey: Description: REQUIRED - Supply the public key that will be used for SSH authentication to the BIG-IP and application virtual machines. Type: 'AWS::EC2::KeyPair::KeyName' uniqueString: AllowedPattern: '^[a-zA-Z][a-zA-Z0-9]{1,11}$' ConstraintDescription: Must Contain between 1 and 12 alphanumeric characters with first character as a letter. Default: myUniqStr Description: Unique String used when creating object names or Tags. Type: String Resources: DeleteBucketContents: Type: Custom::DeleteBucketContents Condition: createS3Bucket Properties: ServiceToken: !GetAtt DeleteBucketContentsLambda.Arn bucketName: !Ref S3Bucket region: !Ref AWS::Region DeleteBucketContentsLambda: Type: AWS::Lambda::Function Condition: createS3Bucket Properties: Code: ZipFile: !Sub | #!/usr/bin/python import sys import botocore import boto3 import cfnresponse import json import logging logger = logging.getLogger() logger.setLevel(logging.INFO) def handler(event, context): logger.info('Received event: %s' % json.dumps(event,indent=2)) try: bucket_name = event["ResourceProperties"]["bucketName"] region = event["ResourceProperties"]["region"] if event['RequestType'] == 'Create' or event['RequestType'] == 'Update': cfnresponse.send(event, context, cfnresponse.SUCCESS, {}, None ) elif event['RequestType'] == 'Delete': try: s3 = boto3.client('s3', region_name=region ) except botocore.exceptions.ClientError as e: logger.error('Received client error: %s' % str(e)) sys.exit("Exiting...") logger.info('Getting objects...') objects = [] kwargs = {"Bucket": bucket_name} while True: versions = s3.list_object_versions(**kwargs) if 'Versions' in versions.keys(): for v in versions['Versions']: objects.append({'Key': v['Key'], 'VersionId': v['VersionId']}) if 'DeleteMarkers' in versions.keys(): for v in versions['DeleteMarkers']: objects.append({'Key': v['Key'], 'VersionId': v['VersionId']}) if versions['IsTruncated']: if versions.get('NextKeyMarker', 'null') != 'null': kwargs["KeyMarker"] = versions['NextKeyMarker'] else: if kwargs.get("KeyMarker"): del kwargs["KeyMarker"] if versions.get('NextVersionIdMarker', 'null') != 'null': kwargs["VersionIdMarker"] = versions['NextVersionIdMarker'] else: if kwargs.get("VersionIdMarker"): del kwargs["VersionIdMarker"] else: break if objects: for i in range(0, len(objects), 1000): s3.delete_objects( Bucket=bucket_name, Delete={'Objects': objects[i:i + 1000]} ) logger.info('SUCCESS: Deleting Bucket Contents: %s' % bucket_name) cfnresponse.send(event, context, cfnresponse.SUCCESS, {}, None) else: logger.info('SUCCESS: No objects to delete in Bucket: %s' % bucket_name) cfnresponse.send(event, context, cfnresponse.SUCCESS, {}, None) else: logger.error('FAILED: Unknown request type: %s' % event['RequestType']) cfnresponse.send(event, context, cfnresponse.FAILED, {}, None) except Exception as e: logger.error('Exception in handling the request, %s' % str(e)) cfnresponse.send(event, context, cfnresponse.FAILED, {}, None) Handler: index.handler MemorySize: 128 Role: !Ref deleteBucketContentsRole Runtime: python3.7 Timeout: 300 S3Bucket: Condition: createS3Bucket Type: 'AWS::S3::Bucket' Properties: BucketName: !Ref 'cfeS3Bucket' AccessControl: BucketOwnerFullControl BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: 'AES256' Tags: - Key: f5_cloud_failover_label Value: !Ref cfeTag - Key: application Value: !Ref 'application' - Key: costcenter Value: !Ref 'cost' - Key: environment Value: !Ref 'environment' - Key: group Value: !Ref 'group' - Key: owner Value: !Ref 'owner' BigipInternalInterface: Condition: useDynamicInternalIpAddr Properties: Description: Internal Interface for the BIG-IP GroupSet: - !If - useInternalSecurityGroupId - !Ref 'internalSecurityGroupId' - !Ref 'AWS::NoValue' SubnetId: !Ref 'internalSubnetId' Type: 'AWS::EC2::NetworkInterface' BigipManagementInterface: Condition: useDynamicManagementIpAddr Properties: Description: Management Interface for the BIG-IP SecondaryPrivateIpAddressCount: !If - useMgmtSecondary - 0 - !Ref 'numSecondaryPrivateIpAddress' GroupSet: - !Ref 'mgmtSecurityGroupId' SubnetId: !Ref 'mgmtSubnetId' Type: 'AWS::EC2::NetworkInterface' BigipExternalInterface: Condition: useDynamicExternalIpAddr Properties: Description: Public External Interface for the BIG-IP SecondaryPrivateIpAddressCount: !Ref 'numSecondaryPrivateIpAddress' GroupSet: - !Ref 'externalSecurityGroupId' SubnetId: !Ref 'externalSubnetId' Tags: - Key: f5_cloud_failover_nic_map Value: external - Key: f5_cloud_failover_label Value: !Ref cfeTag Type: 'AWS::EC2::NetworkInterface' BigipStaticInternalInterface: Condition: useStaticInternalIpAddr Properties: Description: Internal Interface for the BIG-IP GroupSet: - !If - useInternalSecurityGroupId - !Ref 'internalSecurityGroupId' - !Ref 'AWS::NoValue' PrivateIpAddress: !Ref 'internalSelfIp' SubnetId: !Ref 'internalSubnetId' Type: 'AWS::EC2::NetworkInterface' BigipStaticManagementInterface: Condition: useStaticManagementIpAddr Properties: Description: Management Interface for the BIG-IP SecondaryPrivateIpAddressCount: !If - noExternalServiceIPs - !Ref 'numSecondaryPrivateIpAddress' - !Ref 'AWS::NoValue' GroupSet: - !Ref 'mgmtSecurityGroupId' PrivateIpAddress: !If - is1Nic - !If - noExternalServiceIPs - !Ref 'mgmtSelfIp' - !Ref 'AWS::NoValue' - !Ref 'mgmtSelfIp' PrivateIpAddresses: !If - hasExternalServiceIPs - - Primary: true PrivateIpAddress: !Ref 'mgmtSelfIp' - Primary: false PrivateIpAddress: !Select - '0' - !Ref 'externalServiceIps' - !Ref 'AWS::NoValue' SubnetId: !Ref 'mgmtSubnetId' Type: 'AWS::EC2::NetworkInterface' BigipStaticExternalInterface: Condition: useStaticExternalIpAddr Properties: Description: Public External Interface for the BIG-IP GroupSet: - !Ref 'externalSecurityGroupId' PrivateIpAddresses: - Primary: true PrivateIpAddress: !Ref 'externalSelfIp' - Primary: false PrivateIpAddress: !Select - '0' - !Ref 'externalServiceIps' SubnetId: !Ref 'externalSubnetId' Tags: - Key: f5_cloud_failover_nic_map Value: external - Key: f5_cloud_failover_label Value: !Ref cfeTag Type: 'AWS::EC2::NetworkInterface' BigipVipEipAssociation: Condition: bigIpVipEipAssociation Properties: AllocationId: !Ref 'externalPrimaryPublicId' NetworkInterfaceId: !If - useDynamicExternalIpAddr - !Ref 'BigipExternalInterface' - !Ref 'BigipStaticExternalInterface' Type: 'AWS::EC2::EIPAssociation' BigipVipEipAssociation1: Condition: associateVip1 Properties: AllocationId: !Select - '0' - !Ref 'externalPublicIpIds' NetworkInterfaceId: !If - is1Nic - !If - useDynamicManagementIpAddr - !Ref 'BigipManagementInterface' - !Ref 'BigipStaticManagementInterface' - !If - useDynamicExternalIpAddr - !Ref 'BigipExternalInterface' - !Ref 'BigipStaticExternalInterface' PrivateIpAddress: !If - is1Nic - !If - useDynamicManagementIpAddr - !Select - '0' - !GetAtt - BigipManagementInterface - SecondaryPrivateIpAddresses - !Select - '0' - !GetAtt - BigipStaticManagementInterface - SecondaryPrivateIpAddresses - !If - useDynamicExternalIpAddr - !Select - '0' - !GetAtt - BigipExternalInterface - SecondaryPrivateIpAddresses - !Select - '0' - !GetAtt - BigipStaticExternalInterface - SecondaryPrivateIpAddresses Type: 'AWS::EC2::EIPAssociation' BigipVipEipAssociation2: Condition: associateVip2 Properties: AllocationId: !Select - '1' - !Ref 'externalPublicIpIds' NetworkInterfaceId: !If - is1Nic - !If - useDynamicManagementIpAddr - !Ref 'BigipManagementInterface' - !Ref 'BigipStaticManagementInterface' - !If - useDynamicExternalIpAddr - !Ref 'BigipExternalInterface' - !Ref 'BigipStaticExternalInterface' PrivateIpAddress: !If - is1Nic - !If - useDynamicManagementIpAddr - !Select - '1' - !GetAtt - BigipManagementInterface - SecondaryPrivateIpAddresses - !Select - '1' - !GetAtt - BigipStaticManagementInterface - SecondaryPrivateIpAddresses - !If - useDynamicExternalIpAddr - !Select - '1' - !GetAtt - BigipExternalInterface - SecondaryPrivateIpAddresses - !Select - '1' - !GetAtt - BigipStaticExternalInterface - SecondaryPrivateIpAddresses Type: 'AWS::EC2::EIPAssociation' BigipVipEipAssociation3: Condition: associateVip3 Properties: AllocationId: !Select - '2' - !Ref 'externalPublicIpIds' NetworkInterfaceId: !If - is1Nic - !If - useDynamicManagementIpAddr - !Ref 'BigipManagementInterface' - !Ref 'BigipStaticManagementInterface' - !If - useDynamicExternalIpAddr - !Ref 'BigipExternalInterface' - !Ref 'BigipStaticExternalInterface' PrivateIpAddress: !If - is1Nic - !If - useDynamicManagementIpAddr - !Select - '2' - !GetAtt - BigipManagementInterface - SecondaryPrivateIpAddresses - !Select - '2' - !GetAtt - BigipStaticManagementInterface - SecondaryPrivateIpAddresses - !If - useDynamicExternalIpAddr - !Select - '2' - !GetAtt - BigipExternalInterface - SecondaryPrivateIpAddresses - !Select - '2' - !GetAtt - BigipStaticExternalInterface - SecondaryPrivateIpAddresses Type: 'AWS::EC2::EIPAssociation' BigipVipEipAssociation4: Condition: associateVip4 Properties: AllocationId: !Select - '3' - !Ref 'externalPublicIpIds' NetworkInterfaceId: !If - is1Nic - !If - useDynamicManagementIpAddr - !Ref 'BigipManagementInterface' - !Ref 'BigipStaticManagementInterface' - !If - useDynamicExternalIpAddr - !Ref 'BigipExternalInterface' - !Ref 'BigipStaticExternalInterface' PrivateIpAddress: !If - is1Nic - !If - useDynamicManagementIpAddr - !Select - '3' - !GetAtt - BigipManagementInterface - SecondaryPrivateIpAddresses - !Select - '3' - !GetAtt - BigipStaticManagementInterface - SecondaryPrivateIpAddresses - !If - useDynamicExternalIpAddr - !Select - '3' - !GetAtt - BigipExternalInterface - SecondaryPrivateIpAddresses - !Select - '3' - !GetAtt - BigipStaticExternalInterface - SecondaryPrivateIpAddresses Type: 'AWS::EC2::EIPAssociation' BigipManagementEipAssociation: Condition: useMgmtPublicIP Properties: AllocationId: !Ref 'mgmtPublicIpId' NetworkInterfaceId: !If - useDynamicManagementIpAddr - !Ref 'BigipManagementInterface' - !Ref 'BigipStaticManagementInterface' Type: 'AWS::EC2::EIPAssociation' Bigip3NicInstance: Condition: is3Nic Properties: BlockDeviceMappings: - DeviceName: /dev/xvda Ebs: DeleteOnTermination: true VolumeSize: 100 VolumeType: gp2 - DeviceName: /dev/xvdb NoDevice: {} IamInstanceProfile: !If - useBigIpInstanceProfile - !Ref 'bigIpInstanceProfile' - !Ref 'AWS::NoValue' ImageId: !Ref 'imageId' InstanceType: !Ref 'instanceType' KeyName: !Ref 'sshKey' NetworkInterfaces: - Description: Management Interface DeviceIndex: '0' NetworkInterfaceId: !If - useDynamicManagementIpAddr - !Ref 'BigipManagementInterface' - !Ref 'BigipStaticManagementInterface' - Description: Public or External Interface DeviceIndex: '1' NetworkInterfaceId: !If - useDynamicExternalIpAddr - !Ref 'BigipExternalInterface' - !Ref 'BigipStaticExternalInterface' - Description: Private or Internal Interface DeviceIndex: '2' NetworkInterfaceId: !If - useDynamicInternalIpAddr - !Ref 'BigipInternalInterface' - !Ref 'BigipStaticInternalInterface' Tags: - Key: application Value: !Ref 'application' - Key: costcenter Value: !Ref 'cost' - Key: environment Value: !Ref 'environment' - Key: group Value: !Ref 'group' - Key: Name Value: !Join - '' - - !Ref 'uniqueString' - '-bigip-instance' - Key: owner Value: !Ref 'owner' UserData: !Base64 Fn::Join: - '' - - | #!/bin/bash -x - |2+ - | # Log to local file and serial console - | mkdir -p /var/log/cloud /config/cloud /var/config/rest/downloads - | LOG_FILE=/var/log/cloud/startup-script.log - | touch ${LOG_FILE} - | npipe=/tmp/$$.tmp - | trap "rm -f $npipe" EXIT - | mknod $npipe p - | tee <$npipe -a ${LOG_FILE} /dev/ttyS0 & - | exec 1>&- - | exec 1>$npipe - | exec 2>&1 - |2+ - | echo "$(date +"%Y-%m-%dT%H:%M:%S.%3NZ") : Startup Script Start" - > # Optional optimizations required as early as possible in boot sequence before MCDP starts up. - | /usr/bin/setdb provision.extramb 1000 - | /usr/bin/setdb restjavad.useextramb true - |2+ - | # VARS FROM TEMPLATE - "" - PACKAGE_URL=' - !Ref 'bigIpRuntimeInitPackageUrl' - | ' - RUNTIME_CONFIG=' - !Ref 'bigIpRuntimeInitConfig' - | ' - PEER_IP=' - !Ref 'peerConfigSyncAddr' - | ' - SECRET_ID=' - !Ref 'secretArn' - | ' - ALLOW_ANALYTICS=' - !Ref 'allowUsageAnalytics' - | ' - | # Save peer device IP to file - | if [[ ! -z "${PEER_IP}" ]]; then - |2 echo "${PEER_IP}" > /config/cloud/peerConfigSyncAddr - | fi - | echo ${SECRET_ID} > /config/cloud/secret_id - | if [[ ${ALLOW_ANALYTICS} == "false" ]]; then TELEMETRY_FLAG="--skip-telemetry"; else TELEMETRY_FLAG=""; fi - |2+ - | # Download or render f5-bigip-runtime-init config - | if [[ "${RUNTIME_CONFIG}" =~ ^http.* ]]; then - |2 for i in {1..30}; do - |2 curl -sfv --retry 1 --connect-timeout 5 -L "${RUNTIME_CONFIG}" -o /config/cloud/runtime-init.conf && break || sleep 10 - |2 done - | else - |2 printf '%s\n' "${RUNTIME_CONFIG}" | jq . > /config/cloud/runtime-init.conf - | fi - |2+ - | # Download and install f5-bigip-runtime-init package - | for i in {1..30}; do - |2 curl -fv --retry 1 --connect-timeout 5 -L "${PACKAGE_URL}" -o "/var/config/rest/downloads/${PACKAGE_URL##*/}" && break || sleep 10 - | done - |2+ - | # Run - | bash "/var/config/rest/downloads/${PACKAGE_URL##*/}" -- '--cloud aws --telemetry-params templateName:quickstart-f5-bigip-virtual-edition-ha/templates/modules/bigip-standalone/bigip-standalone.yaml' - |2+ - | # Execute Runtime-init - | f5-bigip-runtime-init --config-file /config/cloud/runtime-init.conf ${TELEMETRY_FLAG} - |2+ - '[[ $? -eq 0 ]] && /opt/aws/bin/cfn-signal -e 0 --stack ' - !Ref 'AWS::StackName' - ' --resource Bigip3NicInstance --region ' - !Ref 'AWS::Region' - |2+ - |2+ - | echo "$(date +"%Y-%m-%dT%H:%M:%S.%3NZ") : Startup Script Finish" - '' Type: 'AWS::EC2::Instance' Bigip2NicInstance: Condition: is2Nic Properties: BlockDeviceMappings: - DeviceName: /dev/xvda Ebs: DeleteOnTermination: true VolumeSize: 100 VolumeType: gp2 - DeviceName: /dev/xvdb NoDevice: {} IamInstanceProfile: !If - useBigIpInstanceProfile - !Ref 'bigIpInstanceProfile' - !Ref 'AWS::NoValue' ImageId: !Ref 'imageId' InstanceType: !Ref 'instanceType' KeyName: !Ref 'sshKey' NetworkInterfaces: - Description: Management Interface DeviceIndex: '0' NetworkInterfaceId: !If - useDynamicManagementIpAddr - !Ref 'BigipManagementInterface' - !Ref 'BigipStaticManagementInterface' - Description: Public or External Interface DeviceIndex: '1' NetworkInterfaceId: !If - useDynamicExternalIpAddr - !Ref 'BigipExternalInterface' - !Ref 'BigipStaticExternalInterface' Tags: - Key: application Value: !Ref 'application' - Key: costcenter Value: !Ref 'cost' - Key: environment Value: !Ref 'environment' - Key: group Value: !Ref 'group' - Key: Name Value: !Join - '' - - !Ref 'uniqueString' - '-bigip-instance' - Key: owner Value: !Ref 'owner' UserData: !Base64 Fn::Join: - '' - - | #!/bin/bash -x - |2+ - | # Log to local file and serial console - | mkdir -p /var/log/cloud /config/cloud /var/config/rest/downloads - | LOG_FILE=/var/log/cloud/startup-script.log - | touch ${LOG_FILE} - | npipe=/tmp/$$.tmp - | trap "rm -f $npipe" EXIT - | mknod $npipe p - | tee <$npipe -a ${LOG_FILE} /dev/ttyS0 & - | exec 1>&- - | exec 1>$npipe - | exec 2>&1 - |2+ - | echo "$(date +"%Y-%m-%dT%H:%M:%S.%3NZ") : Starting Custom Script" - > # Optional optimizations required as early as possible in boot sequence before MCDP starts up. - | /usr/bin/setdb provision.extramb 1000 - | /usr/bin/setdb restjavad.useextramb true - |2+ - | # VARS FROM TEMPLATE - "" - PACKAGE_URL=' - !Ref 'bigIpRuntimeInitPackageUrl' - | ' - RUNTIME_CONFIG=' - !Ref 'bigIpRuntimeInitConfig' - | ' - PEER_IP=' - !Ref 'peerConfigSyncAddr' - | ' - SECRET_ID=' - !Ref 'secretArn' - | ' - ALLOW_ANALYTICS=' - !Ref 'allowUsageAnalytics' - | ' - | # Save peer device IP to file - | if [[ ! -z "${PEER_IP}" ]]; then - |2 echo "${PEER_IP}" > /config/cloud/peerConfigSyncAddr - | fi - | echo ${SECRET_ID} > /config/cloud/secret_id - | if [[ ${ALLOW_ANALYTICS} == "false" ]]; then TELEMETRY_FLAG="--skip-telemetry"; else TELEMETRY_FLAG=""; fi - |2+ - | # Download or render f5-bigip-runtime-init config - | if [[ "${RUNTIME_CONFIG}" =~ ^http.* ]]; then - |2 for i in {1..30}; do - |2 curl -sfv --retry 1 --connect-timeout 5 -L "${RUNTIME_CONFIG}" -o /config/cloud/runtime-init.conf && break || sleep 10 - |2 done - | else - |2 printf '%s\n' "${RUNTIME_CONFIG}" | jq . > /config/cloud/runtime-init.conf - | fi - |2+ - | # Download and install f5-bigip-runtime-init package - | for i in {1..30}; do - |2 curl -fv --retry 1 --connect-timeout 5 -L "${PACKAGE_URL}" -o "/var/config/rest/downloads/${PACKAGE_URL##*/}" && break || sleep 10 - | done - |2+ - | # Run - | bash "/var/config/rest/downloads/${PACKAGE_URL##*/}" -- '--cloud aws' - |2+ - | # Execute Runtime-init - | f5-bigip-runtime-init --config-file /config/cloud/runtime-init.conf ${TELEMETRY_FLAG} - |2+ - '[[ $? -eq 0 ]] && /opt/aws/bin/cfn-signal -e 0 --stack ' - !Ref 'AWS::StackName' - ' --resource Bigip2NicInstance --region ' - !Ref 'AWS::Region' - |2+ - |2+ - | echo "$(date +"%Y-%m-%dT%H:%M:%S.%3NZ") : Startup Script Finish" - '' Type: 'AWS::EC2::Instance' Bigip1NicInstance: Condition: is1Nic Properties: BlockDeviceMappings: - DeviceName: /dev/xvda Ebs: DeleteOnTermination: true VolumeSize: 100 VolumeType: gp2 - DeviceName: /dev/xvdb NoDevice: {} IamInstanceProfile: !If - useBigIpInstanceProfile - !Ref 'bigIpInstanceProfile' - !Ref 'AWS::NoValue' ImageId: !Ref 'imageId' InstanceType: !Ref 'instanceType' KeyName: !Ref 'sshKey' NetworkInterfaces: - Description: Management Interface DeviceIndex: '0' NetworkInterfaceId: !If - useDynamicManagementIpAddr - !Ref 'BigipManagementInterface' - !Ref 'BigipStaticManagementInterface' Tags: - Key: application Value: !Ref 'application' - Key: costcenter Value: !Ref 'cost' - Key: environment Value: !Ref 'environment' - Key: group Value: !Ref 'group' - Key: Name Value: !Join - '' - - !Ref 'uniqueString' - '-bigip-instance' - Key: owner Value: !Ref 'owner' UserData: !Base64 Fn::Join: - '' - - | #!/bin/bash -x - |2+ - | # Log to local file and serial console - | mkdir -p /var/log/cloud /config/cloud /var/config/rest/downloads - | LOG_FILE=/var/log/cloud/startup-script.log - | touch ${LOG_FILE} - | npipe=/tmp/$$.tmp - | trap "rm -f $npipe" EXIT - | mknod $npipe p - | tee <$npipe -a ${LOG_FILE} /dev/ttyS0 & - | exec 1>&- - | exec 1>$npipe - | exec 2>&1 - |2+ - | echo "$(date +"%Y-%m-%dT%H:%M:%S.%3NZ") : Starting Custom Script" - > # Optional optimizations required as early as possible in boot sequence before MCDP starts up. - | /usr/bin/setdb provision.extramb 1000 - | /usr/bin/setdb restjavad.useextramb true - |2+ - | # VARS FROM TEMPLATE - "" - PACKAGE_URL=' - !Ref 'bigIpRuntimeInitPackageUrl' - | ' - RUNTIME_CONFIG=' - !Ref 'bigIpRuntimeInitConfig' - | ' - PEER_IP=' - !Ref 'peerConfigSyncAddr' - | ' - SECRET_ID=' - !Ref 'secretArn' - | ' - ALLOW_ANALYTICS=' - !Ref 'allowUsageAnalytics' - | ' - | # Save peer device IP to file - | if [[ ! -z "${PEER_IP}" ]]; then - |2 echo "${PEER_IP}" > /config/cloud/peerConfigSyncAddr - | fi - | echo ${SECRET_ID} > /config/cloud/secret_id - | if [[ ${ALLOW_ANALYTICS} == "false" ]]; then TELEMETRY_FLAG="--skip-telemetry"; else TELEMETRY_FLAG=""; fi - |2+ - | # Download or render f5-bigip-runtime-init config - | if [[ "${RUNTIME_CONFIG}" =~ ^http.* ]]; then - |2 for i in {1..30}; do - |2 curl -sfv --retry 1 --connect-timeout 5 -L "${RUNTIME_CONFIG}" -o /config/cloud/runtime-init.conf && break || sleep 10 - |2 done - | else - |2 printf '%s\n' "${RUNTIME_CONFIG}" | jq . > /config/cloud/runtime-init.conf - | fi - |2+ - | # Download and install f5-bigip-runtime-init package - | for i in {1..30}; do - |2 curl -fv --retry 1 --connect-timeout 5 -L "${PACKAGE_URL}" -o "/var/config/rest/downloads/${PACKAGE_URL##*/}" && break || sleep 10 - | done - |2+ - | # Run - | bash "/var/config/rest/downloads/${PACKAGE_URL##*/}" -- '--cloud aws --telemetry-params templateName:quickstart-f5-bigip-virtual-edition-ha/templates/modules/bigip-standalone/bigip-standalone.yaml' - |2+ - | # Execute Runtime-init - | f5-bigip-runtime-init --config-file /config/cloud/runtime-init.conf ${TELEMETRY_FLAG} - |2+ - '[[ $? -eq 0 ]] && /opt/aws/bin/cfn-signal -e 0 --stack ' - !Ref 'AWS::StackName' - ' --resource Bigip1NicInstance --region ' - !Ref 'AWS::Region' - |2+ - |2+ - | echo "$(date +"%Y-%m-%dT%H:%M:%S.%3NZ") : Startup Script Finish" - '' Type: 'AWS::EC2::Instance'