Skip to content

Instantly share code, notes, and snippets.

@f5-applebaum

f5-applebaum/example-cfn-signal

Created April 3, 2020 18:29
Show Gist options
  • Save f5-applebaum/d9209d02acaffbcf0d97954956a1fbd6 to your computer and use it in GitHub Desktop.
Save f5-applebaum/d9209d02acaffbcf0d97954956a1fbd6 to your computer and use it in GitHub Desktop.
Download ZIP
example-cfn-signal
Raw
example-cfn-signal
{
"AWSTemplateFormatVersion": "2010-09-09",
"Conditions": {
"noCustomImageId": {
"Fn::Equals": [
"OPTIONAL",
{
"Ref": "customImageId"
}
]
},
"optin": {
"Fn::Equals": [
"Yes",
{
"Ref": "allowUsageAnalytics"
}
]
},
"useChinaRegion": {
"Fn::Or": [
{
"Fn::Equals": [
"cn-north-1",
{
"Ref": "AWS::Region"
}
]
},
{
"Fn::Equals": [
"cn-northwest-1",
{
"Ref": "AWS::Region"
}
]
}
]
},
"useDynamicExternalIpAddr": {
"Fn::Or": [
{
"Fn::Equals": [
"DYNAMIC",
{
"Ref": "subnet1Az1Address"
}
]
},
{
"Fn::Equals": [
"",
{
"Ref": "subnet1Az1Address"
}
]
}
]
},
"useDynamicManagementIpAddr": {
"Fn::Or": [
{
"Fn::Equals": [
"DYNAMIC",
{
"Ref": "managementSubnetAz1Address"
}
]
},
{
"Fn::Equals": [
"",
{
"Ref": "managementSubnetAz1Address"
}
]
}
]
},
"usePublicIP": {
"Fn::Equals": [
"Yes",
{
"Ref": "provisionPublicIP"
}
]
},
"useStaticExternalIpAddr": {
"Fn::Not": [
{
"Fn::Or": [
{
"Fn::Equals": [
"DYNAMIC",
{
"Ref": "subnet1Az1Address"
}
]
},
{
"Fn::Equals": [
"",
{
"Ref": "subnet1Az1Address"
}
]
}
]
}
]
},
"useStaticManagementIpAddr": {
"Fn::Not": [
{
"Fn::Or": [
{
"Fn::Equals": [
"DYNAMIC",
{
"Ref": "managementSubnetAz1Address"
}
]
},
{
"Fn::Equals": [
"",
{
"Ref": "managementSubnetAz1Address"
}
]
}
]
}
]
}
},
"Description": "Template v5.4.0: AWS CloudFormation Template for creating a 2NIC BIG-IP in an existing VPC **WARNING** This template creates Amazon EC2 Instances. You will be billed for the AWS resources used if you create a stack from this template.",
"Mappings": {
"BigipRegionMap": {
"ap-east-1": {
"AllOneBootLocation": "ami-c9ee95b8",
"AllTwoBootLocations": "ami-27ed9656",
"LTMOneBootLocation": "ami-deef94af"
},
"ap-northeast-1": {
"AllOneBootLocation": "ami-096671f558c7d2530",
"AllTwoBootLocations": "ami-08510be8d64368756",
"LTMOneBootLocation": "ami-011589e7d853d4359",
"LTMTwoBootLocations": "ami-0bd9df6e06fecd5a1"
},
"ap-northeast-2": {
"AllOneBootLocation": "ami-0df05f05f8c970709",
"AllTwoBootLocations": "ami-0530d52fac71f6e82",
"LTMOneBootLocation": "ami-08796bc9c9f164a08",
"LTMTwoBootLocations": "ami-06f1c4878d54ac517"
},
"ap-south-1": {
"AllOneBootLocation": "ami-090aa83b39527c541",
"AllTwoBootLocations": "ami-01bbcc782c45af8a4",
"LTMOneBootLocation": "ami-067c5da90794dd3c2",
"LTMTwoBootLocations": "ami-0867ef828cc8c30dd"
},
"ap-southeast-1": {
"AllOneBootLocation": "ami-049cce988471c0227",
"AllTwoBootLocations": "ami-0c9f55ccc6f778a91",
"LTMOneBootLocation": "ami-0f4938e554d173674",
"LTMTwoBootLocations": "ami-0f1fd06a90a04f3ed"
},
"ap-southeast-2": {
"AllOneBootLocation": "ami-09be82ac83adb2c1e",
"AllTwoBootLocations": "ami-054591015cab835d3",
"LTMOneBootLocation": "ami-0a3820cf8e45771dc",
"LTMTwoBootLocations": "ami-0c2afa7c0613d62a8"
},
"ca-central-1": {
"AllOneBootLocation": "ami-06aa987c881dcd714",
"AllTwoBootLocations": "ami-038e6394d715e5eac",
"LTMOneBootLocation": "ami-0a4f42c41eaf9832a",
"LTMTwoBootLocations": "ami-09a94bf50bd4b7c8b"
},
"cn-north-1": {
"AllOneBootLocation": "ami-02a4eadd528179520",
"AllTwoBootLocations": "ami-0e9d133cb51a5ea54",
"LTMOneBootLocation": "ami-0bb977a18d3d3bce0",
"LTMTwoBootLocations": "ami-0b0893aea8ca6808a"
},
"cn-northwest-1": {
"AllOneBootLocation": "ami-06def9c5e86bfc63d",
"AllTwoBootLocations": "ami-087064b9feb50ed29",
"LTMOneBootLocation": "ami-0e4d71c1a9f52803a",
"LTMTwoBootLocations": "ami-01d8c02e410f4bc76"
},
"eu-central-1": {
"AllOneBootLocation": "ami-0bcfa650ab19533e9",
"AllTwoBootLocations": "ami-031c6012c272498be",
"LTMOneBootLocation": "ami-0acc4b90f452d707a",
"LTMTwoBootLocations": "ami-0d27c42ae86786669"
},
"eu-north-1": {
"AllOneBootLocation": "ami-49129937",
"LTMOneBootLocation": "ami-65109b1b"
},
"eu-west-1": {
"AllOneBootLocation": "ami-037c8403c73590b01",
"AllTwoBootLocations": "ami-067d8500d82af47c9",
"LTMOneBootLocation": "ami-0a7bf3fb7a59b3ed9",
"LTMTwoBootLocations": "ami-0960ddbbae08082fc"
},
"eu-west-2": {
"AllOneBootLocation": "ami-00b2ccf71b68b62c0",
"AllTwoBootLocations": "ami-0193c8a462d050408",
"LTMOneBootLocation": "ami-08d8ff242d8ae48ce",
"LTMTwoBootLocations": "ami-0cb290c91502996de"
},
"eu-west-3": {
"AllOneBootLocation": "ami-0eb08a0010b9835cb",
"AllTwoBootLocations": "ami-0659962f167fe5e0d",
"LTMOneBootLocation": "ami-03cbf76e8b4a2b123",
"LTMTwoBootLocations": "ami-0bf45893acd1c3f09"
},
"me-south-1": {
"AllOneBootLocation": "ami-06f29ff7a06cc9100",
"LTMOneBootLocation": "ami-0b42034baf290ddaf",
"LTMTwoBootLocations": "ami-048c1150cf8bd0754"
},
"sa-east-1": {
"AllOneBootLocation": "ami-0cc83d7ec7b62d621",
"AllTwoBootLocations": "ami-0c25a35d917868b77",
"LTMOneBootLocation": "ami-08773b0511f8a64e9",
"LTMTwoBootLocations": "ami-0be67061c9dee85e0"
},
"us-east-1": {
"AllOneBootLocation": "ami-0b4f8afb3f3923b65",
"AllTwoBootLocations": "ami-0587d4753c1bb51bf",
"LTMOneBootLocation": "ami-0809a47158d77a9ec",
"LTMTwoBootLocations": "ami-02d3d737be08da483"
},
"us-east-2": {
"AllOneBootLocation": "ami-08a3e27ead32f92b6",
"AllTwoBootLocations": "ami-0f553adec408621a4",
"LTMOneBootLocation": "ami-0a5c247df06cac55d",
"LTMTwoBootLocations": "ami-0bf2f41f128e896bf"
},
"us-gov-east-1": {
"AllOneBootLocation": "ami-fcc1218d",
"AllTwoBootLocations": "ami-1bc1216a",
"LTMOneBootLocation": "ami-f4f91985",
"LTMTwoBootLocations": "ami-e8f91999"
},
"us-gov-west-1": {
"AllOneBootLocation": "ami-26397147",
"AllTwoBootLocations": "ami-c13e76a0",
"LTMOneBootLocation": "ami-6a10580b",
"LTMTwoBootLocations": "ami-b0256dd1"
},
"us-west-1": {
"AllOneBootLocation": "ami-090dfc5a7281555c0",
"AllTwoBootLocations": "ami-0043eb7dc36b3aadc",
"LTMOneBootLocation": "ami-0b2bd5232166b78e6",
"LTMTwoBootLocations": "ami-037341c30369bdab0"
},
"us-west-2": {
"AllOneBootLocation": "ami-0d90f0e9456f7d3c0",
"AllTwoBootLocations": "ami-04dc0e40327303299",
"LTMOneBootLocation": "ami-04583924cae895270",
"LTMTwoBootLocations": "ami-0533d7ff84139d49d"
}
}
},
"Metadata": {
"AWS::CloudFormation::Interface": {
"ParameterGroups": [
{
"Label": {
"default": "NETWORKING CONFIGURATION"
},
"Parameters": [
"Vpc",
"managementSubnetAz1",
"managementSubnetAz1Address",
"managementSubnetAz2",
"subnet1Az1",
"subnet1Az1Address",
"subnet1Az2",
"subnet2Az1",
"subnet2Az1Address",
"subnet2Az2",
"availabilityZone1",
"availabilityZone2",
"numberOfAdditionalNics",
"additionalNicLocation",
"provisionPublicIP"
]
},
{
"Label": {
"default": "INSTANCE CONFIGURATION"
},
"Parameters": [
"imageName",
"customImageId",
"instanceType",
"applicationInstanceType",
"licenseKey1",
"licenseKey2",
"managementGuiPort",
"sshKey",
"restrictedSrcAddress",
"restrictedSrcAddressApp",
"ntpServer",
"timezone",
"bigIpModules"
]
},
{
"Label": {
"default": "TAGS"
},
"Parameters": [
"application",
"environment",
"group",
"owner",
"costcenter"
]
},
{},
{
"Label": {
"default": "TEMPLATE ANALYTICS"
},
"Parameters": [
"allowUsageAnalytics"
]
},
{
"Label": {
"default": "VIRTUAL SERVICE CONFIGURATION"
},
"Parameters": [
"declarationUrl"
]
}
],
"ParameterLabels": {
"Vpc": {
"default": "VPC"
},
"additionalNicLocation": {
"default": "Additional NIC Location"
},
"allowUsageAnalytics": {
"default": "Send Anonymous Statistics to F5"
},
"application": {
"default": "Application"
},
"applicationInstanceType": {
"default": "Application Instance Type"
},
"availabilityZone1": {
"default": "Availability Zone 1"
},
"availabilityZone2": {
"default": "Availability Zone 2"
},
"bigIpModules": {
"default": "BIG-IP Modules"
},
"costcenter": {
"default": "Cost Center"
},
"customImageId": {
"default": "Custom Image Id"
},
"declarationUrl": {
"default": "AS3 Declaration URL"
},
"environment": {
"default": "Environment"
},
"group": {
"default": "Group"
},
"imageName": {
"default": "BIG-IP Image Name"
},
"instanceType": {
"default": "AWS Instance Size"
},
"licenseKey1": {
"default": "License Key 1"
},
"licenseKey2": {
"default": "License Key 2"
},
"managementGuiPort": {
"default": "BIG-IP Management Port"
},
"managementSubnetAz1": {
"default": "Management Subnet AZ1"
},
"managementSubnetAz1Address": {
"default": "Management Subnet AZ1 Static IP Address"
},
"managementSubnetAz2": {
"default": "Management Subnet AZ2"
},
"ntpServer": {
"default": "NTP Server"
},
"numberOfAdditionalNics": {
"default": "Number Of Additional NICs"
},
"owner": {
"default": "Owner"
},
"provisionPublicIP": {
"default": "Provision Public IP addresses for the BIG-IP interfaces"
},
"restrictedSrcAddress": {
"default": "Source Address(es) for Management Access"
},
"restrictedSrcAddressApp": {
"default": "Source Address(es) for Web Application Access (80/443)"
},
"sshKey": {
"default": "SSH Key"
},
"subnet1Az1": {
"default": "Subnet1 in AZ1"
},
"subnet1Az1Address": {
"default": "Subnet1 AZ1 Static IP Addresses"
},
"subnet1Az2": {
"default": "Subnet1 in AZ2"
},
"subnet2Az1": {
"default": "Subnet2 in AZ1"
},
"subnet2Az1Address": {
"default": "Subnet2 AZ1 Static IP Address"
},
"subnet2Az2": {
"default": "Subnet2 in AZ2"
},
"timezone": {
"default": "Timezone (Olson)"
}
}
},
"Version": "5.4.0"
},
"Outputs": {
"Bigip1ExternalInterfacePrivateIp": {
"Description": "Internally routable IP of the public interface on BIG-IP",
"Value": {
"Fn::If": [
"useDynamicExternalIpAddr",
{
"Fn::GetAtt": [
"Bigip1subnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
},
{
"Fn::GetAtt": [
"Bigip1Staticsubnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
}
]
}
},
"Bigip1InstanceId": {
"Description": "Instance Id of BIG-IP in Amazon",
"Value": {
"Ref": "Bigip1Instance"
}
},
"Bigip1ManagementEipAddress": {
"Condition": "usePublicIP",
"Description": "IP address of the management port on BIG-IP",
"Value": {
"Ref": "Bigip1ManagementEipAddress"
}
},
"Bigip1ManagementInterface": {
"Condition": "usePublicIP",
"Description": "Management interface ID on BIG-IP",
"Value": {
"Fn::If": [
"useDynamicManagementIpAddr",
{
"Ref": "Bigip1ManagementInterface"
},
{
"Ref": "Bigip1StaticManagementInterface"
}
]
}
},
"Bigip1ManagementInterfacePrivateIp": {
"Condition": "usePublicIP",
"Description": "Internally routable IP of the management interface on BIG-IP",
"Value": {
"Fn::If": [
"useDynamicManagementIpAddr",
{
"Fn::GetAtt": [
"Bigip1ManagementInterface",
"PrimaryPrivateIpAddress"
]
},
{
"Fn::GetAtt": [
"Bigip1StaticManagementInterface",
"PrimaryPrivateIpAddress"
]
}
]
}
},
"Bigip1Url": {
"Condition": "usePublicIP",
"Description": "BIG-IP Management GUI",
"Value": {
"Fn::Join": [
"",
[
"https://",
{
"Fn::GetAtt": [
"Bigip1Instance",
"PublicIp"
]
}
]
]
}
},
"Bigip1VipEipAddress": {
"Condition": "usePublicIP",
"Description": "EIP address for VIP",
"Value": {
"Fn::Join": [
"",
[
"http://",
{
"Ref": "Bigip1VipEipAddress"
},
":80"
]
]
}
},
"Bigip1VipPrivateIp": {
"Condition": "usePublicIP",
"Description": "VIP on External Interface Secondary IP 1",
"Value": {
"Fn::If": [
"useDynamicExternalIpAddr",
{
"Fn::Select": [
"0",
{
"Fn::GetAtt": [
"Bigip1subnet1Az1Interface",
"SecondaryPrivateIpAddresses"
]
}
]
},
{
"Fn::Select": [
"0",
{
"Fn::GetAtt": [
"Bigip1Staticsubnet1Az1Interface",
"SecondaryPrivateIpAddresses"
]
}
]
}
]
}
},
"Bigip1subnet1Az1Interface": {
"Description": "External interface Id on BIG-IP",
"Value": {
"Fn::If": [
"useDynamicExternalIpAddr",
{
"Ref": "Bigip1subnet1Az1Interface"
},
{
"Ref": "Bigip1Staticsubnet1Az1Interface"
}
]
}
},
"Bigip1subnet1Az1SelfEipAddress": {
"Condition": "usePublicIP",
"Description": "IP Address of the External interface attached to BIG-IP",
"Value": {
"Ref": "Bigip1subnet1Az1SelfEipAddress"
}
},
"availabilityZone1": {
"Description": "Availability Zone",
"Value": {
"Fn::GetAtt": [
"Bigip1Instance",
"AvailabilityZone"
]
}
},
"bigipExternalSecurityGroup": {
"Description": "Public or External Security Group",
"Value": {
"Ref": "bigipExternalSecurityGroup"
}
},
"bigipManagementSecurityGroup": {
"Description": "Management Security Group",
"Value": {
"Ref": "bigipManagementSecurityGroup"
}
}
},
"Parameters": {
"Vpc": {
"ConstraintDescription": "This must be an existing VPC within the working region.",
"Type": "AWS::EC2::VPC::Id"
},
"allowUsageAnalytics": {
"AllowedValues": [
"Yes",
"No"
],
"Default": "Yes",
"Description": "This deployment can send anonymous statistics to F5 to help us determine how to improve our solutions. If you select **No** statistics are not sent.",
"Type": "String"
},
"application": {
"Default": "f5app",
"Description": "Name of the Application Tag",
"Type": "String"
},
"bigIpModules": {
"Default": "ltm:nominal",
"Description": "Comma separated list of modules and levels to provision, for example: ltm:nominal,asm:nominal",
"Type": "String"
},
"costcenter": {
"Default": "f5costcenter",
"Description": "Name of the Cost Center Tag",
"Type": "String"
},
"customImageId": {
"ConstraintDescription": "Must be a valid AMI Id",
"Default": "OPTIONAL",
"Description": "If you would like to deploy using a custom BIG-IP image, provide the AMI Id. **Note**: Unless specifically required, leave the default of **OPTIONAL**",
"MaxLength": 255,
"MinLength": 1,
"Type": "String"
},
"declarationUrl": {
"AllowedPattern": "^(http:\\/\\/|https:\\/\\/)?[a-z0-9]+([\\-\\.]{1}[a-z0-9]+)*\\.[a-z]{2,5}(:[0-9]{1,5})?(\\/.*)?$|^none$",
"Default": "none",
"Description": "URL for the AS3 declaration JSON file to be deployed. Leave as **none** to deploy without a service configuration.",
"Type": "String"
},
"environment": {
"Default": "f5env",
"Description": "Name of the Environment Tag",
"Type": "String"
},
"group": {
"Default": "f5group",
"Description": "Name of the Group Tag",
"Type": "String"
},
"imageName": {
"AllowedValues": [
"AllOneBootLocation",
"AllTwoBootLocations",
"LTMOneBootLocation",
"LTMTwoBootLocations"
],
"ConstraintDescription": "Must be a valid F5 BIG-IP VE image type",
"Default": "AllTwoBootLocations",
"Description": "Image names starting with All have all BIG-IP modules available. Image names starting with LTM have only the LTM module available. Use Two Boot Locations if you expect to upgrade the BIG-IP VE in the future (the Two Boot Location options are only applicable to BIG-IP v13.1.1 or later). If you do not need room to upgrade (if you intend to create a new instance when a new version of BIG-IP VE is released), use one Boot Location.",
"Type": "String"
},
"instanceType": {
"AllowedValues": [
"m5.xlarge",
"m5.4xlarge",
"m5.large",
"m5.12xlarge",
"m4.xlarge",
"m4.large",
"m4.4xlarge",
"m4.2xlarge",
"m4.16xlarge",
"m4.10xlarge",
"m3.xlarge",
"m3.medium",
"m3.large",
"m3.2xlarge",
"cc2.8xlarge",
"c5.xlarge",
"c5.large",
"c5.4xlarge",
"c5.9xlarge",
"c4.xlarge",
"c4.8xlarge",
"c4.4xlarge",
"c4.2xlarge",
"c3.xlarge",
"c3.8xlarge",
"c3.4xlarge",
"c3.2xlarge",
"c5n.2xlarge",
"c5n.4xlarge"
],
"ConstraintDescription": "Must be a valid EC2 instance type for BIG-IP",
"Default": "m5.xlarge",
"Description": "Size of the F5 BIG-IP Virtual Instance",
"Type": "String"
},
"licenseKey1": {
"AllowedPattern": "([\\x41-\\x5A][\\x41-\\x5A|\\x30-\\x39]{4})\\-([\\x41-\\x5A|\\x30-\\x39]{5})\\-([\\x41-\\x5A|\\x30-\\x39]{5})\\-([\\x41-\\x5A|\\x30-\\x39]{5})\\-([\\x41-\\x5A|\\x30-\\x39]{7})",
"ConstraintDescription": "Verify your F5 BYOL regkey.",
"Description": "F5 BYOL license key",
"MaxLength": "255",
"MinLength": "1",
"Type": "String"
},
"managementSubnetAz1": {
"ConstraintDescription": "The subnet ID must be within an existing VPC",
"Description": "Management Subnet ID",
"Type": "AWS::EC2::Subnet::Id"
},
"managementSubnetAz1Address": {
"Default": "DYNAMIC",
"Description": "Optional. If you want to assign a static IP address in the subnet, type it here. Otherwise leave DYNAMIC and a dynamic address is assigned based on the subnet you specified.",
"Type": "String"
},
"ntpServer": {
"Default": "0.pool.ntp.org",
"Description": "NTP server for this implementation",
"Type": "String"
},
"owner": {
"Default": "f5owner",
"Description": "Name of the Owner Tag",
"Type": "String"
},
"provisionPublicIP": {
"AllowedValues": [
"Yes",
"No"
],
"Default": "Yes",
"Description": "Whether or not to provision Public IP Addresses for the BIG-IP Network Interfaces. By Default no Public IP addresses are provisioned.",
"Type": "String"
},
"restrictedSrcAddress": {
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "Must be a valid IP CIDR range of the form x.x.x.x/x.",
"Description": " The IP address range used to SSH and access managment GUI on the EC2 instances",
"MaxLength": "18",
"MinLength": "9",
"Type": "String"
},
"restrictedSrcAddressApp": {
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "Must be a valid IP CIDR range of the form x.x.x.x/x.",
"Description": " The IP address range that can be used to access web traffic (80/443) to the EC2 instances",
"MaxLength": "18",
"MinLength": "9",
"Type": "String"
},
"sshKey": {
"Description": "EC2 KeyPair to enable SSH access to the BIG-IP instance",
"Type": "AWS::EC2::KeyPair::KeyName"
},
"subnet1Az1": {
"ConstraintDescription": "The subnet ID must be within an existing VPC",
"Description": "Public or External subnet",
"Type": "AWS::EC2::Subnet::Id"
},
"subnet1Az1Address": {
"Default": "DYNAMIC",
"Description": "Optional. If you want to assign static IP address(es) in the subnet, type them here. Separate multiple IP addresses with a comma (the first is the Primary IP address, all others are Secondary). Otherwise leave DYNAMIC and a dynamic address is assigned based on the subnet you specified.",
"Type": "String"
},
"timezone": {
"Default": "UTC",
"Description": "Enter the Olson timezone string from /usr/share/zoneinfo. The default is 'UTC'. See the TZ column here (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) for legal values. For example, 'US/Eastern'.",
"Type": "String"
}
},
"Resources": {
"Bigip1Instance": {
"CreationPolicy": {
"ResourceSignal": {
"Timeout": "PT10M"
}
},
"Metadata": {
"AWS::CloudFormation::Init": {
"config": {
"commands": {
"000-disable-1nicautoconfig": {
"command": "/usr/bin/setdb provision.1nicautoconfig disable"
},
"010-install-libs": {
"command": {
"Fn::Join": [
" ",
[
"mkdir -p /var/log/cloud/aws;",
"nohup /config/installCloudLibs.sh",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
},
"020-generate-password": {
"command": {
"Fn::Join": [
"",
[
"nohup /config/waitThenRun.sh",
" f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/runScript.js",
" --signal PASSWORD_CREATED",
" --file f5-rest-node",
" --cl-args '/config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/generatePassword --file /config/cloud/aws/.adminPassword --encrypt'",
" --log-level silly",
" -o /var/log/cloud/aws/generatePassword.log",
" &>> /var/log/cloud/aws/install.log < /dev/null",
" &"
]
]
}
},
"030-create-admin-user": {
"command": {
"Fn::Join": [
"",
[
"nohup /config/waitThenRun.sh",
" f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/runScript.js",
" --wait-for PASSWORD_CREATED",
" --signal ADMIN_CREATED",
" --file /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/createUser.sh",
" --cl-args '--user admin",
" --password-file /config/cloud/aws/.adminPassword",
" --password-encrypted",
"'",
" --log-level silly",
" -o /var/log/cloud/aws/createUser.log",
" &>> /var/log/cloud/aws/install.log < /dev/null",
" &"
]
]
}
},
"040-network-config": {
"command": {
"Fn::Join": [
"",
[
"GATEWAY_MAC=`ifconfig eth1 | egrep ether | awk '{print tolower($2)}'`; ",
"GATEWAY_CIDR_BLOCK=`curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/network/interfaces/macs/${GATEWAY_MAC}/subnet-ipv4-cidr-block`; ",
"GATEWAY_NET=${GATEWAY_CIDR_BLOCK%/*}; ",
"GATEWAY_PREFIX=${GATEWAY_CIDR_BLOCK#*/}; ",
"GATEWAY=`echo ${GATEWAY_NET} | awk -F. '{ print $1\".\"$2\".\"$3\".\"$4+1 }'`; ",
"nohup /config/waitThenRun.sh ",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/network.js ",
"--host localhost ",
"--user admin ",
"--password-url file:///config/cloud/aws/.adminPassword ",
"--password-encrypted ",
"-o /var/log/cloud/aws/network.log ",
"--log-level silly ",
"--wait-for ADMIN_CREATED ",
"--signal NETWORK_CONFIG_DONE ",
"--vlan name:external,nic:1.1 ",
"--default-gw ${GATEWAY} ",
"--self-ip name:external-self,address:",
{
"Fn::If": [
"useDynamicExternalIpAddr",
{
"Fn::GetAtt": [
"Bigip1subnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
},
{
"Fn::GetAtt": [
"Bigip1Staticsubnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
}
]
},
"/${GATEWAY_PREFIX},vlan:external ",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
},
"050-onboard-BIG-IP": {
"command": {
"Fn::If": [
"optin",
{
"Fn::Join": [
" ",
[
"REGION=\"",
{
"Ref": "AWS::Region"
},
"\";",
"DEPLOYMENTID=`echo \"",
{
"Ref": "AWS::StackId"
},
"\"|sha512sum|cut -d \" \" -f 1`;",
"CUSTOMERID=`echo \"",
{
"Ref": "AWS::AccountId"
},
"\"|sha512sum|cut -d \" \" -f 1`;",
"NAME_SERVER=`/config/cloud/aws/getNameServer.sh eth1`;",
"nohup /config/waitThenRun.sh",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/onboard.js",
"--install-ilx-package file:///config/cloud/f5-appsvcs-3.5.1-5.noarch.rpm",
"--wait-for NETWORK_CONFIG_DONE",
"--signal ONBOARD_DONE",
"-o /var/log/cloud/aws/onboard.log",
"--log-level silly",
"--no-reboot",
"--host localhost",
"--user admin",
"--password-url file:///config/cloud/aws/.adminPassword",
"--password-encrypted",
"--hostname `curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/hostname`",
"--ntp ",
{
"Ref": "ntpServer"
},
"--tz ",
{
"Ref": "timezone"
},
"--dns ${NAME_SERVER}",
"--modules ",
{
"Ref": "bigIpModules"
},
"--license ",
{
"Ref": "licenseKey1"
},
"--metrics \"cloudName:aws,region:${REGION},bigIpVersion:15.0.1-0.0.11,customerId:${CUSTOMERID},deploymentId:${DEPLOYMENTID},templateName:f5-existing-stack-byol-2nic-bigip.template,templateVersion:5.4.0,licenseType:byol\"",
"-d tm.tcpudptxchecksum:software-only ",
"--ping",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
},
{
"Fn::Join": [
" ",
[
"NAME_SERVER=`/config/cloud/aws/getNameServer.sh eth1`;",
"nohup /config/waitThenRun.sh",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/onboard.js",
"--install-ilx-package file:///config/cloud/f5-appsvcs-3.5.1-5.noarch.rpm",
"--wait-for NETWORK_CONFIG_DONE",
"--signal ONBOARD_DONE",
"-o /var/log/cloud/aws/onboard.log",
"--log-level silly",
"--no-reboot",
"--host localhost",
"--user admin",
"--password-url file:///config/cloud/aws/.adminPassword",
"--password-encrypted",
"--hostname `curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/hostname`",
"--ntp ",
{
"Ref": "ntpServer"
},
"--tz ",
{
"Ref": "timezone"
},
"--dns ${NAME_SERVER}",
"--modules ",
{
"Ref": "bigIpModules"
},
"--license ",
{
"Ref": "licenseKey1"
},
"-d tm.tcpudptxchecksum:software-only ",
"--ping",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
]
}
},
"060-custom-config": {
"command": {
"Fn::Join": [
" ",
[
"nohup /config/waitThenRun.sh",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/runScript.js",
"--file /config/cloud/aws/custom-config.sh",
"--cwd /config/cloud/aws",
"-o /var/log/cloud/aws/custom-config.log",
"--log-level silly",
"--wait-for ONBOARD_DONE",
"--signal CUSTOM_CONFIG_DONE",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
},
"065-cluster": {
"command": {
"Fn::Join": [
" ",
[]
]
}
},
"070-rm-password": {
"command": {
"Fn::Join": [
" ",
[
"nohup /config/waitThenRun.sh",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/runScript.js",
"--file /config/cloud/aws/rm-password.sh",
"-o /var/log/cloud/aws/rm-password.log",
"--log-level silly",
"--wait-for CUSTOM_CONFIG_DONE",
"--signal PASSWORD_REMOVED",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
}
},
"files": {
"/config/cloud/aws/custom-config.sh": {
"content": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"PROGNAME=$(basename $0)\n",
"function error_exit {\n",
"echo \"${PROGNAME}: ${1:-\\\"Unknown Error\\\"}\" 1>&2\n",
"exit 1\n",
"}\n",
"declare -a tmsh=()\n",
"echo 'starting custom-config.sh'\n",
"tmsh+=(\n",
"\"tmsh load sys application template /config/cloud/aws/f5.service_discovery.tmpl\"\n",
"\"tmsh load sys application template /config/cloud/aws/f5.cloud_logger.v1.0.0.tmpl\"\n",
"\"tmsh save /sys config\")\n",
"for CMD in \"${tmsh[@]}\"\n",
"do\n",
" \"/config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/waitForMcp.sh\"\n",
" if $CMD;then\n",
" echo \"command $CMD successfully executed.\"\n",
" else\n",
" error_exit \"$LINENO: An error has occurred while executing $CMD. Aborting!\"\n",
" fi\n",
"done\n",
"date\n",
"### START CUSTOM CONFIGURATION\n",
"source /config/cloud/aws/onboard_config_vars\n",
"deployed=\"no\"\n",
"url_regex=\"(http:\\/\\/|https:\\/\\/)?[a-z0-9]+([\\-\\.]{1}[a-z0-9]+)*\\.[a-z]{2,5}(:[0-9]{1,5})?(\\/.*)?$\"\n",
"file_loc=\"/config/cloud/custom_config\"\n",
"if [[ $declarationUrl =~ $url_regex ]]; then\n",
" response_code=$(/usr/bin/curl -sk -w \"%{http_code}\" $declarationUrl -o $file_loc)\n",
" if [[ $response_code == 200 ]]; then\n",
" echo \"Custom config download complete; checking for valid JSON.\"\n",
" cat $file_loc | jq .class\n",
" if [[ $? == 0 ]]; then\n",
" response_code=$(/usr/bin/curl -skvvu ${adminUsername}:$passwd -w \"%{http_code}\" -X POST -H \"Content-Type: application/json\" https://localhost:${managementGuiPort}/mgmt/shared/appsvcs/declare -d @$file_loc -o /dev/null)\n",
" if [[ $response_code == 200 || $response_code == 502 ]]; then\n",
" echo \"Deployment of custom application succeeded.\"\n",
" deployed=\"yes\"\n",
" else\n",
" echo \"Failed to deploy custom application; continuing...\"\n",
" fi\n",
" else\n",
" echo \"Custom config was not valid JSON, continuing...\"\n",
" fi\n",
" else\n",
" echo \"Failed to download custom config; continuing...\"\n",
" fi\n",
"else\n",
" echo \"Custom config was not a URL, continuing...\"\n",
"fi\n",
"### ADD WHATEVER SUCCESS CRITERIA DESIRED ##### \n",
"## if [[ success_condition == XXXXX ]]; then \n",
"/opt/aws/bin/cfn-signal -e 0 ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource Bigip1Instance ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
"## fi \n",
"### END CUSTOM CONFIGURATION"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/cloud/aws/f5.cloud_logger.v1.0.0.tmpl": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "http://cdn.f5.com/product/cloudsolutions/iapps/common/f5-cloud-logger/v1.0.0/f5.cloud_logger.v1.0.0.tmpl"
},
"/config/cloud/aws/f5.service_discovery.tmpl": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "http://cdn.f5.com/product/cloudsolutions/iapps/common/f5-service-discovery/v2.3.2/f5.service_discovery.tmpl"
},
"/config/cloud/aws/getNameServer.sh": {
"content": {
"Fn::Join": [
"\n",
[
"INTERFACE=$1",
"INTERFACE_MAC=`ifconfig ${INTERFACE} | egrep ether | awk '{print tolower($2)}'`",
"VPC_CIDR_BLOCK=`curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/network/interfaces/macs/${INTERFACE_MAC}/vpc-ipv4-cidr-block`",
"VPC_NET=${VPC_CIDR_BLOCK%/*}",
"NAME_SERVER=`echo ${VPC_NET} | awk -F. '{ printf \"%d.%d.%d.%d\", $1, $2, $3, $4+2 }'`",
"echo $NAME_SERVER"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/cloud/aws/onboard_config_vars": {
"content": {
"Fn::Join": [
"",
[
"",
"#!/bin/bash\n",
"# Generated from 5.4.0\n",
"hostname=`curl http://169.254.169.254/latest/meta-data/hostname`\n",
"region='",
{
"Ref": "AWS::Region"
},
"'\n",
"adminUsername='admin'\n",
"timezone='",
{
"Ref": "timezone"
},
"'\n",
"ntpServer='",
{
"Ref": "ntpServer"
},
"'\n",
"declarationUrl='",
{
"Ref": "declarationUrl"
},
"'\n",
"passwd=$(f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/decryptDataFromFile.js --data-file /config/cloud/aws/.adminPassword)\n",
"managementGuiPort='443'\n"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/cloud/aws/rm-password.sh": {
"content": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"PROGNAME=$(basename $0)\n",
"function error_exit {\n",
"echo \"${PROGNAME}: ${1:-\"Unknown Error\"}\" 1>&2\n",
"exit 1\n",
"}\n",
"date\n",
"echo 'starting rm-password.sh'\n",
"declare -a tmsh=()\n",
"tmsh+=(\"rm /config/cloud/aws/.adminPassword\")\n",
"for CMD in \"${tmsh[@]}\"\n",
"do\n",
" if $CMD;then\n",
" echo \"command $CMD successfully executed.\"\n",
" else\n",
" error_exit \"$LINENO: An error has occurred while executing $CMD. Aborting!\"\n",
" fi\n",
"done\n",
"date\n"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/cloud/f5-appsvcs-3.5.1-5.noarch.rpm": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "http://cdn.f5.com/product/cloudsolutions/f5-appsvcs-extension/v3.6.0/dist/lts/f5-appsvcs-3.5.1-5.noarch.rpm"
},
"/config/cloud/f5-cloud-libs-aws.tar.gz": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "http://cdn.f5.com/product/cloudsolutions/f5-cloud-libs-aws/v2.6.0/f5-cloud-libs-aws.tar.gz"
},
"/config/cloud/f5-cloud-libs.tar.gz": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "http://cdn.f5.com/product/cloudsolutions/f5-cloud-libs/v4.16.0/f5-cloud-libs.tar.gz"
},
"/config/installCloudLibs.sh": {
"content": {
"Fn::Join": [
"\n",
[
"#!/bin/bash",
"echo about to execute",
"checks=0",
"while [ $checks -lt 120 ]; do echo checking mcpd",
" tmsh -a show sys mcp-state field-fmt | grep -q running",
" if [ $? == 0 ]; then",
" echo mcpd ready",
" break",
" fi",
" echo mcpd not ready yet",
" let checks=checks+1",
" sleep 10",
"done",
"echo loading verifyHash script",
"if ! tmsh load sys config merge file /config/verifyHash; then",
" echo cannot validate signature of /config/verifyHash",
" exit",
"fi",
"echo loaded verifyHash",
"declare -a filesToVerify=(\"/config/cloud/f5-cloud-libs.tar.gz\" \"/config/cloud/f5-cloud-libs-aws.tar.gz\" \"/config/cloud/f5-appsvcs-3.5.1-5.noarch.rpm\" \"/config/cloud/aws/f5.service_discovery.tmpl\" \"/config/cloud/aws/f5.cloud_logger.v1.0.0.tmpl\")",
"for fileToVerify in \"${filesToVerify[@]}\"",
"do",
" echo verifying \"$fileToVerify\"",
" if ! tmsh run cli script verifyHash \"$fileToVerify\"; then",
" echo \"$fileToVerify\" is not valid",
" exit 1",
" fi",
" echo verified \"$fileToVerify\"",
"done",
"mkdir -p /config/cloud/aws/node_modules/@f5devcentral",
"echo expanding f5-cloud-libs.tar.gz",
"tar xvfz /config/cloud/f5-cloud-libs.tar.gz -C /config/cloud/aws/node_modules/@f5devcentral",
"echo installing dependencies",
"tar xvfz /config/cloud/f5-cloud-libs-aws.tar.gz -C /config/cloud/aws/node_modules/@f5devcentral",
"echo cloud libs install complete",
"touch /config/cloud/cloudLibsReady"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/verifyHash": {
"content": "cli script /Common/verifyHash {\nproc script::run {} {\n if {[catch {\n set hashes(f5-cloud-libs.tar.gz) fcc095984fcd3ab1f3bde79408224086ec34981dada9cc24107c2e539e2297856df987dfc4c4795c171c5eec8f121d14429b3e4b72c5ad32fde94e2c6bfda0db\n set hashes(f5-cloud-libs-aws.tar.gz) 2ff4e6269ce74850fc3794045d0a394ecd0b472ba9efa16b34786b38d07088b3a49339b41708973c4bffe55a539471c2f9ec60a009ddd087912c1fca722b48ef\n set hashes(f5-cloud-libs-azure.tar.gz) 6db2878a2c10d98550eded6b66f0474516c1952d3605217164e3b5261c771419201d94c7cdb07744c9d5db894334f93380963217b670d87d3151bfcdb301c295\n set hashes(f5-cloud-libs-gce.tar.gz) a5cfaed1fe33da677b3f10dc1a7ca82f5739ff24e45e91b3a8f7b06d6b2e280e5f1eaf5fe2d33009b2cc67c10f2d906aab26f942d591b68fa8a7fddfd54a0efe\n set hashes(f5-cloud-libs-openstack.tar.gz) 5c83fe6a93a6fceb5a2e8437b5ed8cc9faf4c1621bfc9e6a0779f6c2137b45eab8ae0e7ed745c8cf821b9371245ca29749ca0b7e5663949d77496b8728f4b0f9\n set hashes(f5-cloud-libs-consul.tar.gz) a32aab397073df92cbbba5067e5823e9b5fafca862a258b60b6b40aa0975c3989d1e110f706177b2ffbe4dde65305a260a5856594ce7ad4ef0c47b694ae4a513\n set hashes(asm-policy-linux.tar.gz) 63b5c2a51ca09c43bd89af3773bbab87c71a6e7f6ad9410b229b4e0a1c483d46f1a9fff39d9944041b02ee9260724027414de592e99f4c2475415323e18a72e0\n set hashes(f5.http.v1.2.0rc4.tmpl) 47c19a83ebfc7bd1e9e9c35f3424945ef8694aa437eedd17b6a387788d4db1396fefe445199b497064d76967b0d50238154190ca0bd73941298fc257df4dc034\n set hashes(f5.http.v1.2.0rc6.tmpl) 811b14bffaab5ed0365f0106bb5ce5e4ec22385655ea3ac04de2a39bd9944f51e3714619dae7ca43662c956b5212228858f0592672a2579d4a87769186e2cbfe\n set hashes(f5.http.v1.2.0rc7.tmpl) 21f413342e9a7a281a0f0e1301e745aa86af21a697d2e6fdc21dd279734936631e92f34bf1c2d2504c201f56ccd75c5c13baa2fe7653213689ec3c9e27dff77d\n set hashes(f5.aws_advanced_ha.v1.3.0rc1.tmpl) 9e55149c010c1d395abdae3c3d2cb83ec13d31ed39424695e88680cf3ed5a013d626b326711d3d40ef2df46b72d414b4cb8e4f445ea0738dcbd25c4c843ac39d\n set hashes(f5.aws_advanced_ha.v1.4.0rc1.tmpl) de068455257412a949f1eadccaee8506347e04fd69bfb645001b76f200127668e4a06be2bbb94e10fefc215cfc3665b07945e6d733cbe1a4fa1b88e881590396\n set hashes(f5.aws_advanced_ha.v1.4.0rc2.tmpl) 6ab0bffc426df7d31913f9a474b1a07860435e366b07d77b32064acfb2952c1f207beaed77013a15e44d80d74f3253e7cf9fbbe12a90ec7128de6facd097d68f\n set hashes(f5.aws_advanced_ha.v1.4.0rc3.tmpl) 2f2339b4bc3a23c9cfd42aae2a6de39ba0658366f25985de2ea53410a745f0f18eedc491b20f4a8dba8db48970096e2efdca7b8efffa1a83a78e5aadf218b134\n set hashes(f5.aws_advanced_ha.v1.4.0rc4.tmpl) 2418ac8b1f1884c5c096cbac6a94d4059aaaf05927a6a4508fd1f25b8cc6077498839fbdda8176d2cf2d274a27e6a1dae2a1e3a0a9991bc65fc74fc0d02ce963\n set hashes(f5.aws_advanced_ha.v1.4.0rc5.tmpl) 5e582187ae1a6323e095d41eddd41151d6bd38eb83c634410d4527a3d0e246a8fc62685ab0849de2ade62b0275f51264d2deaccbc16b773417f847a4a1ea9bc4\n set hashes(asm-policy.tar.gz) 2d39ec60d006d05d8a1567a1d8aae722419e8b062ad77d6d9a31652971e5e67bc4043d81671ba2a8b12dd229ea46d205144f75374ed4cae58cefa8f9ab6533e6\n set hashes(deploy_waf.sh) 1a3a3c6274ab08a7dc2cb73aedc8d2b2a23cd9e0eb06a2e1534b3632f250f1d897056f219d5b35d3eed1207026e89989f754840fd92969c515ae4d829214fb74\n set hashes(f5.policy_creator.tmpl) 06539e08d115efafe55aa507ecb4e443e83bdb1f5825a9514954ef6ca56d240ed00c7b5d67bd8f67b815ee9dd46451984701d058c89dae2434c89715d375a620\n set hashes(f5.service_discovery.tmpl) 4811a95372d1dbdbb4f62f8bcc48d4bc919fa492cda012c81e3a2fe63d7966cc36ba8677ed049a814a930473234f300d3f8bced2b0db63176d52ac99640ce81b\n set hashes(f5.cloud_logger.v1.0.0.tmpl) 64a0ed3b5e32a037ba4e71d460385fe8b5e1aecc27dc0e8514b511863952e419a89f4a2a43326abb543bba9bc34376afa114ceda950d2c3bd08dab735ff5ad20\n set hashes(f5-appsvcs-3.5.1-5.noarch.rpm) ba71c6e1c52d0c7077cdb25a58709b8fb7c37b34418a8338bbf67668339676d208c1a4fef4e5470c152aac84020b4ccb8074ce387de24be339711256c0fa78c8\n set hashes(f5-cloud-failover-1.1.0-0.noarch.rpm) 15a440c299f9e4af86a3d0f5b0d75b0054385b95e47c3ef116d2e0bfb0041a26dcbf549028e2a26d2c718ec61446bd657be38fbbcd9db781efe5414c174ac68c\n\n set file_path [lindex $tmsh::argv 1]\n set file_name [file tail $file_path]\n\n if {![info exists hashes($file_name)]} {\n tmsh::log err \"No hash found for $file_name\"\n exit 1\n }\n\n set expected_hash $hashes($file_name)\n set computed_hash [lindex [exec /usr/bin/openssl dgst -r -sha512 $file_path] 0]\n if { $expected_hash eq $computed_hash } {\n exit 0\n }\n tmsh::log err \"Hash does not match for $file_path\"\n exit 1\n }]} {\n tmsh::log err {Unexpected error in verifyHash}\n exit 1\n }\n }\n script-signature fO1/fdESmfsqMTz8tALRLkkYq3t7sd5iJL7/lEWVtsI0BwVRoU+oLZpGds4cYnssVj3b5hphpZJPaYPDZaIHX6eyDE//GKajfEctLRd5qH4XQDgwDf2+jgTDn3y00RFMYv0yMojypkLxJOpYDnaUFjMhU5cxkzJy+jrK0BzVWgDZO7MF0NoV/O74D+jm5NiI6aB9+GgEmzbzWy6xx30QzgMnQnj/8cFSJ7CZsfFg4ld/fAq7kj2noj+R73ZTwSaYtIDvr3nxwr3OrukmF6ZmDQ/zLDoO8m8+ypxjASYSE60Qn/fSblCVghNHuFmZeF9raZt/glL7rMQIyNlGsPAaBQ==\n signing-key /Common/f5-irule\n}",
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/waitThenRun.sh": {
"content": {
"Fn::Join": [
"\n",
[
"#!/bin/bash",
"while true; do echo \"waiting for cloud libs install to complete\"",
" if [ -f /config/cloud/cloudLibsReady ]; then",
" break",
" else",
" sleep 10",
" fi",
"done",
"\"$@\""
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
}
}
}
}
},
"Properties": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteOnTermination": "true",
"VolumeSize": "100",
"VolumeType": "gp2"
}
},
{
"DeviceName": "/dev/xvdb",
"NoDevice": {}
}
],
"IamInstanceProfile": {
"Ref": "bigipServiceDiscoveryProfile"
},
"ImageId": {
"Fn::If": [
"noCustomImageId",
{
"Fn::FindInMap": [
"BigipRegionMap",
{
"Ref": "AWS::Region"
},
{
"Ref": "imageName"
}
]
},
{
"Ref": "customImageId"
}
]
},
"InstanceType": {
"Ref": "instanceType"
},
"KeyName": {
"Ref": "sshKey"
},
"NetworkInterfaces": [
{
"Description": "Management Interface",
"DeviceIndex": "0",
"NetworkInterfaceId": {
"Fn::If": [
"useDynamicManagementIpAddr",
{
"Ref": "Bigip1ManagementInterface"
},
{
"Ref": "Bigip1StaticManagementInterface"
}
]
}
},
{
"Description": "Public or External Interface",
"DeviceIndex": "1",
"NetworkInterfaceId": {
"Fn::If": [
"useDynamicExternalIpAddr",
{
"Ref": "Bigip1subnet1Az1Interface"
},
{
"Ref": "Bigip1Staticsubnet1Az1Interface"
}
]
}
}
],
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "application"
}
},
{
"Key": "Costcenter",
"Value": {
"Ref": "costcenter"
}
},
{
"Key": "Environment",
"Value": {
"Ref": "environment"
}
},
{
"Key": "Group",
"Value": {
"Ref": "group"
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
[
"Big-IP: ",
{
"Ref": "AWS::StackName"
}
]
]
}
},
{
"Key": "Owner",
"Value": {
"Ref": "owner"
}
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"/opt/aws/apitools/cfn-init/bin/cfn-init -v -s ",
{
"Ref": "AWS::StackId"
},
" -r ",
"Bigip1Instance",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
}
},
"Type": "AWS::EC2::Instance"
},
"Bigip1ManagementEipAddress": {
"Condition": "usePublicIP",
"Properties": {
"Domain": "vpc"
},
"Type": "AWS::EC2::EIP"
},
"Bigip1ManagementEipAssociation": {
"Condition": "usePublicIP",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"Bigip1ManagementEipAddress",
"AllocationId"
]
},
"NetworkInterfaceId": {
"Fn::If": [
"useDynamicManagementIpAddr",
{
"Ref": "Bigip1ManagementInterface"
},
{
"Ref": "Bigip1StaticManagementInterface"
}
]
}
},
"Type": "AWS::EC2::EIPAssociation"
},
"Bigip1ManagementInterface": {
"Condition": "useDynamicManagementIpAddr",
"Properties": {
"Description": "Management Interface for the BIG-IP",
"GroupSet": [
{
"Ref": "bigipManagementSecurityGroup"
}
],
"SubnetId": {
"Ref": "managementSubnetAz1"
}
},
"Type": "AWS::EC2::NetworkInterface"
},
"Bigip1StaticManagementInterface": {
"Condition": "useStaticManagementIpAddr",
"Properties": {
"Description": "Management Interface for the BIG-IP",
"GroupSet": [
{
"Ref": "bigipManagementSecurityGroup"
}
],
"PrivateIpAddress": {
"Ref": "managementSubnetAz1Address"
},
"SubnetId": {
"Ref": "managementSubnetAz1"
}
},
"Type": "AWS::EC2::NetworkInterface"
},
"Bigip1Staticsubnet1Az1Interface": {
"Condition": "useStaticExternalIpAddr",
"Properties": {
"Description": "Public External Interface for the BIG-IP",
"GroupSet": [
{
"Ref": "bigipExternalSecurityGroup"
}
],
"PrivateIpAddresses": [
{
"Primary": "true",
"PrivateIpAddress": {
"Fn::Select": [
"0",
{
"Fn::Split": [
",",
{
"Ref": "subnet1Az1Address"
}
]
}
]
}
},
{
"Primary": "false",
"PrivateIpAddress": {
"Fn::Select": [
"1",
{
"Fn::Split": [
",",
{
"Ref": "subnet1Az1Address"
}
]
}
]
}
}
],
"SubnetId": {
"Ref": "subnet1Az1"
}
},
"Type": "AWS::EC2::NetworkInterface"
},
"Bigip1VipEipAddress": {
"Condition": "usePublicIP",
"Properties": {
"Domain": "vpc"
},
"Type": "AWS::EC2::EIP"
},
"Bigip1VipEipAssociation": {
"Condition": "usePublicIP",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"Bigip1VipEipAddress",
"AllocationId"
]
},
"NetworkInterfaceId": {
"Fn::If": [
"useDynamicExternalIpAddr",
{
"Ref": "Bigip1subnet1Az1Interface"
},
{
"Ref": "Bigip1Staticsubnet1Az1Interface"
}
]
},
"PrivateIpAddress": {
"Fn::If": [
"useDynamicExternalIpAddr",
{
"Fn::Select": [
"0",
{
"Fn::GetAtt": [
"Bigip1subnet1Az1Interface",
"SecondaryPrivateIpAddresses"
]
}
]
},
{
"Fn::Select": [
"0",
{
"Fn::GetAtt": [
"Bigip1Staticsubnet1Az1Interface",
"SecondaryPrivateIpAddresses"
]
}
]
}
]
}
},
"Type": "AWS::EC2::EIPAssociation"
},
"Bigip1subnet1Az1Interface": {
"Condition": "useDynamicExternalIpAddr",
"Properties": {
"Description": "Public External Interface for the BIG-IP",
"GroupSet": [
{
"Ref": "bigipExternalSecurityGroup"
}
],
"SecondaryPrivateIpAddressCount": "1",
"SubnetId": {
"Ref": "subnet1Az1"
}
},
"Type": "AWS::EC2::NetworkInterface"
},
"Bigip1subnet1Az1SelfEipAddress": {
"Condition": "usePublicIP",
"Properties": {
"Domain": "vpc"
},
"Type": "AWS::EC2::EIP"
},
"Bigip1subnet1Az1SelfEipAssociation": {
"Condition": "usePublicIP",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"Bigip1subnet1Az1SelfEipAddress",
"AllocationId"
]
},
"NetworkInterfaceId": {
"Fn::If": [
"useDynamicExternalIpAddr",
{
"Ref": "Bigip1subnet1Az1Interface"
},
{
"Ref": "Bigip1Staticsubnet1Az1Interface"
}
]
},
"PrivateIpAddress": {
"Fn::If": [
"useDynamicExternalIpAddr",
{
"Fn::GetAtt": [
"Bigip1subnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
},
{
"Fn::GetAtt": [
"Bigip1Staticsubnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
}
]
}
},
"Type": "AWS::EC2::EIPAssociation"
},
"bigipExternalSecurityGroup": {
"Properties": {
"GroupDescription": "Public or external interface rules",
"SecurityGroupIngress": [
{
"CidrIp": {
"Ref": "restrictedSrcAddressApp"
},
"FromPort": "80",
"IpProtocol": "tcp",
"ToPort": "80"
},
{
"CidrIp": {
"Ref": "restrictedSrcAddressApp"
},
"FromPort": "443",
"IpProtocol": "tcp",
"ToPort": "443"
}
],
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "application"
}
},
{
"Key": "Costcenter",
"Value": {
"Ref": "costcenter"
}
},
{
"Key": "Environment",
"Value": {
"Ref": "environment"
}
},
{
"Key": "Group",
"Value": {
"Ref": "group"
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
[
"Bigip External Security Group:",
{
"Ref": "AWS::StackName"
}
]
]
}
},
{
"Key": "Owner",
"Value": {
"Ref": "owner"
}
}
],
"VpcId": {
"Ref": "Vpc"
}
},
"Type": "AWS::EC2::SecurityGroup"
},
"bigipManagementSecurityGroup": {
"Properties": {
"GroupDescription": "BIG-IP management interface policy",
"SecurityGroupIngress": [
{
"CidrIp": {
"Ref": "restrictedSrcAddress"
},
"FromPort": "22",
"IpProtocol": "tcp",
"ToPort": "22"
},
{
"CidrIp": {
"Ref": "restrictedSrcAddress"
},
"FromPort": "443",
"IpProtocol": "tcp",
"ToPort": "443"
}
],
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "application"
}
},
{
"Key": "Costcenter",
"Value": {
"Ref": "costcenter"
}
},
{
"Key": "Environment",
"Value": {
"Ref": "environment"
}
},
{
"Key": "Group",
"Value": {
"Ref": "group"
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
[
"Bigip Management Security Group:",
{
"Ref": "AWS::StackName"
}
]
]
}
},
{
"Key": "Owner",
"Value": {
"Ref": "owner"
}
}
],
"VpcId": {
"Ref": "Vpc"
}
},
"Type": "AWS::EC2::SecurityGroup"
},
"bigipServiceDiscoveryAccessRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Principal": {
"Service": [
{
"Fn::If": [
"useChinaRegion",
"ec2.amazonaws.com.cn",
"ec2.amazonaws.com"
]
}
]
}
}
],
"Version": "2012-10-17"
},
"Path": "/",
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeAddresses",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeRouteTables",
"ec2:ReplaceRoute",
"ec2:assignprivateipaddresses",
"sts:AssumeRole"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyName": "BigipServiceDiscoveryPolicy"
}
]
},
"Type": "AWS::IAM::Role"
},
"bigipServiceDiscoveryProfile": {
"Properties": {
"Path": "/",
"Roles": [
{
"Ref": "bigipServiceDiscoveryAccessRole"
}
]
},
"Type": "AWS::IAM::InstanceProfile"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment