Version notice:
Access-Related declarations¶
This section contains access-related declarations, typically involving BIG-IP Access Policy Manager. You must have BIG-IP APM licensed and provisioned to use these profiles.
Use the index on the right to locate specific examples.
1: Referencing existing Access and Connectivity profiles¶
Version Notice:
Support for referencing existing Access and Connectivity profiles is available in AS3 3.14.0 and later.
This simple example shows how you reference existing Access and Connectivity profiles in AS3 version 3.14.0 and later. These profiles must already exist on the BIG-IP system; AS3 does not create these objects.
For detailed information on these profiles, see Connectivity profile documentation and the appropriate APM documentation for Access profile information. You can also see Pointer_Connectivity and Pointer_Access in the Schema Reference for usage options.
This declaration creates the following objects on the BIG-IP:
- A partition (tenant) named Example_APM_profiles.
- A virtual service named APMprofile_vs, which references Connectivity and Access profiles on the BIG-IP.
{
"class": "ADC",
"schemaVersion": "3.14.0",
"id": "APM profiles",
"Example_APM_profiles": {
"class": "Tenant",
"Application": {
"class": "Application",
"template": "generic",
"APMprofile_vs": {
"class": "Service_HTTP",
"virtualPort": 8080,
"virtualAddresses": [
"1.1.1.10"
],
"profileAccess": {
"bigip": "/Common/accessProfile"
},
"profileConnectivity": {
"bigip": "/Common/connectivityProfile"
}
}
}
}
}
2: Referencing an external IAM policy using a URL¶
Version Notice:
Support for referencing external IAM (Access profile) policies via URL is available in AS3 3.16.0 and later.
This example shows how you can reference an external IAM policy (also called an Access Profile) using a URL (see I cannot tell the difference between policyIAM and profileAccess objects in AS3 for details on these names).
Note
Currently only URLs referencing a .tar file are supported.
The properties policyIAM and profileAccess in the Service_HTTP and Service_HTTPS classes are references to the same object; use only one in a declaration.
For detailed information on Access Profiles, see the BIG-IP APM documentation for your version of APM. You can also see Service_HTTP and Service_HTTPS in the Schema Reference for usage options.
This declaration creates the following objects on the BIG-IP:
- A partition (tenant) named Sample_Access_profile.
- A virtual service named APMservice, which references an Access Profile .tar file via URL.
{
"class": "ADC",
"schemaVersion": "3.15.0",
"id": "123456",
"Sample_Access_profile": {
"class": "Tenant",
"app": {
"class": "Application",
"template": "generic",
"APMservice": {
"class": "Service_HTTP",
"virtualPort": 80,
"virtualAddresses": ["1.2.3.4"],
"profileAccess": {
"use": "accessProfile"
}
},
"accessProfile": {
"class": "Access_Profile",
"url": "https://example.tar",
"ignoreChanges": true
}
}
}
}