F5 BIG-IQ Centralized Management Lab > BIG-IQ All Labs > Class 2: BIG-IQ Deployment with auto-scale on AWS, Azure & VMware > Module 4: Setup a Service scaling group (SSG) in AWS Source | Edit on
Lab 4.1: Prepare your AWS
deployment¶
Warning
Skip lab 1 and go directly to lab 2 if you are using the UDF Cloud Account.
In module1/Lab 1.1, we saw the different components to setup a SSG:
License Pool
IP Pools
Device Template
Cloud Provider
Cloud Environment
When you want to deploy a SSG
in AWS
, you don’t need to provide the same amount of information:
- A
License Pool
is not mandatory. We are free to useUtility Billing
(pay-per-use) inAWS
IP Pools
are not needed. When we deploy aSSG
inAWS
, the deployedVirtual Edition(s)
will be using our single NIC deployment. It means that we use one interface for management and traffic processing. In this case, the IP Address assigned to the device will be picked automatically byAWS
To deploy our SSG
in AWS
, we will need to do a few things:
- Pick an
AWS Region
- Setup an
IAM
resource (Identity and Access Management) that will allow us to setup ourSSG
via theAWS
API - Setup a
Key Pair
in the selectedAWS Region
Once this is done, we will be able to deploy our SSG
. We will rely on some ansible scripts to:
- Create a VPC, subnets, security groups, …
- Deploy an APP in
AWS
- Setup an
AWS VPN
connection between our lab environment and this newly deployedAWS VPC
Note
in this lab, we consider that you have access to AWS
. We won’t cover this topic.
Create a new IAM
Resource¶
To create a new IAM
in AWS
, go to your AWS Console
and go to Services > IAM

Click on Users > Add user

Set the following information:
- User Name: CE-Lab-IAM-<YOUR NAME>. For example: CE-Lab-IAM-MENANT
- Access type: Check Programmatic access
Warning
we need something unique for the User name since other student will do the lab and you may use same AWS corporate account.

Click on the button Next: Permissions
On the Permissions page, click on the button Create group

- Group name: CE-Lab-MENANT-Admin-GRP
- Policy : Check the box for Administrator Access

Click on Create group. You will be back on the Add user page.
Note
this is not the best suited group for BIG-IQ access but this lab is not about covering IAM
setup. We could just create a policy that allows us to run CFT, Setup VPC/VPN and launch EC2 instances

Make sure your new group BIG-IQ-LAB-Admin-GRP is selected, SCROLL DOWN and click on the button Next: Review. You should see a page like this:

Click on the button Create user.
Warning
DON’T leave this summary page until you’ve taken note of your credentials ! You can’t get those back once you’ll leave this page

You need to store your Access key ID
and your Secret Access key
. 2 methods:
- You click on the button Download .csv
- You click on Show in the
Secret Access key
column and then you store yourself somewhere yourAccess key ID
and yourSecret Access key
Click on the Close button once you’ve saved your credentials.

Now that our IAM
resource is created, we can create our AWS key pair
.
Create a new AWS key pair
¶
Before creating our key pair
, we need to select a region where we will deploy our SSG
.
For this lab, we will use the region US-East
.
In the AWS UI
, click on Services > EC2

Select your region: on the top right , click on the selected AWS Region
and select US East (N. Virginia)

Now that we picked the AWS Region
where we will deploy our SSG
, we can create our Key Pair
(it is only valid for a region)
Go to Network & Security , Key Pairs.

Click on Create Key Pair. The Key Pair has to be unique for this lab so use CE-Lab-<YOURNAME>
For example: CE-Lab-MENANT
Warning
whatever you pick for the key pair name, make sure it will be fairly unique so that it doesn’t overlap with another student’s lab.

We have now setup everything our IAM
resource and our Key Pair
. We can work on deploying our
SSG
.
Subscribe to the BIG-IP instance in the AWS MArketplace
¶
Before being able to deploy an instance in AWS
, you’ll have to subscribe to this license agreement
Go here to subscribe to the right F5 instance we will use in this lab:
F5 BIG-IP VE - ALL (BYOL, 1 Boot Location)
F5 BIG-IQ Virtual Edition - (BYOL)
Once you’ve subscribed, you should see something like this:
