Applies To:

Show Versions Show Versions

Manual Chapter: BIG-IP VE and AWS Auto Scaling
Manual Chapter
Table of Contents   |   Next Chapter >>

About BIG-IP VE and AWS Auto Scaling

You can use the AWS Auto Scaling service to automatically create or delete either:
  • Application servers (pool members used by BIG-IP® VE), or
  • Instances running BIG-IP VE, as well as the related application servers (pool members).

New instances are in a logical grouping called an Amazon Auto Scaling group. Instances are added and removed from the group when an AWS CloudWatch alarm indicates that some threshold (for example, CPU utilization or disk storage) has been reached. For pool member scaling, this threshold is based on EC2 metrics tracked by AWS. For BIG-IP VE scaling, the threshold can be based on custom metrics sent from BIG-IP VE to AWS, or the threshold can be based on EC2 metrics tracked by AWS.

When new BIG-IP VE instances are created in an Auto Scaling group, the AWS Elastic Load Balancing (ELB) load balancer discovers them. When application servers are created in an Auto Scaling group, BIG-IP VE discovers them and adds them to the pool.

A few things to note about Auto Scaling BIG-IP VE instances:
  • You must use an hourly license for BIG-IP VE. Otherwise, you will have to enter licensing information each time a new instance is created.
  • You must use a single NIC setup, which means using a VPC with only one subnet. This is required, because the Amazon Elastic Load Balancer (ELB) will forward traffic only to the first interface on an EC2 instance (in this case, the BIG-IP VE instance). In a multi-NIC configuration, the first interface (eth0) on BIG-IP VE is used for management traffic.
  • The BIG-IP VEs do not communicate with each other. If one instance goes offline, the AWS ELB load balancer continues sending traffic to any other available BIG-IP VE instances.

This guide explains how to create a fairly static configuration of BIG-IP VE and application servers for Auto Scaling. After new BIG-IP VE instances are launched, if you want to change the BIG-IP configuration (for example, to add more virtual servers or pools), you must stop the running instances, effectively stopping traffic to your applications. If you don't stop the running instances, you could have active instances running different configurations of BIG-IP.

Other Auto Scaling configurations are available by using CloudFormation templates (CFTs). CFTs are more flexible and allow for more granular customization of your environment. For more information about CFTs provided by F5®, go to https://github.com/F5Networks.

Watch an overview of Auto Scaling BIG-IP VE and application server instances in AWS

Checklist: Prepare for Auto Scaling

Before you can configure Auto Scaling, you should have:
  • An AWS IAM user and the user's keys.
  • An AWS VPC with a single subnet.
  • An application server within the AWS VPC.
  • An instance of BIG-IP VE, also in the AWS VPC; this instance must be hourly if you're going to scale BIG-IP VEs, and can be hourly or BYOL if you're going to scale pool members only.
    • For pool member scaling, the BIG-IP must have a pool with no members. As new application server instances are created, they will be added automatically to the pool.
    • For pool member scaling, a BIG-IP virtual server.
    • For BIG-IP VE scaling, a BIG-IP wildcard virtual server where the Destination Address/Mask is set to 0.0.0.0/0 or to the subnet, for example 10.0.0.0/24. This allows the AWS ELB to send traffic to any active BIG-IP VE instance.
  • For BIG-IP VE scaling, an AWS Elastic Load Balancer (ELB) that serves traffic to the BIG-IP instance; the ELB is also in the AWS VPC.

You should also complete the following tasks, which are detailed in this guide.

Create AWS policies and attach them to the IAM user
An AWS IAM user must have permission to exchange information between AWS and BIG-IP.
Enter IAM user keys in BIG-IP
For AWS and BIG-IP to communicate, you must enter the keys for the IAM user in the BIG-IP Configuration utility.

Watch how to create the IAM policies and add credentials into BIG-IP VE

Create AWS policies and attach to IAM user

For the AWS IAM user to communicate with BIG-IP VE, the IAM user needs custom policies that provide permission. You must create these policies and attach them to the IAM user.
  1. In the AWS Management Console, from the Services menu at the top of the screen, select IAM.
  2. In the Navigation pane, under Details, select Policies.
  3. Click Create Policy.
  4. By Create Your Own Policy, click Select.
  5. For pool member Auto Scaling, enter this text in the Policy Document field.
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "autoscaling:DescribeAutoScalingGroups",
                    "ec2:describeinstances"
                ],
                "Resource": "*"
            }
        ]
    }
  6. Enter a name for the policy and click Create Policy.
  7. If you are going to use Auto Scaling with BIG-IP VE instances, and you want BIG-IP VE to send metrics to AWS, create another policy, using this text.
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "cloudwatch:PutMetricData"
                ],
                "Resource": "*"
            }
        ]
    }
    
  8. Now assign the policies to your IAM user.
    1. In the Navigation pane, under Details, select Users.
    2. Click the user you want to assign the policy to.
    3. Click the user you want to assign the policy to.
    4. Click Attach Policy.
    5. Filter to find the policies you created, click the policy and click Attach Policy.
The IAM user now has the policies needed to interact with BIG-IP VE.
Next you will enter this user's credentials in the BIG-IP Configuration utility.

Enter IAM user keys in BIG-IP

For BIG-IP VE and AWS to communicate, an IAM user with sufficient permission must exist in AWS.
You must enter the keys for this IAM user into BIG-IP VE. BIG-IP VE will use them to communicate.
  1. Log in to the BIG-IP Configuration utility.
  2. On the Main tab, click System > Configuration > AWS > Global Settings .
  3. In the Access Key field, type the access key.
  4. In the Secret Key field, type the secret key.
  5. Click Update.
Table of Contents   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)