Applies To:

Show Versions Show Versions

Manual Chapter: BIG-IP VE and AWS Auto Scaling
Manual Chapter
Table of Contents   |   Next Chapter >>

About BIG-IP VE and AWS Auto Scaling

You can use the AWS Auto Scaling service to automatically create or delete either:
  • Application servers (pool members used by BIG-IP® VE), or
  • Instances running BIG-IP VE, as well as the related application servers (pool members).

New instances are in a logical grouping called an Amazon Auto Scaling group. Instances are added and removed from the group when an AWS CloudWatch alarm indicates that some threshold (for example, CPU utilization or disk storage) has been reached. For pool member scaling, this threshold is based on EC2 metrics tracked by AWS. For BIG-IP VE scaling, the threshold can be based on custom metrics sent from BIG-IP VE to AWS, or the threshold can be based on EC2 metrics tracked by AWS.

When new BIG-IP VE instances are created in an Auto Scaling group, the AWS Elastic Load Balancing (ELB) load balancer discovers them. When application servers are created in an Auto Scaling group, BIG-IP VE discovers them and adds them to the pool.

A few things to note about Auto Scaling BIG-IP VE instances:
  • You must use an hourly license for BIG-IP VE. Otherwise, you will have to enter licensing information each time a new instance is created.
  • You must use a single NIC setup, which means using a VPC with only one subnet. This is required, because the Amazon Elastic Load Balancer (ELB) will forward traffic only to the first interface on an EC2 instance (in this case, the BIG-IP VE instance). In a multi-NIC configuration, the first interface (eth0) on BIG-IP VE is used for management traffic.
  • The BIG-IP VEs do not communicate with each other. If one instance goes offline, the AWS ELB load balancer continues sending traffic to any other available BIG-IP VE instances.

This guide explains how to create a fairly static configuration of BIG-IP VE and application servers for Auto Scaling. After new BIG-IP VE instances are launched, if you want to change the BIG-IP configuration (for example, to add more virtual servers or pools), you must stop the running instances, effectively stopping traffic to your applications. If you don't stop the running instances, you could have active instances running different configurations of BIG-IP.

Other Auto Scaling configurations are available by using CloudFormation templates (CFTs). CFTs are more flexible and allow for more granular customization of your environment. For more information about CFTs provided by F5®, go to https://github.com/F5Networks.

Prepare for Auto Scaling

Before you can configure Auto Scaling, you should have:
  • An AWS VPC with a single subnet.
  • An application server within the AWS VPC.
  • An instance of BIG-IP VE, also in the AWS VPC. This instance must be hourly if you're going to scale BIG-IP VEs.

For information about how to create the VPC and create and configure the BIG-IP VE instance, see the BIG-IP Virtual Edition and Amazon Web Services: Single NIC Setup guide.

For Pool Member Auto Scaling

For pool member Auto Scaling, you need:
  • In BIG-IP VE, a pool with no members. As new application server instances are created in AWS, they are automatically added to the pool.
  • An IAM role with appropriate policies attached. Select this role when you deploy BIG-IP VE. These policies are listed later in this guide.

For BIG-IP VE Auto Scaling

For BIG-IP VE Auto Scaling, you should have:
  • An AWS ELB that serves traffic to the BIG-IP instance; the ELB is in the AWS VPC.
  • In BIG-IP VE, a wildcard virtual server where the Destination Address/Mask is set to 0.0.0.0/0 or to the subnet, for example 10.0.0.0/24. This allows the AWS Elastic Load Balancer (ELB) to send traffic to any active BIG-IP VE instance.
  • An IAM role with appropriate policies attached. Specify this role when you create the BIG-IP VE launch configuration.
  • If you don't want to use an IAM role, an IAM user with appropriate policies attached. Enter its keys in BIG-IP VE before creating an image. If a different user creates the launch configuration, they can enter their keys when they create the launch configuration. Keys override roles.

Create Auto Scaling policies

For BIG-IP VE to communicate with AWS, you must create the appropriate policies and attach them to an IAM user or role.
  1. In the AWS Management Console, from the Services menu at the top of the screen, select IAM.
  2. In the Navigation pane, under Details, select Policies.
  3. Click Create Policy.
  4. By Create Your Own Policy, click Select.
  5. For pool member Auto Scaling, enter this text in the Policy Document field.
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "autoscaling:DescribeAutoScalingGroups",
                    "ec2:describeinstances"
                ],
                "Resource": "*"
            }
        ]
    }
  6. Enter a name for the policy and click Create Policy.
  7. If you are going to use Auto Scaling with BIG-IP VE instances, and you want BIG-IP VE to send metrics to AWS, create another policy, using this text.
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "cloudwatch:PutMetricData"
                ],
                "Resource": "*"
            }
        ]
    }
    
You now have the policies needed for Auto Scaling.

Assign Auto Scaling policies to an IAM role

Before you complete this task, ensure you have created IAM policies.
For BIG-IP VE to communicate with AWS, you must create an IAM role with the appropriate policies attached.

If you prefer, you can use an IAM user. For more details, see the Use an IAM user instead of an IAM role topic in this guide.

  1. In the AWS Management Console, from the Services menu at the top of the screen, select IAM.
  2. In the Navigation pane, under Details, select Roles.
  3. Click Create New Role.
  4. Type a name and click Next Step.
  5. Under AWS Service Roles, next to Amazon EC2, click Select.
  6. Select the policies you created and click Next Step.
  7. Click Create Role.
The IAM role now has the policies needed to interact between BIG-IP VE and AWS.
  • For pool member Auto Scaling only, this role must be assigned when you deploy BIG-IP VE in AWS.
  • For BIG-IP VE Auto Scaling, this role must be assigned when you create the BIG-IP VE launch configuration.

Use an IAM user instead of an IAM role

For BIG-IP VE to communicate with AWS when Auto Scaling BIG-IP VE instances, you should create an IAM role with the appropriate policies attached. However, if you prefer, you can use an IAM user instead.
  1. In the Navigation pane, under Details, select Users.
  2. Click Create New Users.
  3. Type a user name, select Generate an access key for each user and then click Create.
  4. Click Download Credentials.
    An access key ID and a secret access key are downloaded in a file named credentials.csv.
    Important: AWS downloads these credentials only once, so keep track of where they are stored.
  5. Click Close.
  6. In the list of users, click the row for the user.
  7. On the Permissions tab, click Attach Policy.
  8. Select the check box for the policy you created previously.
  9. Click Attach Policy.
  10. Finally, enter the user's keys into BIG-IP VE. Or, if you prefer, you can enter the keys in AWS later, when you create the launch configuration.
    1. Log in to the BIG-IP Configuration utility.
    2. On the Main tab, click System > Configuration > AWS > Global Settings .
    3. In the Access Key field, type the access key.
    4. In the Secret Key field, type the secret key.
    5. Click Update.
The IAM user can now communicate between BIG-IP VE and AWS.
Note: If you enter these keys in BIG-IP, you should delete them before you create the image. You can enter keys when creating the launch configuration for BIG-IP VE .
Table of Contents   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)