To log in to Amazon EC2 instances, you must have a key pair. In this deployment, you will create an instance for network address translation (NAT) and one for BIG-IP® VE.
Key pairs are reusable, so if you have a key pair, you do not need to repeat these steps.
You can create a key pair by using a third-party tool like PuTTYgen, or by using the AWS web site (for instructions, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html).
For more details about creating a VPC, see the Amazon documentation at http://aws.amazon.com/documentation/vpc/.
Now create the internal subnet in that same availability zone. The internal subnet corresponds to the BIG-IP® internal VLAN.
For more details about creating subnets, see the Amazon documentation at http://aws.amazon.com/documentation/vpc/.
Amazon security groups control the inbound and outbound traffic allowed by an EC2 instance.
In the network configuration we're building, you can use three security groups: one for management, one for virtual server traffic, and one for internal traffic.
|Group name||Inbound rules||Source|
|Management traffic group||
||A secure network or, temporarily, 0.0.0.0/0 for Internet access.|
|Virtual server traffic group||
||For HTTP and HTTPS, use the port that serves the virtual traffic. Or temporarily, 0.0.0.0/0 for Internet access.|
||Internal subnet or VPC CIDR.|
When you created the BIG-IP® VE instance, you associated two network interfaces with it (one for management and one for external). To connect BIG-IP VE with your internal servers, create an internal network interface, and attach it to your BIG-IP VE instance.
The first time you log in to your BIG-IP® VE instance, you should log in as admin to create a strong password. This password is now available to the Internet, so ensure it is secure.