The built-in Amazon elastic compute cloud (EC2) Cloud Connector supports connection between
the BIG-IQ Cloud and an Amazon Web Services (AWS) account. The connector
gives you the management capability for your EC2 AWS cloud based applications. The EC2 Cloud
Connector provides two key features:
- The EC2 cloud connector can discover BIG-IP VE virtual machines in an
- The EC2 cloud connector can discover application servers running in the account.
You can combine these two features to coordinate management-plane changes to a private, public,
or hybrid cloud environment. For example, to accommodate traffic fluctuations, you might need to
periodically add or subtract devices or application servers. Discovering the necessary resources
on the fly makes this bursting support possible.
Network configuration for Amazon EC2 cloud services
For proper communication to devices located in an Amazon EC2 cloud, BIG-IQ
Cloud must have network access to those resources. Before you can manage cloud resources, you
must define a network route between the BIG-IQ Cloud internal VLAN and the public Internet, or
the Amazon EC2 endpoint, for proper communication to devices located in a public cloud. For
specific instructions, refer to your Amazon EC2 documentation.
Associating an EC2 cloud connector with a device and discovering application
To provide cloud tenant users with access to resources, you must
configure a cloud connector. A cloud connector provides two services.
First, you can use it to identify a specific set of resources, much like a virtual
it provides integration with third-party cloud services.
Log in to the BIG-IQ system with the administrator user name and
At the top of the screen, click Cloud.
Hover on the Connectors header and click the + icon when
In the Name and Description
fields, type a name and description for this connector.
You can use the name and description to help you organize network resources
into logical groups based on certain criteria, such as the location or
From the Cloud Provider list, select Amazon
From the Devices list, select the device you want to
associate with this connector.
To select additional devices to associate with this connector, click the
+ icon at the right of the list.
In the Region Endpoint field, type the entry point
For example, ec2.us-east-1.amazonaws.com is the region
end point for the Amazon EC2 US East (Northern Virginia) Region. Refer to the
AWS documentation for a list of all regional end points.
In the Key ID and Secret
fields, type the credentials of an EC2 user that can access
For security purposes, it is important to specify a user that has Amazon EC2
Read Only Access.
In the Availability
field, type the location of the region in which the instances
For example, type us-west-2c for the availability zone
for Oregon state.
In the Virtual Private Cloud field, you may type the
identification for the EC2 Virtual Private Cloud (VCP) network topology inside
the Availability Zone.
This step is optional. If you do not specify the identification for a VCP, BIG-IQ Cloud uses the first one it discovers in the Availability Zone.
Click the Save button at the top of the New Connector
BIG-IQ Cloud discovers application servers associated with Amazon EC2
and populates them in the Server panel. If it discovers F5 devices, BIG-IQ Cloud
populates them in the Device panel.
You can now add a cloud tenant using this connector and its associated