reference deployment

BIG-IP Virtual Edition on AWS

An application delivery, load balancing, and security services platform

This Partner Solution deploys an F5 BIG-IP Virtual Edition (VE) cluster on the Amazon Web Services (AWS) Cloud in about 30 minutes. BIG-IP VE is a security services platform that provides businesses, service providers, governments, and consumer brands a more secure option for delivering applications from any location without sacrificing speed and control.  

This Partner Solution deploys a full application stack, including bastion hosts, network address translation (NAT) gateways, and BIG-IP VE instances. It creates a virtual private cloud (VPC) infrastructure for a multi-Availability Zone, multi-tier deployment of a Linux-based application infrastructure with multiple AWS resources. 

This Partner Solution was developed by F5 in collaboration with AWS. F5 is an AWS Partner.

AWS Service Catalog administrators can add this architecture to their own catalog.

  •  What you'll build
  • This Partner Solution sets up the following:

    • A highly available architecture that spans two Availability Zones.*
    • A VPC configured with public and private subnets according to AWS best practices, to provide you with your own virtual network on AWS.*
    • In the public subnets:
      • Managed NAT gateways to allow outbound internet access for resources in the private subnets.*
      • A Linux bastion host in an Auto Scaling group to allow inbound Secure Shell (SSH) access to Amazon EC2 instances in public and private subnets.*
      • BIG-IP VE deployed to Amazon Elastic Compute Cloud (Amazon EC2) instances. 
    • In the private subnets:
      • An example application that deploys web application instances and a web application firewall (WAF)-protected virtual service on the BIG-IP VE instances.
      • An elastic network interface that represents the public-facing management network interface cards (NICs) of a clustered pair of BIG-IP VE instances. 
    • AWS Identity and Access Management (IAM) for a role and EC2 instance profile.
    • An Amazon Simple Storage Service (Amazon S3) bucket used to provide failover state.

    * The template that deploys the Partner Solution into an existing VPC skips the tasks marked by asterisks and prompts you for your existing VPC configuration.

  •  How to deploy
  • To deploy this Partner Solution, follow the instructions in the deployment guide, which include these steps. The stack takes about 15 minutes to launch. 

    1. Sign in to your AWS account. If you don't have an account, sign up at
    2. Subscribe to the Amazon Machine Image (AMI) used by the Partner Solution in AWS Marketplace.
    3. Launch the Partner Solution. Choose the Region from the top toolbar before creating the stack. You can choose from the following options:
    4. Test the deployment.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Costs and licenses
  • You are responsible for the cost of the AWS services and any third-party licenses used while running this Partner Solution reference deployment. There is no additional cost for using the Partner Solution.

    The AWS CloudFormation templates for this Partner Solution include configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, refer to the pricing pages for each AWS service you use. Prices are subject to change.

    Tip:  After you deploy the Partner Solution, create AWS Cost and Usage Reports to track costs associated with the Partner Solution. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregates the data at the end of the month. For more information about the report, refer to What are AWS Cost and Usage Reports?

    The Partner Solution requires a subscription to the Amazon Machine Image (AMI) for BIG-IP VE, which is available from AWS Marketplace. By default, this Partner Solution deploys F5 BIG-IP BEST with IPI and Threat Campaigns (PAYG, 25Mbps) instances.