IAM Policies for AWS F5 VE HA setup?

Question

I've got a pair of HA F5 LTM 1gbps best setup in a VPC in AWS. The configsync and failover are configured correctly, but the aws API calls don't seem to be working to pass the VIPs back and forth during failover. I set the reassociate checkbox when creating the secondary IPs in the AWS console. I have the user IAM policies set to EC2-FullControl at the moment. I was testing with FullAdmin policies as well to try to remove that as a concern, but the VIPs didn't move with that config either. Any ideas? I'd like to run with the most restrictive permissions if possible, so if the exact API calls are known, I can craft an IAM policy to only allow those. But there is no public documentation about which API calls are made. Other things I can check to get the VIPs to move on failover?

jrahm · Answer

Hi John, for AWS specific implementations, you can chat with an F5 Support Engineer for assistance.&nbsp;

Forum Discussion

IAM Policies for AWS F5 VE HA setup?

1 Reply

Recent Discussions

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Related Content

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

LTM Policy

Access policy, LTM policy and iRules

Looking for Setup Advice