This is a consolidated automation repo for different verified designs customer use case examples available across F5
products like BigIP
and BigIP Next
. Users can use this to test a specific use case end to end by using the automation code available in this repo.
NOTE: To learn about each use case check the devcentral article link provided in each scenario folder README
Note: Next CM API specification can be found over this link F5® BIG-IP® Next Central Manager API Specifications.
DevCentral Overview Articles | Use Case / Workflow Guides (SaaS Console, Automation) |
---|---|
Introducing Next Access Alongside Our Trusted APM | N/A |
SAML Federation made easier | Microsoft EntraID (SAML IdP) with Kerberos SSO |
Integration with Okta (SAML IdP) | |
Integration with Okta (SAML IdP) with HTTP Connector providing risk rating | |
[Multiple IdPs based on matching criteria] | |
VPN Use cases | Edge client with Machine certificate |
Machine Tunnel with Machine certificate |
- AWS Account - Due to the assets being created, free tier will not work.
- The F5 BIG-IP AMI being used from the AWS Marketplace should be subsribed to your account
- Please make sure resources like VPC and Elastic IP's are below the threshold limit in that aws region
- GitHub Account
- Clone the repo locally and update AWS credentials like
access keys
,secret key
andsession token
be insettings
-->Secrets
-->Actions
section
Note: Above values typically expire in every 12 hours. If you are not using session token please remove this field accordingly in workflow file step name-
configure aws credentials
in all jobs
- Bigip password and EC2 keys should be updated properly in
settings
-->Secrets
-->Actions
section
Note: Make sure passwords follow company security standards like alpha numeric, etc.
-
EC2 key related pem and pub file should be copied to terraform folder in your use case
-
Make sure you have subscribed to the latest
BIGIP AMI
in AWS account (Sample AMI ID isami-0f859d430f5f0ea80
) -
Update your
ENV
variables in/data/testbed-data.json
file in your use case folder -
Install self hosted runner and add it to this repo
-
Make sure
awscli
,kubectl
,ansible-playbook
,pytest
,git
and other required tools are installed in this private custom runner. Referrequirements.txt
file for more details
Note: Please install and make sure python packages like
pytest-html
,awscli==1.18.105
andbotocore==1.17.28
are available with their correct versions in runner to avoid failures
-
Go to
Actions
tab and select your article work-flow -
Click on
Run Workflow
option and execute it -
Check the CI/CD jobs execution and check the artifacts for more details
- EKS with name
apisecurity_automation_eks
- VPC with name
apisecurity-automation-VPC
- EC2 instance with name
apisecurity-automation-BIGIP
- EC2 access key with name
automation-key
- Auto scaling group with name
apisecurity_automation_eks-*
- Network interface with name
BIGIP-Managemt-Interface-0
- IAM policies with names
apisecurity_automation_eks-elb-sl-role-creation*
andapisecurity_automation_eks-deny-log-group*
- IAM role with name
apisecurity_automation_eks*
- Elastic IP with no name
For support, please open a GitHub issue. Note, the code in this repository is community supported and is not supported by F5 Networks.
Please refer to the F5 DevCentral Community Code of Conduct.
Copyright 2014-2023 F5 Networks Inc.
Before you start contributing to any project sponsored by F5 Networks, Inc. (F5) on GitHub, you will need to sign a Contributor License Agreement (CLA).
If you are signing as an individual, we recommend that you talk to your employer (if applicable) before signing the CLA since some employment agreements may have restrictions on your contributions to other projects. Otherwise by submitting a CLA you represent that you are legally entitled to grant the licenses recited therein.
If your employer has rights to intellectual property that you create, such as your contributions, you represent that you have received permission to make contributions on behalf of that employer, that your employer has waived such rights for your contributions, or that your employer has executed a separate CLA with F5.
If you are signing on behalf of a company, you represent that you are legally entitled to grant the license recited therein. You represent further that each employee of the entity that submits contributions is authorized to submit such contributions on behalf of the entity pursuant to the CLA.