f5-aws-cloudformation icon indicating copy to clipboard operation
f5-aws-cloudformation copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

AWS organisational issue - security group related port communication

Open aracloud opened this issue 4 years ago • 1 comments

Do you already have an issue opened with F5 support?

Yes, and it is fixed

Description

Customer uses approval process for security groups that are configured within AWS. The CFT builds security groups inherently. So, this approach does not work for customer's with security groups creation which relies on a manual approval process behind.

In addition there were problems with two ports that should be opened in security-group:

TCP 8443 should be open between BIG-IP mgmt interfaces TCP 4353 should be open between BIG-IP config-sync interfaces

What needs to be fixed

Please add to the troubleshooting section what port communication are needed within AWS zone that CFT needs in order to communicate correctly. Maybe it would make sense in the troubleshooting section to document what security group configurations are made via CFT.

This would save a lot of time regarding troubleshooting.

Template

It does not match any template. This issue is just related to troubleshooting section.

Severity Level

Severity: 5

Thank you so much! Andrea

aracloud avatar Dec 09 '20 14:12 aracloud

Thanks for suggesting this addItion to our documentation. We are now tracking this enhancement internally with ID ESECLDTPLT-2412.

shyawnkarim avatar Dec 09 '20 16:12 shyawnkarim

Closing due to age. These legacy templates are now in maintenance mode and are being replaced by our next-generation templates available in the Cloud Templates 2.0 GitHub repo.

shyawnkarim avatar Nov 11 '22 23:11 shyawnkarim