CFT parameters
After deploying the CFT, you must define the stack name and enter parameter values.
The following sections provide descriptions of the available parameters. Some parameters are specific to certain templates, and are only displayed when that template is selected.
After entering all the required parameters, click Next to continue.
Navigate to the list of parameters specific to your template:
Parameters for a new VPC deployment
Network configuration
|
Parameter label (name) |
Default |
Description |
|---|---|---|
| Availability Zones (AvailabilityZones) |
Requires input |
List of Availability Zones to use for the subnets in the VPC. The FortiADC Autoscale solution uses two Availability Zones from your list and preserves the logical order you specify. |
|
VPC CIDR (VPCCIDR) |
10.0.0.0/16 |
Classless Inter-Domain Routing (CIDR) block for the FortiADC Auto Scale VPC. |
|
Public subnet 1 CIDR (PublicSubnet1CIDR) |
10.0.0.0/24 |
CIDR block for the public subnet located in Availability Zone 1 where FortiADC Autoscale instances will be deployed to. |
|
Public subnet 2 CIDR (PublicSubnet2CIDR) |
10.0.2.0/24 |
CIDR block for the public subnet located in Availability Zone 2 where FortiADC Autoscale instances will be deployed to. |
FortiADC configuration
|
Parameter label (name) |
Default |
Description |
|---|---|---|
| Resource name prefix (CustomIdentifier) | fadcASG | A custom identifier as the resource name prefix. Can only contain uppercase letters, lowercase letters, and numbers. Maximum length is 10. |
|
Fortiadc PAYG AMI Type (FortiadcPAYGAMIType) |
FAD-PAYG-1gbps |
FortiADC PAYG image type. |
| EC2 Instance type (FortiadcInstanceType) | c5.2xlarge |
Instance type to launch as FortiADC-VM on-demand instances.
For more information about instance types, see Amazon EC2 Instance Types. |
| Admin port (FortiadcAdminPort) | 8443 |
A port number for FortiADC-VM administration. Select 8443 for HTTPS access. 8080 port is reserved for HTTP access. 10443 port is reserved for auto scaling configuration synchronization port. |
| Admin CIDR block (FortiadcAdminCidr) |
Requires input |
CIDR block for external admin management access. Note: 0.0.0.0/0 accepts connections from any IP address. It is recommend to use a constrained CIDR range to reduce the potential of inbound attacks from unknown IP addresses. |
|
Key pair name (KeyPairName) |
Requires input |
Amazon EC2 key pair for admin access. |
|
FortiADC Elastic IP option (ElasticIPOption) |
Use the Elastic IP specified in FortiADC Elastic IP or Name |
An Elastic IP can be used to access the primary FortiADC-VM. When the primary role is transferred from one instance to another, the EIP will be associated with the new instance at the same time. You can fill in the existing Elastic IP specified in FortiADC Elastic IP or Name, or let FortiADC generate a new one for you. |
|
FortiADC Elastic IP or Name (FortiadcEl asticIP) |
fadcASG-EIP |
Specify the Elastic IP address or name, through which you can manage FortiADC. If you use an existing Elastic IP, fill it in here. If you create a new Elastic IP, give it a name so that you can find it easily in the AWS console. |
FortiADC auto-scaling group configuration
|
Parameter label (name) |
Default |
Description |
|---|---|---|
| Instance lifecycle expiry (ExpireLifecycleEntry) | 300 | FortiADC-VM instance lifecycle expiry entry (in seconds). The range is 60 to 3600. |
| Desired capacity (FortiadcAsgDesiredCapacity) | 2 | The number of FortiADC instances the group should have at any time. Must keep at least 2 FortiADCs in the group for High Availability. Minimum is 2. |
| Minimum group size (FortiadcAsgMinSize) | 2 | Minimum number of FortiADC instances in the Auto-Scaling Group. Minimum is 2. |
| Maximum group size (FortiadcAsgMaxSize) | 4 | Maximum number of FortiADC instances in the Auto-Scaling Group. Minimum is 2. |
|
Health check grace period (FortiadcAsgHealthCheckGracePeriod) |
300 |
The length of time (in seconds) that autoscaling waits before checking an instance's health status. Minimum is 60. |
|
Scaling cooldown period (FortiadcAsgCooldown) |
300 |
The ASG waits for the cooldown period (in seconds) to complete before resuming scaling activities. The range is 60 to 3600. |
|
Scale-out threshold (FortiadcAsgScaleOutThreshold) |
80 |
The average CPU threshold (in percentage) for the FortiADC-VM ASG to scale out (add) one instance. The range is 1 to 100. The value should be between Scale-in threshold and 100. |
|
Scale-in threshold (FortiadcAsgScaleInThreshold) |
25 |
The average CPU threshold (in percentage) for the FortiADC-VM ASG to scale in (remove) one instance. The range is 1 to 100. The value should be between 1 and Scale-out threshold. |
|
Healthy threshold (FortiadcElbTgHealthyThreshold) |
2 |
The number of consecutive health check failures required before considering a FortiADC-VM instance is unhealthy. Minimum is 2. |
|
Health Check Timeout ( FortiadcElbTgHCTimeout) |
2 |
The amount of time in seconds, during which no response from a FortiADC instance means a failed health check. Minimum is 2. |
|
Health Check Interval ( FortiadcElbTgHCInterval) |
5 |
The approximate amount of time in seconds between health checks of an individual FortiADC instance. Minimum is 5. |
Load balancing configuration
|
Parameter label (name) |
Default |
Description |
|---|---|---|
| Web service traffic port (BalanceWebTrafficOverPort) | 443 | Receive HTTPS web service traffic through this port and load balance traffic to this port of FortiADC. The range is 1 to 65535. |
AWS Quick Start configuration
|
Parameter label (name) |
Default |
Description |
|---|---|---|
| Quick Start S3 bucket name (QSS3BucketName) |
Requires input |
The name of the S3 bucket in which the FortiADC autoscaling deployment package is stored (for example: The Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). |
| Quick Start S3 key prefix (QSS3KeyPrefix) |
Requires input |
The path of the FortiADC autoscaling deployment package in s3 (for example: The Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). |
Parameters for an existing VPC deployment
Network configuration
|
Parameter label (name) |
Default |
Description |
|---|---|---|
| VPC ID (VpcId) |
Requires input |
Select the existing VPC IDs where you want to deploy the ASG and related resources. The VPC must have the option DNS hostnames enabled, and subnets (Public/Private if needed) in different Availability Zones. |
|
VPC CIDR (VPCCIDR) |
Requires input |
Classless Inter-Domain Routing (CIDR) block for the FortiADC Auto Scale VPC. |
|
PublicSubnet1 (PublicSubnet1) |
Requires input |
Select a subnet in the VPC. |
|
PublicSubnet2 (PublicSubnet2) |
Requires input |
Select another subnet in the VPC. The two subnets should be in different Availability Zones. |
FortiADC configuration
|
Parameter label (name) |
Default |
Description |
|---|---|---|
| Resource name prefix (CustomIdentifier) | fadcASG | A custom identifier as the resource name prefix. Can only contain uppercase letters, lowercase letters, and numbers. Maximum length is 10. |
|
Fortiadc PAYG AMI Typ (FortiadcPAYGAMIType) |
FAD-PAYG-1gbps |
FortiADC PAYG image type. |
| Instance type (FortiadcInstanceType) | c5.2xlarge |
Instance type to launch as FortiADC-VM on-demand instances.
For more information about instance types, see Amazon EC2 Instance Types. |
| Admin port (FortiadcAdminPort) | 8443 |
A port number for FortiADC-VM administration. Select 8443 for HTTPS access. 8080 port is reserved for HTTP access. 10443 port is reserved for auto scaling configuration synchronization port. |
| Admin CIDR block (FortiadcAdminCidr) |
Requires input |
CIDR block for external admin management access. Note: 0.0.0.0/0 accepts connections from any IP address. It is recommend to use a constrained CIDR range to reduce the potential of inbound attacks from unknown IP addresses. |
|
Key pair name (KeyPairName) |
Requires input |
Amazon EC2 key pair for admin access. |
|
FortiADC Elastic IP option (ElasticIPOption) |
Use the Elastic IP specified in FortiADC Elastic IP or Name |
An Elastic IP can be used to access the primary FortiADC-VM. When the primary role is transferred from one instance to another, the EIP will be associated with the new instance at the same time. You can fill in the existing Elastic IP specified in FortiADC Elastic IP or Name, or let FortiADC generate a new one for you. |
|
FortiADC Elastic IP or Name (FortiadcEl asticIP) |
fadcASG-EIP |
Specify the Elastic IP address or name, through which you can manage FortiADC. If you use an existing Elastic IP, fill it in here. If you create a new Elastic IP, give it a name so that you can find it easily in the AWS console. |
FortiADC auto-scaling group configuration
|
Parameter label (name) |
Default |
Description |
|---|---|---|
| Instance lifecycle expiry (ExpireLifecycleEntry) | 300 | FortiADC-VM instance lifecycle expiry entry (in seconds). The range is 60 to 3600. |
| Desired capacity (FortiadcAsgDesiredCapacity) | 2 | The number of FortiADC instances the group should have at any time. Must keep at least 2 FortiADCs in the group for High Availability. Minimum is 2. |
| Minimum group size (FortiadcAsgMinSize) | 2 | Minimum number of FortiADC instances in the Auto-Scaling Group. Minimum is 2. |
| Maximum group size (FortiadcAsgMaxSize) | 4 | Maximum number of FortiADC instances in the Auto-Scaling Group. Minimum is 2. |
|
Health check grace period (FortiadcAsgHealthCheckGracePeriod) |
300 |
The length of time (in seconds) that autoscaling waits before checking an instance's health status. Minimum is 60. |
|
Scaling cooldown period (FortiadcAsgCooldown) |
300 |
The ASG waits for the cooldown period (in seconds) to complete before resuming scaling activities. The range is 60 to 3600. |
|
Scale-out threshold (FortiadcAsgScaleOutThreshold) |
80 |
The average CPU threshold (in percentage) for the FortiADC-VM ASG to scale out (add) one instance. The range is 1 to 100. The value should be between Scale-in threshold and 100. |
|
Scale-in threshold (FortiadcAsgScaleInThreshold) |
25 |
The average CPU threshold (in percentage) for the FortiADC-VM ASG to scale in (remove) one instance. The range is 1 to 100. The value should be between 1 and Scale-out threshold. |
|
Healthy threshold (FortiadcElbTgHealthyThreshold) |
2 |
The number of consecutive health check failures required before considering a FortiADC-VM instance is unhealthy. Minimum is 2. |
|
Health Check Timeout ( FortiadcElbTgHCTimeout) |
2 |
The amount of time in seconds, during which no response from a FortiADC instance means a failed health check. Minimum is 2. |
|
Health Check Interval ( FortiadcElbTgHCInterval) |
5 |
The approximate amount of time in seconds between health checks of an individual FortiADC instance. Minimum is 5. |
Load balancing configuration
|
Parameter label (name) |
Default |
Description |
|---|---|---|
| Web service traffic port (BalanceWebTrafficOverPort) | 443 | Receive HTTPS web service traffic through this port and load balance traffic to this port of FortiADC. The range is 1 to 65535. |
AWS Quick Start configuration
|
Parameter label (name) |
Default |
Description |
|---|---|---|
| Quick Start S3 bucket name (QSS3BucketName) |
Requires input |
The name of the S3 bucket in which the FortiADC autoscaling deployment package is stored (for example: The Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). |
| Quick Start S3 key prefix (QSS3KeyPrefix) |
Requires input |
The path of the FortiADC autoscaling deployment package in s3 (for example: The Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). |
Available instance types in each region
AWS has different support for instance types in each region. Refer to the AWS documentation to check whether or not your selected FortiADC instance type is supported in the deployment region and zone.
To see if the instance type is supported in your zone, enable Available zones.
You can filter by instance types then search for your instance type (for example, c5.xlarge) to see its supported regions listed in the Availability zones field.
