Fortinet black logo

Bootstrapping the FortiADC-VM at initial boot-up using user data

5.4.1
Copy Link
Copy Doc ID bff5dd85-753a-11ea-9384-00505692583a:65371
Download PDF

Bootstrapping the FortiADC-VM at initial boot-up using user data

If you are installing and configuring your applications on Amazon EC2 dynamically at instance launch time, you will typically need to pull and install packages, deploy files, and ensure services are started. The following bootstrapping instructions help simplify, automate, and centralize FortiADC-VM deployment directly from the configuration scripts stored in AWS S3. This is also called "cloud-init".

Setting up IAM roles

IAM roles need S3 bucket read access. This example applies the existing AmazonS3ReadOnlyAccess policy to the role by adding the following code or selecting S3ReadOnlyAccess from the policy list in adding to the role:

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Action": [

"s3:Get*",

"s3:List*"

],

"Resource": "*"

}

]

}

If you need further instructions, please refer to the AWS documentation on IAM Roles for Amazon EC2

.

Creating S3 buckets with license and firewall configurations

  1. On the AWS console, create an Amazon S3 bucket at the root level for the bootstrap files.
  2. Upload the license file and configuration files(s) to the S3 bucket. In this example, one license file and configuration files are uploaded. For example, let's have the following FortiADC CLI command statement in the config file:

config system global

set hostname fadcloudinit

end

This is to set a hostname as part of initial configuration at first launch.

{

"bucket" : "fortiadc-bucket",

"region" : "us-west-1",

"license" : "/FADV080000188885.lic",

"config" : "/fadconfig-init.txt"

}

Launching the instance using roles and user data

Follow the normal procedure to launch the instance from the AWS marketplace. When selecting the VPC subnet, the instance must be with the role that was created and specify the information about the license file and configuration file from the AWS S3 bucket previously configured under Advanced Settings.

After launching the FortiADC-VM, open the console to verify that the VM is booting and utilizing the license file and configuration file that was provided.

After logging in, use the get system status command to verify the license was activated and that the specified hostname was configured.

Bootstrapping the FortiADC-VM at initial boot-up using user data

If you are installing and configuring your applications on Amazon EC2 dynamically at instance launch time, you will typically need to pull and install packages, deploy files, and ensure services are started. The following bootstrapping instructions help simplify, automate, and centralize FortiADC-VM deployment directly from the configuration scripts stored in AWS S3. This is also called "cloud-init".

Setting up IAM roles

IAM roles need S3 bucket read access. This example applies the existing AmazonS3ReadOnlyAccess policy to the role by adding the following code or selecting S3ReadOnlyAccess from the policy list in adding to the role:

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Action": [

"s3:Get*",

"s3:List*"

],

"Resource": "*"

}

]

}

If you need further instructions, please refer to the AWS documentation on IAM Roles for Amazon EC2

.

Creating S3 buckets with license and firewall configurations

  1. On the AWS console, create an Amazon S3 bucket at the root level for the bootstrap files.
  2. Upload the license file and configuration files(s) to the S3 bucket. In this example, one license file and configuration files are uploaded. For example, let's have the following FortiADC CLI command statement in the config file:

config system global

set hostname fadcloudinit

end

This is to set a hostname as part of initial configuration at first launch.

{

"bucket" : "fortiadc-bucket",

"region" : "us-west-1",

"license" : "/FADV080000188885.lic",

"config" : "/fadconfig-init.txt"

}

Launching the instance using roles and user data

Follow the normal procedure to launch the instance from the AWS marketplace. When selecting the VPC subnet, the instance must be with the role that was created and specify the information about the license file and configuration file from the AWS S3 bucket previously configured under Advanced Settings.

After launching the FortiADC-VM, open the console to verify that the VM is booting and utilizing the license file and configuration file that was provided.

After logging in, use the get system status command to verify the license was activated and that the specified hostname was configured.