This section explains the AWS IPAM feature available while integrating Avi Load Balancer with AWS.

Avi Load Balancer integrates with Amazon Web Services (AWS) for providing IPAM services to applications running on instances in AWS.

Note:

  • By default, IPAM is supported if the cloud type is AWS. No further IPAM configuration is required.

  • A separate IPAM configuration (as described below) is required only for cases where AWS provides the infrastructure service for other clouds, for instance, Mesos Cluster running on AWS instances.

  • AWS IPAM is supported only for North-South IPAM provider.

You need one of the following credentials for implementing AWS as the IPAM provider:

  • Identity and Access Management (IAM) roles - Set of policies that define access to resources within AWS.

  • AWS customer account key - Unique authentication key associated with the AWS account.

Configure AWS IPAM using IAM Role

If using the IAM role method to define access for Avi Load Balancer installation in AWS, use the following steps to set up the IAM roles before beginning deployment of the Controller EC2 instance:

  1. Navigate to Templates > Profiles > IPAM/DNS Profiles > CREATE > IPAM Profile.

  2. Select AWS IPAM as Type.



  3. Click CHANGE CREDENTIALS and select Use IAM Roles.

  4. Select the appropriate VPC from the VPC drop-down menu for available VPCs in that region.

  5. Under Usable Networks, click ADD to display a drop-down of availability zones (AZ) in that region and a corresponding list of networks in each AZ. For multi-AZ virtual service applications, configure at least one network from each AZ for IPAM.

  6. Click Save.

Configure AWS IPAM using Access Key

To configure AWS IPAM using Access Key,

  1. Select AWS IPAM as the Type, then select Use Access Keys and enter the following information:

    1. Access Key ID: AWS customer key ID

    2. Secret Access Key: customer key

    3. Region: The AWS region into which the VIPs will be deployed



  2. Select Access AWS through Proxy, if access to AWS endpoints requires a proxy server.



  3. Select Use Cross-Account AssumeRole, if the AWS credentials or role is being leveraged to access across accounts. Click Next to configure VPCs.

  4. Select the appropriate VPC from the VPC drop-down menu for available VPCs in that region.

  5. Under Usable Networks, click ADD to display a drop-down of availability zones (AZ) in that region and a corresponding list of networks in each AZ. For multi-AZ virtual service applications, configure at least one network from each AZ for IPAM.

  6. Click Save.