End-of-Life (EoL)
SQS Messaging Between the Application Template and Firewall
Template (v2.1)
Post a message to the SQS URL to enable the lambda function
in the firewall template to detect added or deleted network load
balancers or application load balancers.
VM-Series firewalls deployed using one of
the firewall templates can detect and send traffic to the load balancers
to which you want to automatically distribute incoming traffic.
To accomplish this, the firewall template includes a lambda function
that monitors a Simple Queue Service for messages. The message allows
the lambda function to learn about a new load balancer and then
automatically create a NAT policy rule on the firewall to send traffic
to the load balancer’s IP. To route traffic properly within the
AWS infrastructure, the message must also include basic information
on the DNS, VPC ID, and the AZ to which the load balancer belongs.
If
you are building your own application template, you must set up
your application template to post ADD and DEL messages to the SQS
URL that the firewall template uses to learn about load balancers
to which it must distribute traffic in your environment:
- ADD-NLB message that informs the firewalls when a new network load balancer is available.
- DEL-NLB message that informs the firewalls when a network load balancer has been terminated and is no longer available.
- ADD-ALB message that informs the firewalls when a new application load balancer is available.
- DEL-ALB message that informs the firewalls when a application load balancer has been terminated and is no longer available.
The
following examples of each message type include sample values. You
must modify these messages with values that match your deployment.
ADD-NLB
Message
msg_add_nlb= {
"MSG-TYPE": "ADD-NLB",
"AVAIL-ZONES": [
{
"NLB-IP":"192.168.2.101",
"ZONE-NAME":"us-east-2a",
"SUBNET-ID": "subnet-2a566243"
},
{
"NLB-IP":"192.168.12.101",
"ZONE-NAME":"us-east-2b",
"SUBNET-ID": "subnet-2a566243 "
}
],
"DNS-NAME": "publicelb1-2119989486.us-east-2.elb.amazonaws.com",
"VPC-ID": "vpc-42ba9f2b",
"NLB-NAME": "publicelb1"
}
DEL-NLB
Message
msg_del_nlb= {
"MSG-TYPE": "DEL-NLB",
"DNS-NAME": "publicelb1-2119989486.us-east-2.elb.amazonaws.com",
}
ADD-ALB
{ "AVAIL-ZONES": [
{
"SUBNET-CIDR": "172.32.0.0/24",
"SUBNET-ID": "subnet-0953a3a8e2a8208a9",
"ZONE-NAME": "us-east-2a"
},
{
"SUBNET-CIDR": "172.32.2.0/24",
"SUBNET-ID": "subnet-0a9602e4fb0d88baa",
"ZONE-NAME": "us-east-2c"
},
{
"SUBNET-CIDR": "172.32.1.0/24",
"SUBNET-ID": "subnet-0b31ed16f308b3c4d",
"ZONE-NAME": "us-east-2b"
}
],
"VPC-PEERCONN-ID": "pcx-0538bb05dbe2e1b8e",
"VPC-CIDR": "172.32.0.0/16",
"ALB-NAME": "appILB-908-0",
"ALB-ARN":"arn:aws:elasticloadbalancing:us-east-2:018147215560:loadbalancer/app/appILB-908-0/1997ed20eeb5bcef",
"VPC-ID": "vpc-0d9234597da6d9147",
"MSG-TYPE": "ADD-ALB",
"DNS-NAME": "internal-appILB-908-0-484644265.us-east-2.elb.amazonaws.com"
}
DEL-ALB
Message
{
"MSG-TYPE": "DEL-ALB",
"DNS-NAME": "internal-appILB-908-0-484644265.us-east-2.elb.amazonaws.com"
}
Refer
to the AWS documentation for details on how to send a message to
an Amazon SQS Queue.
Recommended For You
Recommended Videos
Recommended videos not found.
