f5devcentral · akananth · Mar 25, 2025 · Feb 10, 2025 · Feb 11, 2025 · Feb 11, 2025
diff --git a/.DS_Store b/.DS_Store
diff --git a/README.md b/README.md
@@ -1,46 +1,104 @@
-## Overview
+# Deploying NGINX Ingress Controller with NGINX WAFv5 in AWS
+---------------------------------------------------------------
 
-This is a consolidated automation repo for different verified designs customer use case examples using `F5 Nginx`. Users can use this to test a specific use case end to end by using the automation code available in this repo. </br>
-</br>
-**NOTE: To learn about each use case check the devcentral article link provided in each scenario folder README** </br>
-</br>
+Introduction :
+---------------
+This demo guide offers a step-by-step walkthrough for configuring the NGINX Ingress Controller with NGINX App Protect v5 on AWS Cloud, using Terraform scripts to automate the deployment. For more information, refer to the devcentral article:  <Coming Soon>
 
 
+## Getting Started
+
 ## Prerequisites
 
-* [AWS Account](https://aws.amazon.com) - Due to the assets being created, free tier will not work.
-  * The F5 NGINX App Protect AMI being used from the [AWS Marketplace](https://aws.amazon.com/marketplace) should be subsribed to your account
-  * Please make sure resources like VPC and Elastic IP's are below the threshold limit in that aws region
+* [NGINX Plus with App Protect and NGINX Ingress Controller license](https://www.nginx.com/free-trial-request/)
+* [AWS Account](https://aws.amazon.com) - Due to the assets being created, the free tier will not work.
 * [GitHub Account](https://github.com)
 
-## Steps to execute
+## Assets
+
+* **nap:**       NGINX Ingress Controller for Kubernetes with NGINX App Protect (WAF and API Protection)
+* **infra:**     AWS Infrastructure (VPC, IGW, etc.)
+* **eks:**       AWS Elastic Kubernetes Service
+* **arcadia:**   Arcadia Finance test web application and API
+* **policy:**    NGINX WAF Compiler Docker and Policy
+* **S3:**        Amazon S3 bucket and IAM role and policy for storage.
+
+## Tools
+
+* **Cloud Provider:** AWS
+* **IAC:** Terraform
+* **IAC State:** Amazon S3
+* **CI/CD:** GitHub Actions
+
+
+## GitHub Secrets Configuration
+
+This workflow requires the following secrets to be configured in your GitHub repository:
+
+### Required Secrets
+
+| Secret Name            | Type    | Description                                                                 | Example Value/Format        |
+|------------------------|---------|-----------------------------------------------------------------------------|----------------------------|
+| `AWS_ACCESS_KEY_ID`     | Secret  | AWS IAM user access key ID with sufficient permissions                     | `AKIAXXXXXXXXXXXXXXXX`     |
+| `AWS_SECRET_ACCESS_KEY` | Secret  | Corresponding secret access key for the AWS IAM user                       | (40-character mixed case string) |
+| `AWS_SESSION_TOKEN`     | Secret  | Session token for temporary AWS credentials (if using MFA)                 | (Base64-encoded string)    |
+| `NGINX_JWT`             | Secret  | JSON Web Token for NGINX license authentication                            | `eyJhbGciOi...` (JWT format) |
+| `NGINX_CRT`             | Secret  | NGINX Certificate in PKCS#12 format                                        | `api.p12` file contents    |
+| `NGINX_KEY`             | Secret  | Private key for securing HTTPS and verifying SSL/TLS certificates          | YourCertificatePasrivatekey|                                                    
+
+### How to Add Secrets
+
+1. Navigate to your GitHub repository
+2. Go to **Settings** → **Secrets and variables** → **Actions**
+3. Click **New repository secret**
+4. Enter the secret name exactly as shown above
+5. Paste the secret value
+6. Click **Add secret**
+
+
+## Workflow Runs
+
+**STEP 1:** Check out a branch for the workflow you wish to run using the following naming convention. 
+
+  **DEPLOY**
+
+  | Workflow     | Branch Name      |
+  | ------------ | ---------------- |
+  | NGINX V5-NIC/NAP Apply| apply-NIC/NAP   |
 
-1. Clone the repo locally and update AWS credentials like `access keys`, `secret key` and `session token` be in  `settings` --> `Secrets` --> `Actions` section <br />
-![image](https://user-images.githubusercontent.com/6093830/209962425-1c3452ec-9b32-4509-adb5-cc85d4a67a10.png)
-> Note: Above values typically expire in every 12 hours. If you are not using session token please remove this field accordingly in workflow file step name-`configure aws credentials` in all jobs
+
+  **DESTROY**
+
+  | Workflow     | Branch Name       |
+  | ------------ | ----------------- |
+  | NGINX V5-NIC/NAP Destroy| destroy-NIC/NAP   |
 
-2. EC2 keys should be updated properly in `settings` --> `Secrets` --> `Actions` section <br />
-> Note: Make sure passwords follow company security standards like alpha numeric, etc. <br />
 
-3. EC2 key related pem and pub file should be copied to terraform folder in your use case<br />
 
-4. Make sure you have subscribed to the `NGINX App Protect AMI` in AWS account <br />
+**STEP 2:** Rename `infra/terraform.tfvars.examples` to `infra/terraform.tfvars` and add the following data:
+  * project_prefix  = "Your project identifier name in **lower case** letters only - this will be applied as a prefix to all assets"
+  * resource_owner = "Your-name"
+  * aws_region     = "AWS Region" ex. us-east-1
+  * azs            = ["us-east-1a", "us-east1b"] - Change to Correct Availability Zones based on selected Region
+  * Also update assets boolean value as per your work-flows
 
-5. Update your `ENV` variables in `/data/testbed-data.json` file in your use case folder <br />
+**STEP 3:**  In the `S3 directory`, inside the `variable.tf` file  modify the following data 
+  * description = "S3 bucket for Terraform remote state storage"
+  * default     = "your-unique-bucket-name"  # Replace with your actual bucket name
+
 
-6. Install self hosted runner and add it to this repo <br />
+**STEP 4:** Commit and push your build branch to your forked repo
+  * Build will run and can be monitored in the GitHub Actions tab and TF Cloud console
 
-7. Make sure `awscli`, `kubectl`, `ansible-playbook`, `pytest`, `git` and other required tools are installed in this private custom runner. Refer `requirements.txt` file for more details <br />
 
-> Note: Please install and make sure python packages like `pytest-html`, `awscli==1.18.105` and `botocore==1.17.28` are available with their correct versions in runner to avoid failures <br />
+**STEP 5:** Once the pipeline is complete, verify that your assets were deployed or destroyed based on your workflow. 
 
-8. Go to `Actions` tab and select your article work-flow <br />
+            **NOTE:**  The autocert process takes time.  It may be 5 to 10 minutes before Let's Encrypt has provided the cert.
 
-9. Click on `Run Workflow` option and execute it <br />
 
-10. Check the CI/CD jobs execution and check the artifacts for more details <br />
-<br />
+## Development
 
+Outline any requirements to setup a development environment if someone would like to contribute.  You may also link to another file for this information.
 
 ## Support
 
@@ -56,7 +114,7 @@ Please refer to the [F5 DevCentral Community Code of Conduct](code_of_conduct.md
 
 ## Copyright
 
-Copyright 2014-2023 F5 Networks Inc.
+Copyright 2014-2020 F5 Networks Inc.
 
 ### F5 Networks Contributor License Agreement