Skip to content
/ terraform-aws-vault-starter Public
forked from hashicorp/terraform-aws-vault-starter

A Terraform Module for provisioning an OSS Vault cluster (using integrated storage) as described by HashiCorp reference architecture.

License

MPL-2.0 license
0 stars 65 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DigitalOnUs/terraform-aws-vault-starter

BranchesTags
 
 

Repository files navigation

Vault AWS Module

This is Terraform module for provisioning Vault with integrated storage on AWS. This module defaults to setting up a cluster with 5 Vault nodes (as recommended by the Vault with Integrated Storage Reference Architecture).

About This Module

This module implements the Vault with Integrated Storage Reference Architecture on AWS using the Open Source version of Vault.

This module automatically initializes the Vault cluster and places the initial root token and recovery keys in AWS Secrets Manager.

For practitioners requiring Consul as a storage backend and/or a wider variety of configurable options out of the box, please see the Terraform AWS Vault Module.

How to Use This Module

Create a Terraform configuration (main.tf) that pulls in the module and specifies values of the required variables:

provider "aws" {
  region = "<your AWS region>"
}

module "vault-oss" {
  source                = "hashicorp/vault-oss/aws"
  version               = "<module version>"
  allowed_inbound_cidrs = ["<list of inbound CIDRs>"]
  vpc_id                = "<your VPC id>"
  vault_version         = "<vault version (ex: 1.5.2)>"
  owner                 = "<owner name/tag>"
  name_prefix           = "<name prefix you would like attached to your environment>"
  key_name              = "<your SSH key name>"
  elb_internal          = false
}
  • version: The Vault AWS module version to pull (e.g. 0.2.1) during the initialization
  • allowed_inbound_cidrs: Allowed CIDR blocks for SSH and API/UI access
  • vpc_id: ID of the VPC where cloud resources to be provisioned (see the Notes)
  • vault_version: Desired Vault version to install
  • key_name: The name of the SSH key pairs to use. This must exist in the specified AWS region
  • elb_internal: To connect to Vault via a load balancer from outside the VPC, set this to false

Run terraform init and terraform apply to provision a Vault cluster.

License

This code is released under the MPL 2.0 License. Please see LICENSE for more details.

Notes

  • This modules assumes you are using a default VPC and provides defaults for the variables listed below. Please change the values of these variables based on your VPC CIDR block. If you are not using a default VPC.

    • nat_gateway_subnet_cidr
    • lambda_primary_subnet_cidr
    • lambda_secondary_subnet_cidr

  • This module creates AWS Lambda functions and places them inside the VPC. Due to this and some VPC networking changes AWS has recently deployed, it can take up 45 minutes to successfully delete this environment. See the following documentation for more details on this issue.

About

A Terraform Module for provisioning an OSS Vault cluster (using integrated storage) as described by HashiCorp reference architecture.

Resources

Readme

License

MPL-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

6 tags

Packages

No packages published

Languages

  • HCL 54.0%
  • Shell 24.6%
  • Go 19.7%
  • Makefile 1.7%