vault
hashicorp/vault/aws
A Terraform Module for how to run Vault on AWS using Terraform and Packer
 Vault AWS Module This repo contains a set of modules in the modules folder for deploying a Vault cluster on AWS using Terraform. Vault is an open source tool for managing secrets. By default, this Module uses Consul as a storage backend. You can optionally add an S3 backend for durability. !Vault architecture This Module includes: install-vault: This module can be used to install Vault. It can be used in a Packer template to create a Vault Amazon Machine Image (AMI). run-vault: This module can be used to configure and run Vault. It can be used in a User Data script to fire up Vault while the server is booting. vault-cluster: Terraform code to deploy a cluster of Vault servers using an Auto Scaling Group. vault-elb: Con
| Name | Type | Description | Default |
|---|---|---|---|
| ami_id | string | The ID of the AMI to run in the cluster. This should be an AMI built from the Pa | |
| hosted_zone_domain_name | string | The domain name of the Route 53 Hosted Zone in which to add a DNS entry for Vaul | |
| vault_domain_name | string | The domain name to use in the DNS A record for the Vault ELB (e.g. vault.example | |
| ssh_key_name | string | The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in this | |
| subnet_tags | map(string) | Tags used to find subnets for vault and consul servers | {} |
| vpc_tags | map(string) | Tags used to find a vpc for building resources in | {} |
| consul_cluster_name | string | What to name the Consul server cluster and all of its associated resources | "consul-example" |
| vault_cluster_size | number | The number of Vault server nodes to deploy. We strongly recommend using 3 or 5. | 3 |
| vault_instance_type | string | The type of EC2 Instance to run in the Vault ASG | "t2.micro" |
| consul_instance_type | string | The type of EC2 Instance to run in the Consul ASG | "t2.nano" |
| consul_cluster_tag_key | string | The tag the Consul EC2 Instances will look for to automatically discover each ot | "consul-servers" |
| create_dns_entry | bool | If set to true, this module will create a Route 53 DNS A record for the ELB in t | false |
| vault_cluster_name | string | What to name the Vault server cluster and all of its associated resources | "vault-example" |
| consul_cluster_size | number | The number of Consul server nodes to deploy. We strongly recommend using 3 or 5. | 3 |
| use_default_vpc | bool | Whether to use the default VPC - NOT recommended for production! - should more l | true |
vault_servers_cluster_tag_valuessh_key_nameiam_role_id_vault_clusteraws_regionsecurity_group_id_vault_clusterasg_name_consul_clusterlaunch_config_name_vault_clusterlaunch_config_name_consul_clusteriam_role_arn_consul_clusteriam_role_id_consul_clustervault_fully_qualified_domain_namevault_elb_dns_namesecurity_group_id_consul_clustervault_servers_cluster_tag_keyvault_cluster_sizeasg_name_vault_clusteriam_role_arn_vault_cluster