hashicorp/vault-guides

Is operations/aws-kms-unseal/terraform-aws/userdata.tpl missing access_key and secret_key?

bbigras opened this issue · 1 comments

bbigras commented

According to https://www.vaultproject.io/docs/configuration/seal/awskms it needs access_key and secret_key.

vault-guides/operations/aws-kms-unseal/terraform-aws/userdata.tpl

Lines 97 to 110 in 13f2e3c

cat << EOF > /etc/vault.d/vault.hcl
storage "file" {
path = "/opt/vault"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}
seal "awskms" {
region = "${aws_region}"
kms_key_id = "${kms_key}"
}
ui=true
EOF

bbigras commented

My bad. access_key and secret_key are not required when using an instance profile.

vault-guides/operations/aws-kms-unseal/terraform-aws/instance.tf

Line 38 in 13f2e3c

iam_instance_profile = aws_iam_instance_profile.vault-kms-unseal.id