This is Terraform module for provisioning Vault with integrated storage on AWS. This module defaults to setting up a cluster with 5 Vault nodes (as recommended by the Vault with Integrated Storage Reference Architecture).
This module implements the Vault with Integrated Storage Reference Architecture on AWS using the Open Source version of Vault.
This module automatically initializes the Vault cluster and places the initial root token and recovery keys in AWS Secrets Manager.
For practitioners requiring Consul as a storage backend and/or a wider variety of configurable options out of the box, please see the Terraform AWS Vault Module.
- Create a Terraform configuration that pulls in the module and specifies values of the requires variables:
provider "aws" {
region = "<your AWS region>"
}
module "vault-oss" {
source = "hashicorp/vault-oss/aws"
version = "0.1.0"
allowed_inbound_cidrs = ["<list of inbound CIDRs>"]
vpc_id = "<your VPC id>"
vault_version = "<vault version (ex: 1.4.2)>"
owner = "<owner name/tag>"
name_prefix = "<name prefix you would like attached to your environment>"
key_name = "<your SSH key name>"
}- Run
terraform initandterraform apply
This code is released under the MPL 2.0 License. Please see LICENSE for more details.
This module creates AWS Lambda functions and places them inside the VPC. Due to this and some VPC networking changes AWS has recently deployed, it can take up 45 minutes to successfully delete this environment. See the following documentation for more details on this issue.