Provision a best practices Vault & Consul cluster in a private network with a bastion host.
The AWS Best Practices Vault guide provisions a 3 node Vault and 3 node Consul cluster with a similar architecture to the Quick Start guide. The difference is this guide will setup TLS/encryption across Vault & Consul and depends on pre-built images rather than runtime configuration. You can find the Packer templates to create the Consul image and Vault image in the Guides Configuration Repo.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bastion_consul_version | string | "1.2.3" |
no | |
| bastion_image_id | string | "" |
no | |
| bastion_instance | string | "t2.small" |
no | |
| bastion_os | string | "RHEL" |
no | |
| bastion_os_version | string | "7.3" |
no | |
| bastion_release | string | "0.1.0" |
no | |
| bastion_servers | string | "1" |
no | |
| bastion_vault_version | string | "0.11.3" |
no | |
| common_name | string | "example.com" |
no | |
| consul_client_config_override | string | "" |
no | |
| consul_image_id | string | "" |
no | |
| consul_instance | string | "t2.small" |
no | |
| consul_os | string | "RHEL" |
no | |
| consul_os_version | string | "7.3" |
no | |
| consul_public | If true, assign a public IP, open port 22 for public access, & provision into public subnets to provide easier accessibility without a Bastion host - DO NOT DO THIS IN PROD | string | "false" |
no |
| consul_release | string | "0.1.0" |
no | |
| consul_server_config_override | string | "" |
no | |
| consul_servers | ---------------------------------------------------------------------------------------------------------------------Consul Variables--------------------------------------------------------------------------------------------------------------------- | string | "-1" |
no |
| consul_tags | map | <map> |
no | |
| consul_tags_list | list | <list> |
no | |
| consul_version | string | "1.2.3" |
no | |
| download_certs | string | "false" |
no | |
| local_ip_url | string | "http://169.254.169.254/latest/meta-data/local-ipv4" |
no | |
| name | ---------------------------------------------------------------------------------------------------------------------General Variables--------------------------------------------------------------------------------------------------------------------- | string | "vault-best-practices" |
no |
| nat_count | string | "1" |
no | |
| network_tags | map | <map> |
no | |
| organization_name | string | "Example Inc." |
no | |
| provider | string | "aws" |
no | |
| vault_image_id | string | "" |
no | |
| vault_instance | string | "t2.small" |
no | |
| vault_os | string | "RHEL" |
no | |
| vault_os_version | string | "7.3" |
no | |
| vault_public | If true, assign a public IP, open port 22 for public access, & provision into public subnets to provide easier accessibility without a Bastion host - DO NOT DO THIS IN PROD | string | "false" |
no |
| vault_release | string | "0.1.0" |
no | |
| vault_server_config_override | string | "" |
no | |
| vault_servers | ---------------------------------------------------------------------------------------------------------------------Vault Variables--------------------------------------------------------------------------------------------------------------------- | string | "-1" |
no |
| vault_tags | map | <map> |
no | |
| vault_tags_list | list | <list> |
no | |
| vault_version | string | "0.11.3" |
no | |
| vpc_cidr | ---------------------------------------------------------------------------------------------------------------------Network Variables--------------------------------------------------------------------------------------------------------------------- | string | "10.139.0.0/16" |
no |
| vpc_cidrs_private | list | <list> |
no | |
| vpc_cidrs_public | list | <list> |
no |