Based on https://github.com/hashicorp/vault-guides/tree/master/operations/raft-storage/aws
These assets are provided to perform the tasks described in the Vault HA Cluster with Integrated Storage on AWS guide.
-
Set your AWS credentials as environment variables:
$ export AWS_ACCESS_KEY_ID = "<YOUR_AWS_ACCESS_KEY_ID>" $ export AWS_SECRET_ACCESS_KEY = "<YOUR_AWS_SECRET_ACCESS_KEY>" -
Use the provided
terraform.tfvars.exampleas a base.Example:
# AWS Region aws_region = "us-east-2" # List of AZ's for HA nodes availability_zones = ["us-east-2a", "us-east-2b", "us-east-2c"] # Prefix name for all resources created environment_name = "vault-demo" # Base tags for all resources default_base_tags = { owner = "FirstName LastName" contact = "me@mydomain.com" } # Optional Vault binary download URL - Default is v.1.10.0 OSS vault_zip_file = "https://releases.hashicorp.com/vault/1.10.0+ent/vault_1.10.0+ent_linux_amd64.zip" # Optional Vault autoload license - Default is oss vault_license = "license.hclic"
-
Run Terraform commands to provision your cloud resources:
$ terraform init $ terraform plan $ terraform apply -auto-approveThe Terraform output will display the IP addresses of the provisioned Vault nodes and load balancer URL.
Example:
NOTE: Post provisioning steps will continue to run even though Terraform has completed The log will report 'Complete' when Vault is ready. Terraform Version: vault.hclic - https://releases.hashicorp.com/vault/1.10.0+ent/vault_1.10.0+ent_linux_amd64.zip (Leader) node_1 (18.117.168.75) | internal: (10.0.1.10) Tail the log... $ ssh -l ubuntu 18.117.168.75 -i ~/.ssh/vault-demo.pem tail -f /var/log/tf-user-data.log Verify all raft peers... $ ssh -l ubuntu 18.117.168.75 -i ~/.ssh/vault-demo.pem vault operator raft list-peers Your root token... $ ssh -l ubuntu 18.117.168.75 -i ~/.ssh/vault-demo.pem cat /tmp/key.json|jq .root_token (Standby) node_2 (18.188.131.30) | internal: (10.0.2.10) Tail the log... $ ssh -l ubuntu 18.188.131.30 -i ~/.ssh/vault-demo.pem tail -f /var/log/tf-user-data.log (Standby) node_3 (3.138.107.179) | internal: (10.0.3.10) Tail the log... $ ssh -l ubuntu 3.138.107.179 -i ~/.ssh/vault-demo.pem tail -f /var/log/tf-user-data.log You may need to wait a few minutes for instance registration... NLB URL: http://vault-demo-lb-b9d7a60d49090976.elb.us-east-2.amazonaws.com:8200
When you are done exploring, execute the terraform destroy command to terminal all AWS elements:
$ terraform destroy -auto-approve