Deployment of HashiCorp Vault using Terraform

Table Of Contents

aws-vault

Terraform deployment of HashiCorp Vault. This is a work in progress write-up and will change.

Requirements

  • Terraform v0.12.26
  • SSH KeyPair creation (public key stored in compute\ec2\keypair.tf)
  • AWS Profile with ample IAM permissions, with access key and secret access key stored in ~.aws\credentials and labeled as:

hcvault

  • AWS VPC deployment to 10.10.0.0/21 (set in network\terraform.tfvars)

Includes the following components:

  • VPC

    aws_eip.nat aws_internet_gateway.main-igw aws_nat_gateway.main-natgw aws_route_table.PrivateRouteTable aws_route_table.PublicRouteTable aws_route_table_association.route_hcvault_Privatesubnet[0] aws_route_table_association.route_hcvault_Privatesubnet[1] aws_route_table_association.route_hcvault_Publicsubnet[0] aws_route_table_association.route_hcvault_Publicsubnet[1] aws_subnet.private_subnet[0] aws_subnet.private_subnet[1] aws_subnet.public_subnet[0] aws_subnet.public_subnet[1] aws_vpc.hcvault_vpc

  • EC2

In-Progress

  • Auto Scaling Group
  • Route 53 integration
  • Secrets Manager for HC Vault unlock key
  • Bastion host for EC2 instance in public subnet
  • Application Load Balancer for proper routing

Architecture target example

Tags :
Share :

Related Posts

Diagramming using CloudMapper

The snowball effect for organizations & startups using AWS is a real thing. You may start experimenting with using one of the cloud platforms (AWS in this article) and soon to find out you have quite the labyrinth of policies, groups, users, access keys and more. This handy tool developed by the security company DUO (now owned by Cisco) will help you untangle the ball of yarn that started with a back & forth between you and the developers.

Read More

Shared Secret

Goal Create an end-to-end fully encrypted, publicly accessible secret storage tool

Read More

Extending AWS CLI using aws-shell

Do you yearn for auto-completion and manual pages (automatically) within the AWS CLI tool? Look no more, as aws-shell is here to save (or shell?) the day.

Read More