This repo contains a set of CloudFormation templates and modules for deploying an open-source HashiCorp Consul cluster and clients on AWS. HashiCorp Consul is a tool that provides the foundation of cloud networking automation using a central registry for service-based networking. Consul’s core use cases include:
- Service registry & health monitoring, to provide a real-time directory of all services with their health status;
- Network middleware automation, with service discovery for dynamic reconfiguration as services scale up, down or move;
- Zero trust network with service mesh, to secure service-to-service traffic with identity-based security policies and encrypted traffic with Mutual-TLS.
Deployed Versions:
CONSUL CLIENT VERSION='1.7.0'CONSUL SERVER VERSION='1.7.0'CONSUL TEMPLATE VERSION='0.24.0'
For architectural details, best practices, step-by-step instructions, and customization options, see the deployment guide.
This repo has the following folder structure:
- templates: This folder contains CloudFormation templates to deploy the QuickStart stacks.
- submodules: Git submodules utilized during the deployment of QuickStart stacks.
- ci: Utilized by taskcat utility to run tests via CI.
- functions: Contains packaged functions used by the QuickStart templates during deployment.
- images: Image of the QuickStart Architecture.
To deploy a Consul cluster and clients using this repo, there are two approaches:
- End-to-end Deployment: deploys HashiCorp Consul cluster and its ELB, Consul clients, and a bastion host into a new VPC with public, private subnets, and gateways. See master deployment template.
- Existing Infrastructure Deployment: deploys HashiCorp Consul cluster and its ELB, Consul clients, and a bastion host into a an existing VPC and its associated public, private subnets, and gateways. See consul deployment template.
Consul Connect is enabled by default. To set up a service on the Consul client nodes, you will need to register the service and proxy with Consul. For more information, please visit the following HashiCorp Learn pages:
- Register the Service and Proxy with Consul
- Register a Dependent Service and Proxy
- Control Communication with Intentions
Consul Autopilot is enabled by default with the following settings:
"autopilot": {
"cleanup_dead_servers": true,
"last_contact_threshold": "200ms",
"max_trailing_logs": 250,
"server_stabilization_time": "10s",
"redundancy_zone_tag": "az",
"disable_upgrade_migration": false,
"upgrade_version_tag": ""
}
For more information, please visit the following HashiCorp Learn pages:
- Default Cofiguration
- Dead Server Cleanup
- Server Stabilization
- Redundancy Zones
- Upgrade Migrations
- Server Health Checking
Consul provides several key features:
-
Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.
-
Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.
-
Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. The simple HTTP API makes it easy to use anywhere.
-
Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration.
-
Service Segmentation - Consul Connect enables secure service-to-service communication with automatic TLS encryption and identity-based authorization.
Full, comprehensive documentation is viewable on the Consul docs pages.
Thank you for your interest in contributing! Please refer to Quick Start Contributor's Guide for instructions.
- HashiCorp Support: https://support.hashicorp.com
- AWS QuickStart Support: https://aws.amazon.com/quickstart
