Skip to content

jvidalg/ec2-ami-vault-consul

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
auth
auth
 
 
tls
tls
 
 
README.md
README.md
 
 
vault-consul-ami.json
vault-consul-ami.json
 
 

Repository files navigation

Vault and Consul AMI - Packer

This repo is a customized version from the Hashicorp official module vault-consul-ami from this Module and the install-consul and install-dnsmasq modules from the Consul AWS Module with Packer to create Amazon Machine Images (AMIs) that have Vault and Consul installed on top of:

  1. Ubuntu 16.04
  2. Amazon Linux

You can use this AMI to deploy a Vault cluster by using the vault-cluster module. This Vault cluster will use Consul as its storage backend, so you can also use the same AMI to deploy a separate Consul server cluster by using the consul-cluster module.

Steps to build AWS AMIs

  1. git clone this repo to your computer.

  2. Install Packer.

  3. Configure your AWS credentials using one of the options supported by the AWS SDK. Usually, the easiest option is to set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables.

    Create environment variables
    export AWS_ACCESS_KEY_ID = ""
export AWS_SECRET_ACCESS_KEY = ""
    Create credentials file
    mkdir $HOME/.aws
echo "[default]
aws_access_key_id=
aws_secret_access_key= " >> $HOME/.aws/credentials

    if you are using multiple AWS Profiles, make sure you create your AMIs in the desired one using the following env variables, otherwise they will be created in the default profile:

    export AWS_PROFILE=profilename
export AWS_DEFAULT_PROFILE=profilename

  4. In this repo we are using the TLS certificates that come with the official template due to this is only for demo purposes. If you are planning to use it in a production environment or another managing sensitive data, you must use the private-tls-cert module TLS cert:

  5. Update the variables section of the vault-consul-ami.json Packer template to specify the: AWS region Vault version Consul version Paths to the TLS cert files you just generated. If you want to install Consul Enterprise, Vault Enterprise or obtain the files from a specific location no matter if Enterprise or not, skip the version variables and instead set the consul_download_url and vault_download_url to the full urls that point to the respective enterprise zipped packages or your on-premises location.

Example:

 export VAULT_DOWNLOAD_URL="https://releases.hashicorp.com/vault/0.11.5/vault_0.11.5_linux_amd64.zip"
 export CONSUL_DOWNLOAD_URL="https://releases.hashicorp.com/consul/1.3.1/consul_1.3.1_linux_amd64.zip"
  1. Run packer build vault-consul.json.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages