This folder contains a Terraform module that defines the IAM Policies used by a
Consul cluster.
Normally, you'd get these policies by default if you're using the consul-cluster submodule,
but if you're running Consul on top of a different cluster (e.g. you're co-locating Consul with Nomad), then you can
use this module to add the necessary IAM policies to that that cluster. For example, imagine you were using the
nomad-cluster module to run a
cluster of servers that have both Nomad and Consul on each node:
module"nomad_servers" {
source = "git::git@github.com:hashicorp/terraform-aws-nomad.git//modules/nomad-cluster?ref=v0.0.1"# This AMI has both Nomad and Consul installed
ami_id = "ami-1234abcd"
}
The nomad-cluster module will provide the IAM policies for Nomad, but not for Consul. To ensure those servers
have the necessary IAM permissions to run Consul, you can use this module as follows:
source: Use this parameter to specify the URL of this module. The double slash (//) is intentional
and required. Terraform uses it to specify subfolders within a Git repo (see module
sources). The ref parameter specifies a specific Git tag in
this repo. That way, instead of using the latest version of this module from the master branch, which
will change every time you run Terraform, you're using a fixed version of the repo.
iam_role_id: Use this parameter to specify the ID of the IAM Role to which the rules in this module
should be added.
You can find the other parameters in variables.tf.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"7cd21b1bd9fdbf5101b175a71ed1f83656945145"}]},{"name":".gitignore","path":".gitignore","sha":"866fba08567d4c22683017421abdb60f985833f2"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"5949dbc0fa6d4dd6610575e3c878c353d92da44a"},{"name":"CONTRIBUTING.md","path":"CONTRIBUTING.md","sha":"bdfb309d7ff6bb05ffc1ea9453604805c022d13b"},{"name":"LICENSE","path":"LICENSE","sha":"7a4a3ea2424c09fbe48d455aed1eaa94d9124835"},{"name":"NOTICE","path":"NOTICE","sha":"9f6aed2a3cc04e4ef63c90448b2f0ac07378b270"},{"name":"README.md","path":"README.md","sha":"2f70405c336d19685c495170b103691ed604b300"},{"name":"_ci","children":[{"name":"publish-amis-in-new-account.md","path":"_ci/publish-amis-in-new-account.md","sha":"5b5daa55c3e36c1c4739471be92ccb53995f9783"},{"name":"publish-amis.sh","path":"_ci/publish-amis.sh","sha":"e575763ccd2158e49f3b5c53aad2b8f197992260"}]},{"name":"_docs","children":[{"name":"amazon-linux-ami-list.md","path":"_docs/amazon-linux-ami-list.md","sha":"fc523855ab81d4958d77179a64e3bb7d10782664"},{"name":"architecture.png","path":"_docs/architecture.png","sha":"539fece6e8a9fd7a56245e2b63e6640a1e0591ef"},{"name":"consul-ui-screenshot.png","path":"_docs/consul-ui-screenshot.png","sha":"622c7e70d3ab805b1bb8e27e474ff8243d4bc994"},{"name":"package-managers.md","path":"_docs/package-managers.md","sha":"f382b6997245e03adba61c02346519a70ee016d4"},{"name":"ubuntu16-ami-list.md","path":"_docs/ubuntu16-ami-list.md","sha":"706e3fd289f3aa1ddd4ef9c8555ab36d3b550ed9"}]},{"name":"examples","children":[{"name":"README.md","path":"examples/README.md","sha":"8eca7399ca356c90a307206147362bc35588179c"},{"name":"consul-ami","children":[{"name":"README.md","path":"examples/consul-ami/README.md","sha":"2b71fb3d7a4cd4176ece97a50a859e8106ebcd5a"},{"name":"consul.json","path":"examples/consul-ami/consul.json","sha":"cdfc5de67e013670d765c1ee3a3935e4cebac631"}]},{"name":"consul-examples-helper","children":[{"name":"README.md","path":"examples/consul-examples-helper/README.md","sha":"296f6878fd49edb27d6a6b62fa4119b6a407ba26"},{"name":"consul-examples-helper.sh","path":"examples/consul-examples-helper/consul-examples-helper.sh","sha":"fa9beba847bff2270703632a526ffbeb2070974c"}]},{"name":"example-with-custom-asg-role","children":[{"name":"README.md","path":"examples/example-with-custom-asg-role/README.md","sha":"fa1fbb9d7416fa96f13afb6b82664bbe1638ea3f"},{"name":"main.tf","path":"examples/example-with-custom-asg-role/main.tf","sha":"ed53539e6440f8b9a0b951c78b90270409daf07b"},{"name":"outputs.tf","path":"examples/example-with-custom-asg-role/outputs.tf","sha":"347e121901e654df4aaabe434af02c7ced60c051"},{"name":"user-data-client.sh","path":"examples/example-with-custom-asg-role/user-data-client.sh","sha":"fd0158b0287de6bf2a6956718c7aa802076fe489"},{"name":"user-data-server.sh","path":"examples/example-with-custom-asg-role/user-data-server.sh","sha":"c78ebc05584513fa04f44d44ef2b9d17c98e2ea6"},{"name":"variables.tf","path":"examples/example-with-custom-asg-role/variables.tf","sha":"a7f5025a21c9252bdb592a852bf485a426bc9347"}]},{"name":"example-with-encryption","children":[{"name":"README.md","path":"examples/example-with-encryption/README.md","sha":"0f2de7374cf63ee0b18cae4b960b85ec88403866"},{"name":"main.tf","path":"examples/example-with-encryption/main.tf","sha":"90b3095339a0ac6234c4165412534025ffe5e403"},{"name":"outputs.tf","path":"examples/example-with-encryption/outputs.tf","sha":"347e121901e654df4aaabe434af02c7ced60c051"},{"name":"packer","children":[{"name":"README.md","path":"examples/example-with-encryption/packer/README.md","sha":"b7b8ca11120c5f69565dab81eeeed659223538e9"},{"name":"ca.crt.pem","path":"examples/example-with-encryption/packer/ca.crt.pem","sha":"c41779f19be6d742d10be51d80c29aa5d41a660c"},{"name":"consul-with-certs.json","path":"examples/example-with-encryption/packer/consul-with-certs.json","sha":"fc2340056320869cd4ca98a10157e8d5ece038f7"},{"name":"consul.crt.pem","path":"examples/example-with-encryption/packer/consul.crt.pem","sha":"4a4ea11b89006f41fe2cb8b707d62463bb739184"},{"name":"consul.key.pem","path":"examples/example-with-encryption/packer/consul.key.pem","sha":"b7de428c63382b087007a236602797cc0a0a45f5"}]},{"name":"user-data-client.sh","path":"examples/example-with-encryption/user-data-client.sh","sha":"2ab3735d96777ce9324bc55f7be29c338ef0c1bb"},{"name":"user-data-server.sh","path":"examples/example-with-encryption/user-data-server.sh","sha":"5e97fc02da696b348ee26a2c1803bf7e3e018c79"},{"name":"variables.tf","path":"examples/example-with-encryption/variables.tf","sha":"2f741e848bd95f3d7798f4fd52021ddfdb30d3bd"}]},{"name":"root-example","children":[{"name":"README.md","path":"examples/root-example/README.md","sha":"6c562cb22c28cc5e35b5a21a94b66d6af9101081"},{"name":"user-data-client.sh","path":"examples/root-example/user-data-client.sh","sha":"fd0158b0287de6bf2a6956718c7aa802076fe489"},{"name":"user-data-server.sh","path":"examples/root-example/user-data-server.sh","sha":"c78ebc05584513fa04f44d44ef2b9d17c98e2ea6"}]}]},{"name":"main.tf","path":"main.tf","sha":"ce92b8206ed5e2be29d5e877235dca412bfdb47a"},{"name":"modules","children":[{"name":"README.md","path":"modules/README.md","sha":"8eca7399ca356c90a307206147362bc35588179c"},{"name":"consul-client-security-group-rules","children":[{"name":"README.md","path":"modules/consul-client-security-group-rules/README.md","sha":"777b679a73df3d5c96fb584176e91449c3a72615"},{"name":"main.tf","path":"modules/consul-client-security-group-rules/main.tf","sha":"a90c7a072a8d939094a0171f03520b22986a72d2"},{"name":"variables.tf","path":"modules/consul-client-security-group-rules/variables.tf","sha":"c9c25d00fdc683748570ba5e2ee718c9af8e6697"}]},{"name":"consul-cluster","children":[{"name":"README.md","path":"modules/consul-cluster/README.md","sha":"b9a3c55973ef27b0022f5eda05840f7cc65cea03"},{"name":"main.tf","path":"modules/consul-cluster/main.tf","sha":"139789c8b623fd4523b9eb3ab15a57b48246d1e4"},{"name":"outputs.tf","path":"modules/consul-cluster/outputs.tf","sha":"a980d658e1be410a013a7e7febcc38a49899ffdc"},{"name":"variables.tf","path":"modules/consul-cluster/variables.tf","sha":"762180c029cf615583e163eaf5f7e91b00dc67c3"}]},{"name":"consul-iam-policies","children":[{"name":"README.md","path":"modules/consul-iam-policies/README.md","sha":"7725295fbdbf3d2fe881796e63074e3215854f5f","toggled":true},{"name":"main.tf","path":"modules/consul-iam-policies/main.tf","sha":"815931541fb65a51755fd053e0e5f264eaf14111"},{"name":"variables.tf","path":"modules/consul-iam-policies/variables.tf","sha":"1bda7959f19ea4ab20108ec9fb8802036bfd22fd"}],"toggled":true},{"name":"consul-security-group-rules","children":[{"name":"README.md","path":"modules/consul-security-group-rules/README.md","sha":"315155181f5b42ff0fc6f16b86eaa930811366fe"},{"name":"main.tf","path":"modules/consul-security-group-rules/main.tf","sha":"2874ce4405e19fdb2d334911a2dc8098a8482b21"},{"name":"variables.tf","path":"modules/consul-security-group-rules/variables.tf","sha":"b9f5fe2bd11994d2d8eeb932db8650b43c47add1"}]},{"name":"install-consul","children":[{"name":"README.md","path":"modules/install-consul/README.md","sha":"1d451e16e08a4f6259cb3ee643e39d6171d5a4d9"},{"name":"install-consul","path":"modules/install-consul/install-consul","sha":"d1505e023bf0b9f4c779fa1f1b089879d6d864ba"}]},{"name":"install-dnsmasq","children":[{"name":"README.md","path":"modules/install-dnsmasq/README.md","sha":"80f0d44b7c7e916821ec8fd624d624f16eb2cb20"},{"name":"install-dnsmasq","path":"modules/install-dnsmasq/install-dnsmasq","sha":"b74b5307696bf4fbaa94192ba0e18ceccb0d947f"}]},{"name":"run-consul","children":[{"name":"README.md","path":"modules/run-consul/README.md","sha":"0b990a784db0354a8bd0401c8a64033765e01c05"},{"name":"run-consul","path":"modules/run-consul/run-consul","sha":"56c5054fe13c47a92fce0b8cfac4dcc510c52a34"}]},{"name":"setup-systemd-resolved","children":[{"name":"README.md","path":"modules/setup-systemd-resolved/README.md","sha":"92a5fb39c0eabefcfc84f20ebe7a994156774fc0"},{"name":"setup-systemd-resolved","path":"modules/setup-systemd-resolved/setup-systemd-resolved","sha":"d81c2bf0966dd1d1a1a97fc24c5862048b05b2cd"}]}],"toggled":true},{"name":"outputs.tf","path":"outputs.tf","sha":"347e121901e654df4aaabe434af02c7ced60c051"},{"name":"test","children":[{"name":"Gopkg.lock","path":"test/Gopkg.lock","sha":"880e78457fe502e2150412e5f511aaf0daa32d54"},{"name":"Gopkg.toml","path":"test/Gopkg.toml","sha":"9f0c0396c0addc41d8dcd195de8d9b4e63c81b18"},{"name":"README.md","path":"test/README.md","sha":"874818e6da7a9c0c9338edde0c27fa3f8a3b3d05"},{"name":"aws_helpers.go","path":"test/aws_helpers.go","sha":"867034abaf29d9c6e641daa9c4a51a8286ffb0ed"},{"name":"consul_cluster_test.go","path":"test/consul_cluster_test.go","sha":"179f09e027f87ee8b94debdd0a01a610708cc4b4"},{"name":"consul_cluster_with_custom_asg_role_test.go","path":"test/consul_cluster_with_custom_asg_role_test.go","sha":"96595f03771d0bb27d07ac9739284a9190be3530"},{"name":"consul_cluster_with_encryption_test.go","path":"test/consul_cluster_with_encryption_test.go","sha":"2149dd3a2eb3a0fbab52b17db8d0c18970df5d72"},{"name":"consul_enterprise_test.go","path":"test/consul_enterprise_test.go","sha":"6632f0529b899a314093b489335233108af86d21"},{"name":"consul_helpers.go","path":"test/consul_helpers.go","sha":"6c3cf0f8615f34d032114161d1fb0f580e930c9f"},{"name":"terratest_helpers.go","path":"test/terratest_helpers.go","sha":"cfe73dfea67dc40877e7df715c73dda501e614fd"}]},{"name":"variables.tf","path":"variables.tf","sha":"a2ab5424fac8bd42c8e48a9073ec2e1a403d5db3"}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"consul-iam-policies\">Consul IAM Policies</h1><div class=\"preview__body--border\"></div><p>This folder contains a <a href=\"https://www.terraform.io/\" class=\"preview__body--description--blue\" target=\"_blank\">Terraform</a> module that defines the IAM Policies used by a\n<a href=\"https://www.consul.io/\" class=\"preview__body--description--blue\" target=\"_blank\">Consul</a> cluster.</p>\n<p>Normally, you'd get these policies by default if you're using the <a href=\"/repos/v0.7.11/terraform-aws-consul/modules/consul-cluster\" class=\"preview__body--description--blue\">consul-cluster submodule</a>,\nbut if you're running Consul on top of a different cluster (e.g. you're co-locating Consul with Nomad), then you can\nuse this module to add the necessary IAM policies to that that cluster. For example, imagine you were using the\n<a href=\"/repos/terraform-aws-nomad/modules/nomad-cluster\" class=\"preview__body--description--blue\">nomad-cluster module</a> to run a\ncluster of servers that have both Nomad and Consul on each node:</p>\n<pre><span class=\"hljs-keyword\">module</span> <span class=\"hljs-string\">\"nomad_servers\"</span> {\n source = <span class=\"hljs-string\">\"git::git@github.com:hashicorp/terraform-aws-nomad.git//modules/nomad-cluster?ref=v0.0.1\"</span>\n \n <span class=\"hljs-comment\"># This AMI has both Nomad and Consul installed</span>\n ami_id = <span class=\"hljs-string\">\"ami-1234abcd\"</span>\n}\n</pre>\n<p>The <code>nomad-cluster</code> module will provide the IAM policies for Nomad, but not for Consul. To ensure those servers\nhave the necessary IAM permissions to run Consul, you can use this module as follows:</p>\n<pre><span class=\"hljs-keyword\">module</span> <span class=\"hljs-string\">\"iam_policies\"</span> {\n source = <span class=\"hljs-string\">\"git::git@github.com:hashicorp/terraform-aws-consul.git//modules/consul-iam-policies?ref=v0.0.2\"</span>\n\n iam_role_id = <span class=\"hljs-string\">\"<span class=\"hljs-variable\">${module.nomad_servers.iam_role_id}</span>\"</span>\n \n <span class=\"hljs-comment\"># ... (other params omitted) ...</span>\n}\n</pre>\n<p>Note the following parameters:</p>\n<ul>\n<li>\n<p><code>source</code>: Use this parameter to specify the URL of this module. The double slash (<code>//</code>) is intentional\nand required. Terraform uses it to specify subfolders within a Git repo (see <a href=\"https://www.terraform.io/docs/modules/sources.html\" class=\"preview__body--description--blue\" target=\"_blank\">module\nsources</a>). The <code>ref</code> parameter specifies a specific Git tag in\nthis repo. That way, instead of using the latest version of this module from the <code>master</code> branch, which\nwill change every time you run Terraform, you're using a fixed version of the repo.</p>\n</li>\n<li>\n<p><code>iam_role_id</code>: Use this parameter to specify the ID of the IAM Role to which the rules in this module\nshould be added.</p>\n</li>\n</ul>\n<p>You can find the other parameters in <a href=\"/repos/v0.7.11/terraform-aws-consul/modules/consul-iam-policies/variables.tf\" class=\"preview__body--description--blue\">variables.tf</a>.</p>\n<p>Check out the <a href=\"/repos/v0.7.11/terraform-aws-consul/examples/root-example\" class=\"preview__body--description--blue\">consul-cluster example</a> for working sample code.</p>\n","repoName":"terraform-aws-consul","repoRef":"v0.7.4","serviceDescriptor":{"serviceName":"HashiCorp Consul","serviceRepoName":"terraform-aws-consul","serviceRepoOrg":"hashicorp","cloudProviders":["aws"],"description":"Deploy a Consul cluster. Supports automatic bootstrapping, DNS, Consul UI, and auto healing.","imageUrl":"consul.png","licenseType":"open-source","technologies":["Terraform","Bash"],"compliance":[],"tags":[""]},"serviceCategoryName":"Service Mesh","fileName":"README.md","filePath":"/modules/consul-iam-policies","title":"Repo Browser: HashiCorp Consul","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}