Configure your AWS credentials using one of the options supported by the AWS
SDK. Usually, the easiest option is to
set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables.
Use the private-tls-cert module to generate a CA cert and public and private keys for a
TLS cert:
Set the dns_names parameter to vault.service.consul. If you're using the root
example and want a public domain name (e.g. vault.example.com), add that
domain name here too.
Set the ip_addresses to 127.0.0.1.
For production usage, you should take care to protect the private key by encrypting it (see Using TLS
certs for more info).
Update the variables section of the vault-consul.json Packer template to specify the AWS region, Vault
version, Consul version, and the paths to the TLS cert files you just generated. If you want to install Consul Enterprise or Vault Enterprise,
skip the version variables and instead set the consul_download_url and vault_download_url to the full urls that point to the respective
enterprise zipped packages.
Run packer build vault-consul.json.
When the build finishes, it will output the IDs of the new AMIs. To see how to deploy one of these AMIs, check out the
vault-cluster-private and the root example
examples.
NOTE: This packer template will build two versions of the AMI - an Ubuntu version and Amazon Linux 2 version. You
can restrict packer to only build one of them by using the only CLI arg. For example, to only build the Amazon Linux 2
AMI, run packer build -only amazon-linux-2-ami vault-consul.json. You can use the parameter ubuntu16-ami for the
ubuntu AMI.
Creating your own Packer template for production usage
When creating your own Packer template for production usage, you can copy the example in this folder more or less
exactly, except for one change: we recommend replacing the file provisioner with a call to git clone in the shell
provisioner. Instead of:
You should replace <MODULE_VERSION> in the code above with the version of this module that you want to use (see
the Releases Page for all available versions). That's because for production usage, you should always
use a fixed, known version of this Module, downloaded from the official Git repo. On the other hand, when you're
just experimenting with the Module, it's OK to use a local checkout of the Module, uploaded from your own
computer.
Questions? Ask away.
We're here to talk about our services, answer any questions, give advice, or just to chat.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"0bb5646ebd82744f75208b42efc63cfd43474852"}]},{"name":".gitignore","path":".gitignore","sha":"6c4ebe4426586b7febbaba178294ef59b8272c05"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"4be01a6334d39aa5bf6abe6baae701f5e2a8c5ac"},{"name":"CONTRIBUTING.md","path":"CONTRIBUTING.md","sha":"ea1ca5c8d6ff2d0d62880ee0ea80ef86e0b87dad"},{"name":"LICENSE","path":"LICENSE","sha":"7a4a3ea2424c09fbe48d455aed1eaa94d9124835"},{"name":"NOTICE","path":"NOTICE","sha":"2288082e33ae18a610f6a7747180f7e05e47a001"},{"name":"README.md","path":"README.md","sha":"1a2de50f26400eda43c1067fccf4aa49b3db8dfe"},{"name":"_ci","children":[{"name":"publish-amis-in-new-account.md","path":"_ci/publish-amis-in-new-account.md","sha":"3182a0a90775f7bb9622c037196ac2a1f15e455d"},{"name":"publish-amis.sh","path":"_ci/publish-amis.sh","sha":"3d4a46a02f26d45a5fc27cce07cd3db7bc140399"}]},{"name":"_docs","children":[{"name":"amazon-linux-ami-list.md","path":"_docs/amazon-linux-ami-list.md","sha":"be9f50c689839b099d0222711ec13a86108660f0"},{"name":"architecture-elb.png","path":"_docs/architecture-elb.png","sha":"9e02e4f53afdd2929ec4fc4246ae5e47bd49f295"},{"name":"architecture-with-s3.png","path":"_docs/architecture-with-s3.png","sha":"8a91ef2d06665e40fe82a8ccf7ae4281f338fd50"},{"name":"architecture.png","path":"_docs/architecture.png","sha":"a9f6098b37b1aaafe8c744b154208efc3e642881"},{"name":"ubuntu16-ami-list.md","path":"_docs/ubuntu16-ami-list.md","sha":"60caafe1f2b90046e819f373ed22c0df47043f03"}]},{"name":"examples","children":[{"name":"root-example","children":[{"name":"README.md","path":"examples/root-example/README.md","sha":"4d73916c181c9c4157905162d4ed66d2d7427342"},{"name":"user-data-consul.sh","path":"examples/root-example/user-data-consul.sh","sha":"5043e6904cab4564ed0c7f8337599a884f96a194"},{"name":"user-data-vault.sh","path":"examples/root-example/user-data-vault.sh","sha":"26fad57bb49a78e4e2a4b7ce52427efb27e87ced"}]},{"name":"vault-agent","children":[{"name":"README.md","path":"examples/vault-agent/README.md","sha":"0a80c92a455171b6af0e1774a1e67adee32579d6"},{"name":"main.tf","path":"examples/vault-agent/main.tf","sha":"1411aff0b44e6554a96d0481d0ffa31a1b4a27ea"},{"name":"outputs.tf","path":"examples/vault-agent/outputs.tf","sha":"16bb9676e7fa2ec2bb5148c5ca5763d7c01db837"},{"name":"user-data-auth-client.sh","path":"examples/vault-agent/user-data-auth-client.sh","sha":"9ff5ebc6c45f791f9357a71a7f3415f1e333b61e"},{"name":"user-data-consul.sh","path":"examples/vault-agent/user-data-consul.sh","sha":"0c96497e38b05e5b5a54277c95ae129827a3daa2"},{"name":"user-data-vault.sh","path":"examples/vault-agent/user-data-vault.sh","sha":"49983b4b543bd7d28c2adde81629d4a3867ffe13"},{"name":"variables.tf","path":"examples/vault-agent/variables.tf","sha":"9abf58af8a0dc24bd445a1b779f07fcf48a05a0e"}]},{"name":"vault-auto-unseal","children":[{"name":"README.md","path":"examples/vault-auto-unseal/README.md","sha":"770b559d99f84ce103f01fddcdc10c1fef58d482"},{"name":"main.tf","path":"examples/vault-auto-unseal/main.tf","sha":"56169fcd17ecacb9dd028c7f9e8a1e880a9badd6"},{"name":"outputs.tf","path":"examples/vault-auto-unseal/outputs.tf","sha":"9e7ebd3be30c61662e8647cfecfec210de53e6d2"},{"name":"user-data-consul.sh","path":"examples/vault-auto-unseal/user-data-consul.sh","sha":"0c96497e38b05e5b5a54277c95ae129827a3daa2"},{"name":"user-data-vault.sh","path":"examples/vault-auto-unseal/user-data-vault.sh","sha":"1d9533ea3ba6f9b89242ce503e8b7ea1e59579ba"},{"name":"variables.tf","path":"examples/vault-auto-unseal/variables.tf","sha":"03847da844d2c5a5c24a27872324da11249d11de"}]},{"name":"vault-cluster-private","children":[{"name":"README.md","path":"examples/vault-cluster-private/README.md","sha":"9467091dc2b6475148cecf2d9c84ed387d78d4a8"},{"name":"main.tf","path":"examples/vault-cluster-private/main.tf","sha":"8d799c376e723c81a781fee11a5ca279fc6aeac4"},{"name":"outputs.tf","path":"examples/vault-cluster-private/outputs.tf","sha":"9e7ebd3be30c61662e8647cfecfec210de53e6d2"},{"name":"user-data-consul.sh","path":"examples/vault-cluster-private/user-data-consul.sh","sha":"5043e6904cab4564ed0c7f8337599a884f96a194"},{"name":"user-data-vault.sh","path":"examples/vault-cluster-private/user-data-vault.sh","sha":"ef32d804ab9f1807730bae1551fc3fd3fff6da95"},{"name":"variables.tf","path":"examples/vault-cluster-private/variables.tf","sha":"3e919aff20454c6ef004986d3f28b7f65c5d9379"}]},{"name":"vault-consul-ami","children":[{"name":"README.md","path":"examples/vault-consul-ami/README.md","sha":"97b6eeaf3f45cb12b227eb47059042630ec342a4","toggled":true},{"name":"auth","children":[{"name":"sign-request.py","path":"examples/vault-consul-ami/auth/sign-request.py","sha":"cba97708676a0d3aa8068ee1b5ecb3bf8d14067f"}]},{"name":"tls","children":[{"name":"README.md","path":"examples/vault-consul-ami/tls/README.md","sha":"92f88219562304b995bd78889a24047bdde336af"},{"name":"ca.crt.pem","path":"examples/vault-consul-ami/tls/ca.crt.pem","sha":"9bf1a62b0649d1ab5c0b16710166c146a1fd1fa3"},{"name":"vault.crt.pem","path":"examples/vault-consul-ami/tls/vault.crt.pem","sha":"e642f0b108bfdebe56331111ce9ce75f8ff42f52"},{"name":"vault.key.pem","path":"examples/vault-consul-ami/tls/vault.key.pem","sha":"0103aa55a5a68ffc002c7c9c14a292adbd97fd2d"}]},{"name":"vault-consul.json","path":"examples/vault-consul-ami/vault-consul.json","sha":"4ca1f5c3c396ab201c5521c6d9efd18fa02faca8"}],"toggled":true},{"name":"vault-dynamodb-backend","children":[{"name":"README.md","path":"examples/vault-dynamodb-backend/README.md","sha":"2249ed2b41e02d06f44df46da19bb344c2f3f912"},{"name":"dynamodb","children":[{"name":"main.tf","path":"examples/vault-dynamodb-backend/dynamodb/main.tf","sha":"7405fba8bd36bc376fe09282d1b2741411c5ed5f"},{"name":"variables.tf","path":"examples/vault-dynamodb-backend/dynamodb/variables.tf","sha":"c48d524ca416c19f4d96a7b860342c07252a8587"}]},{"name":"main.tf","path":"examples/vault-dynamodb-backend/main.tf","sha":"1452cad776f0355c73496d9cbb5cbc79d3bcbf6a"},{"name":"outputs.tf","path":"examples/vault-dynamodb-backend/outputs.tf","sha":"f57334a298c9a9f4eb0c3aaae70619cda73ccbb9"},{"name":"user-data-vault.sh","path":"examples/vault-dynamodb-backend/user-data-vault.sh","sha":"6ff712c8839ce577cb8229df9a6e17685da2820f"},{"name":"variables.tf","path":"examples/vault-dynamodb-backend/variables.tf","sha":"928f9b9e96dda6aa85429d27ab6badb87bfd5314"}]},{"name":"vault-ec2-auth","children":[{"name":"README.md","path":"examples/vault-ec2-auth/README.md","sha":"29af1121fa99b3903b09447c79e127daecb30bfb"},{"name":"images","children":[{"name":"ec2-auth.png","path":"examples/vault-ec2-auth/images/ec2-auth.png","sha":"a98fb916ed6a32204efbc525cac59c0d570d619d"}]},{"name":"main.tf","path":"examples/vault-ec2-auth/main.tf","sha":"5417c9d851c4b9ad99033205e615aff8c9b59cf1"},{"name":"outputs.tf","path":"examples/vault-ec2-auth/outputs.tf","sha":"8694fbce70e13690b8bca4bab50d2570dcd7bdd9"},{"name":"user-data-auth-client.sh","path":"examples/vault-ec2-auth/user-data-auth-client.sh","sha":"e049ec6dca2d35d6fde5badec4e48ecafe8bfc38"},{"name":"user-data-consul.sh","path":"examples/vault-ec2-auth/user-data-consul.sh","sha":"0c96497e38b05e5b5a54277c95ae129827a3daa2"},{"name":"user-data-vault.sh","path":"examples/vault-ec2-auth/user-data-vault.sh","sha":"dd8a73e43e9a4c42e4687ad4cc3c84a543ce548a"},{"name":"variables.tf","path":"examples/vault-ec2-auth/variables.tf","sha":"f04b84eac1668fa2ca3b92d50b27ca6139fde834"}]},{"name":"vault-examples-helper","children":[{"name":"README.md","path":"examples/vault-examples-helper/README.md","sha":"a28a95258bee372025e4282daf60a20d1bf96bdb"},{"name":"vault-examples-helper.sh","path":"examples/vault-examples-helper/vault-examples-helper.sh","sha":"ebe3d8b9bb599384add9a7c635b397529b10fde5"}]},{"name":"vault-iam-auth","children":[{"name":"README.md","path":"examples/vault-iam-auth/README.md","sha":"7557e5abb41341b82464a36eebd0e759d857625d"},{"name":"images","children":[{"name":"iam-auth.png","path":"examples/vault-iam-auth/images/iam-auth.png","sha":"095dcd0060f6cd1f5dad3be9d5ec83dcbba8316f"}]},{"name":"main.tf","path":"examples/vault-iam-auth/main.tf","sha":"6e1034d29495a9b8895e79f5cf716689782a51cc"},{"name":"outputs.tf","path":"examples/vault-iam-auth/outputs.tf","sha":"16bb9676e7fa2ec2bb5148c5ca5763d7c01db837"},{"name":"user-data-auth-client.sh","path":"examples/vault-iam-auth/user-data-auth-client.sh","sha":"4122511229818b6ddf8fe03fd2c314f8a1521ee2"},{"name":"user-data-consul.sh","path":"examples/vault-iam-auth/user-data-consul.sh","sha":"0c96497e38b05e5b5a54277c95ae129827a3daa2"},{"name":"user-data-vault.sh","path":"examples/vault-iam-auth/user-data-vault.sh","sha":"1f32c36dc968467fc59b44f624638e1437703fb9"},{"name":"variables.tf","path":"examples/vault-iam-auth/variables.tf","sha":"9abf58af8a0dc24bd445a1b779f07fcf48a05a0e"}]},{"name":"vault-s3-backend","children":[{"name":"README.md","path":"examples/vault-s3-backend/README.md","sha":"e37fbaec6982c87a87a16d3499db3c17f85dbbfd"},{"name":"main.tf","path":"examples/vault-s3-backend/main.tf","sha":"64617b4235bca44d381e7007a29d39a02e0edd03"},{"name":"outputs.tf","path":"examples/vault-s3-backend/outputs.tf","sha":"e1af7046390871d4e63797089c39aebab5d9ac26"},{"name":"user-data-consul.sh","path":"examples/vault-s3-backend/user-data-consul.sh","sha":"5043e6904cab4564ed0c7f8337599a884f96a194"},{"name":"user-data-vault.sh","path":"examples/vault-s3-backend/user-data-vault.sh","sha":"cfc21ee0525b0cee2753e1823b8656bf504a910a"},{"name":"variables.tf","path":"examples/vault-s3-backend/variables.tf","sha":"f526eaaa0c65aa5f8be3d4dbde0dd453781d4461"}]}],"toggled":true},{"name":"main.tf","path":"main.tf","sha":"3e2db19f150bfb9ae8b8d1b33ce9e20d3b076dde"},{"name":"modules","children":[{"name":"install-vault","children":[{"name":"README.md","path":"modules/install-vault/README.md","sha":"6bb7538adb7dd8f8527690d96fc06d701cd79462"},{"name":"install-vault","path":"modules/install-vault/install-vault","sha":"e1564049029f50af3507fb2e57dc188c607cb1aa"}]},{"name":"private-tls-cert","children":[{"name":"README.md","path":"modules/private-tls-cert/README.md","sha":"42f2d131477fae97cdfaeef893b3c916f2f7f209"},{"name":"main.tf","path":"modules/private-tls-cert/main.tf","sha":"f906b61efe2b5356bcf759dc60c47a89cf853894"},{"name":"outputs.tf","path":"modules/private-tls-cert/outputs.tf","sha":"078afd869917866e91d2beab7f91fa0d14af524e"},{"name":"variables.tf","path":"modules/private-tls-cert/variables.tf","sha":"57720d8462ddd0a472082d76f1605ea32c443612"}]},{"name":"run-vault","children":[{"name":"README.md","path":"modules/run-vault/README.md","sha":"b2f1e1e074ffd65b4c715675bd59657c6eac6992"},{"name":"run-vault","path":"modules/run-vault/run-vault","sha":"c7982409275a9e0da41379a8eb725cbda9f932d7"}]},{"name":"update-certificate-store","children":[{"name":"README.md","path":"modules/update-certificate-store/README.md","sha":"1348a7aba71475b5a17d31f3f8d66663f656e672"},{"name":"update-certificate-store","path":"modules/update-certificate-store/update-certificate-store","sha":"e07d9a1d997843d62033ee019121895c91e29447"}]},{"name":"vault-cluster","children":[{"name":"README.md","path":"modules/vault-cluster/README.md","sha":"7b4c4ee5f59dc3a216154c4402acd70b96d6585f"},{"name":"main.tf","path":"modules/vault-cluster/main.tf","sha":"6838267cceea00aef7446fd41e6aef5c6b123c61"},{"name":"outputs.tf","path":"modules/vault-cluster/outputs.tf","sha":"ab03f0accf81c6722c79656844acd1fd39b41e87"},{"name":"variables.tf","path":"modules/vault-cluster/variables.tf","sha":"1349a6c59de0d996ac0e39c1f56d0b611bda3bec"}]},{"name":"vault-elb","children":[{"name":"README.md","path":"modules/vault-elb/README.md","sha":"9dc6564baaaaa8176f650e3c548b8c8066631b6f"},{"name":"main.tf","path":"modules/vault-elb/main.tf","sha":"0f85aea4f41332461dadcda41e767f983d53ad66"},{"name":"outputs.tf","path":"modules/vault-elb/outputs.tf","sha":"024b1c73b457ed1c9256b39fc3ee283b39ed6544"},{"name":"variables.tf","path":"modules/vault-elb/variables.tf","sha":"f6ec2cedeb90b046d4caf020482f0169f872f17d"}]},{"name":"vault-security-group-rules","children":[{"name":"README.md","path":"modules/vault-security-group-rules/README.md","sha":"48df12587b14b7a0d93333b6c12c19dc7082d8b0"},{"name":"main.tf","path":"modules/vault-security-group-rules/main.tf","sha":"c42c6e6d296dd17c021b134bb2f4c5774cf0079c"},{"name":"variables.tf","path":"modules/vault-security-group-rules/variables.tf","sha":"2e18f3fef1b2ff2b3a32f62a49085480ed61763e"}]}]},{"name":"outputs.tf","path":"outputs.tf","sha":"9d46ba8bb2ee80bf8bb1ba3ac5b7660280be3e1c"},{"name":"test","children":[{"name":"Gopkg.lock","path":"test/Gopkg.lock","sha":"568bc5956806e4aed616ba1416be9f34c6297153"},{"name":"Gopkg.toml","path":"test/Gopkg.toml","sha":"0b963bee63cabb891409e7bc306361206047d368"},{"name":"README.md","path":"test/README.md","sha":"dd3f97e937dd02cdd9142d0c25006bd6367e7fef"},{"name":"aws_helpers.go","path":"test/aws_helpers.go","sha":"f686b13f45c0deafbec5215d251c8936e30de421"},{"name":"terratest_helpers.go","path":"test/terratest_helpers.go","sha":"61cb21eeaa80d5c93a2eb1d61964991b6710a770"},{"name":"tls_helpers.go","path":"test/tls_helpers.go","sha":"9b95b015104a0c7a684f6f3af999407218121619"},{"name":"vault_cluster_auth_test.go","path":"test/vault_cluster_auth_test.go","sha":"4b86c87dd000d816af3cff34df6be83370167fe3"},{"name":"vault_cluster_autounseal_test.go","path":"test/vault_cluster_autounseal_test.go","sha":"c6a32ad54851789044b616c537770a9bd25d3e7e"},{"name":"vault_cluster_dynamodb_backend_test.go","path":"test/vault_cluster_dynamodb_backend_test.go","sha":"c2914c1ba3e7d6beda8db1c0a2b73d526b7c6155"},{"name":"vault_cluster_enterprise_test.go","path":"test/vault_cluster_enterprise_test.go","sha":"4e4aad4f69b04bf7e5233e61fd7efc107e166df0"},{"name":"vault_cluster_private_test.go","path":"test/vault_cluster_private_test.go","sha":"f115b3363e92f26f79e94e56e6551484ed74f455"},{"name":"vault_cluster_public_test.go","path":"test/vault_cluster_public_test.go","sha":"54f9497b60bb84b8383c8785ff11394abd665ba4"},{"name":"vault_cluster_s3_backend_test.go","path":"test/vault_cluster_s3_backend_test.go","sha":"4d9405cc0db461ecf249e6f4ba4098ca94066c26"},{"name":"vault_helpers.go","path":"test/vault_helpers.go","sha":"cc11523a11ece01c15173e4ae0d022cc7977751c"},{"name":"vault_main_test.go","path":"test/vault_main_test.go","sha":"9a924f09cc2959216535c3de4800535bafaffe3d"}]},{"name":"variables.tf","path":"variables.tf","sha":"c1e78c623452213f943f69d3a1fac13b3bc3d3d9"}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"vault-and-consul-ami\">Vault and Consul AMI</h1><div class=\"preview__body--border\"></div><p>This folder shows an example of how to use the <a href=\"/repos/v0.13.3/terraform-aws-vault/modules/install-vault\" class=\"preview__body--description--blue\">install-vault module</a> from this Module and\nthe <a href=\"/repos/terraform-aws-consul/modules/install-consul\" class=\"preview__body--description--blue\">install-consul</a>\nand <a href=\"/repos/terraform-aws-consul/modules/install-dnsmasq\" class=\"preview__body--description--blue\">install-dnsmasq</a> or the\n<a href=\"/repos/terraform-aws-consul/modules/setup-systemd-resolved\" class=\"preview__body--description--blue\">setup-systemd-resolved</a>\nmodules from the Consul AWS Module with <a href=\"https://www.packer.io/\" class=\"preview__body--description--blue\" target=\"_blank\">Packer</a> to create <a href=\"http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html\" class=\"preview__body--description--blue\" target=\"_blank\">Amazon Machine Images\n(AMIs)</a> that have Vault and Consul installed on top of:</p>\n<ol>\n<li>Ubuntu 18.04</li>\n<li>Ubuntu 16.04</li>\n<li>Amazon Linux 2</li>\n</ol>\n<p>You can use this AMI to deploy a <a href=\"https://www.vaultproject.io/\" class=\"preview__body--description--blue\" target=\"_blank\">Vault cluster</a> by using the <a href=\"/repos/v0.13.3/terraform-aws-vault/modules/vault-cluster\" class=\"preview__body--description--blue\">vault-cluster\nmodule</a>. This Vault cluster will use Consul as its storage backend, so you can also use the\nsame AMI to deploy a separate <a href=\"https://www.consul.io/\" class=\"preview__body--description--blue\" target=\"_blank\">Consul server cluster</a> by using the <a href=\"/repos/terraform-aws-consul/modules/consul-cluster\" class=\"preview__body--description--blue\">consul-cluster\nmodule</a>.</p>\n<p>Check out the <a href=\"/repos/v0.13.3/terraform-aws-vault/examples/vault-cluster-private\" class=\"preview__body--description--blue\">vault-cluster-private</a> and\n<a href=\"/repos/v0.13.3/terraform-aws-vault/examples/root-example\" class=\"preview__body--description--blue\">the root example</a> examples for working sample code. For more info on Vault\ninstallation and configuration, check out the <a href=\"/repos/v0.13.3/terraform-aws-vault/modules/install-vault\" class=\"preview__body--description--blue\">install-vault</a> documentation.</p>\n<h2 class=\"preview__body--subtitle\" id=\"quick-start\">Quick start</h2>\n<p>To build the Vault and Consul AMI:</p>\n<ol>\n<li>\n<p><code>git clone</code> this repo to your computer.</p>\n</li>\n<li>\n<p>Install <a href=\"https://www.packer.io/\" class=\"preview__body--description--blue\" target=\"_blank\">Packer</a>.</p>\n</li>\n<li>\n<p>Configure your AWS credentials using one of the <a href=\"http://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html\" class=\"preview__body--description--blue\" target=\"_blank\">options supported by the AWS\nSDK</a>. Usually, the easiest option is to\nset the <code>AWS_ACCESS_KEY_ID</code> and <code>AWS_SECRET_ACCESS_KEY</code> environment variables.</p>\n</li>\n<li>\n<p>Use the <a href=\"/repos/v0.13.3/terraform-aws-vault/modules/private-tls-cert\" class=\"preview__body--description--blue\">private-tls-cert module</a> to generate a CA cert and public and private keys for a\nTLS cert:</p>\n<ol>\n<li>Set the <code>dns_names</code> parameter to <code>vault.service.consul</code>. If you're using the <a href=\"/repos/v0.13.3/terraform-aws-vault/examples/root-example\" class=\"preview__body--description--blue\">root\nexample</a> and want a public domain name (e.g. <code>vault.example.com</code>), add that\ndomain name here too.</li>\n<li>Set the <code>ip_addresses</code> to <code>127.0.0.1</code>.</li>\n<li>For production usage, you should take care to protect the private key by encrypting it (see <a href=\"/repos/v0.13.3/terraform-aws-vault/modules/private-tls-cert#using-tls-certs\" class=\"preview__body--description--blue\">Using TLS\ncerts</a> for more info).</li>\n</ol>\n</li>\n<li>\n<p>Update the <code>variables</code> section of the <code>vault-consul.json</code> Packer template to specify the AWS region, Vault\nversion, Consul version, and the paths to the TLS cert files you just generated. If you want to install Consul Enterprise or Vault Enterprise,\nskip the version variables and instead set the <code>consul_download_url</code> and <code>vault_download_url</code> to the full urls that point to the respective\nenterprise zipped packages.</p>\n</li>\n<li>\n<p>Run <code>packer build vault-consul.json</code>.</p>\n</li>\n</ol>\n<p>When the build finishes, it will output the IDs of the new AMIs. To see how to deploy one of these AMIs, check out the\n<a href=\"/repos/v0.13.3/terraform-aws-vault/examples/vault-cluster-private\" class=\"preview__body--description--blue\">vault-cluster-private</a> and <a href=\"/repos/v0.13.3/terraform-aws-vault/examples/root-example\" class=\"preview__body--description--blue\">the root example</a>\nexamples.</p>\n<p><strong>NOTE</strong>: This packer template will build two versions of the AMI - an Ubuntu version and Amazon Linux 2 version. You\ncan restrict packer to only build one of them by using the <code>only</code> CLI arg. For example, to only build the Amazon Linux 2\nAMI, run <code>packer build -only amazon-linux-2-ami vault-consul.json</code>. You can use the parameter <code>ubuntu16-ami</code> for the\nubuntu AMI.</p>\n<h2 class=\"preview__body--subtitle\" id=\"creating-your-own-packer-template-for-production-usage\">Creating your own Packer template for production usage</h2>\n<p>When creating your own Packer template for production usage, you can copy the example in this folder more or less\nexactly, except for one change: we recommend replacing the <code>file</code> provisioner with a call to <code>git clone</code> in the <code>shell</code>\nprovisioner. Instead of:</p>\n<pre>{\n <span class=\"hljs-attr\">\"provisioners\"</span>: [{\n <span class=\"hljs-attr\">\"type\"</span>: <span class=\"hljs-string\">\"file\"</span>,\n <span class=\"hljs-attr\">\"source\"</span>: <span class=\"hljs-string\">\"{{template_dir}}/../../../terraform-aws-vault\"</span>,\n <span class=\"hljs-attr\">\"destination\"</span>: <span class=\"hljs-string\">\"/tmp\"</span>\n },{\n <span class=\"hljs-attr\">\"type\"</span>: <span class=\"hljs-string\">\"shell\"</span>,\n <span class=\"hljs-attr\">\"inline\"</span>: [\n <span class=\"hljs-string\">\"/tmp/terraform-aws-vault/modules/install-vault/install-vault --version {{user `vault_version`}}\"</span>\n ],\n <span class=\"hljs-attr\">\"pause_before\"</span>: <span class=\"hljs-string\">\"30s\"</span>\n }]\n}\n</pre>\n<p>Your code should look more like this:</p>\n<pre>{\n <span class=\"hljs-attr\">\"provisioners\"</span>: [{\n <span class=\"hljs-attr\">\"type\"</span>: <span class=\"hljs-string\">\"shell\"</span>,\n <span class=\"hljs-attr\">\"inline\"</span>: [\n <span class=\"hljs-string\">\"git clone --branch <MODULE_VERSION> https://github.com/hashicorp/terraform-aws-vault.git /tmp/terraform-aws-vault\"</span>,\n <span class=\"hljs-string\">\"/tmp/terraform-aws-vault/modules/install-vault/install-vault --version {{user `vault_version`}}\"</span>\n ],\n <span class=\"hljs-attr\">\"pause_before\"</span>: <span class=\"hljs-string\">\"30s\"</span>\n }]\n}\n</pre>\n<p>You should replace <code><MODULE_VERSION></code> in the code above with the version of this module that you want to use (see\nthe <a href=\"#open_modal\" class=\"preview__body--description--blue\">Releases Page</a> for all available versions). That's because for production usage, you should always\nuse a fixed, known version of this Module, downloaded from the official Git repo. On the other hand, when you're\njust experimenting with the Module, it's OK to use a local checkout of the Module, uploaded from your own\ncomputer.</p>\n","repoName":"terraform-aws-vault","repoRef":"v0.13.8","serviceDescriptor":{"serviceName":"HashiCorp Vault","serviceRepoName":"terraform-aws-vault","serviceRepoOrg":"hashicorp","cloudProviders":["aws"],"description":"Deploy a Vault cluster. Supports automatic bootstrapping, Consul and S3 backends, self-signed TLS certificates, and auto healing.","imageUrl":"vault.png","licenseType":"open-source","technologies":["Terraform","Bash"],"compliance":[],"tags":[""]},"serviceCategoryName":"Secrets management","fileName":"README.md","filePath":"/examples/vault-consul-ami","title":"Repo Browser: HashiCorp Vault","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}