vault-dynamodb

giuliocalzolari/vault-dynamodb/aws

Terraform Module HCL AWS

Terraform module to boot a Hashicorp Vault using AWS DynamoDB backend with additional services

Install

module "vault-dynamodb" {

source = "giuliocalzolari/vault-dynamodb/aws"

version = "1.0.1"

}

plain text: /constructs/tfmod-giuliocalzolari-vault-dynamodb-aws/install.txt

⭐ Source on GitHub 📦 Registry page

README

Vaul + Consul all in ONE Overview Hashicorp Vault is becoming one of the most popular tools for secret management, every company to improve their security but sometimes setting a Vault it requires some time and deep understanding on how to configure it. To make it easy the journey to AWS Cloud and increase the level of security of all application I've decided to create an out-of-the-box solution to configure the AWS infrastructure and setting up Vault in one click. Diagram The solution - AWS Autoscaling group with Userdata to install Vault and AWS Cloudwatch Agent. - Vault with AWSKMS Auto-Unseal - AWS DynamoDB as backend - basic Vault Provisioning - Export of Vault sensitive parameters in AWS Paramaters Store - Using AWS ARM instance with a1.medium as default to save cost Terraform Versio

Inputs (27)

Name	Type	Description	Default
aws_region	string	AWS region to launch servers.	required
extra_tags	map(string)	Additional Tag to add	required
key_name	string	EC2 key pair name	required
vpc_id	string	VPC Id	required
suffix	string	Suffix to add on all resources	`""`
health_check_type	string	ASG health_check_type	`"EC2"`
admin_cidr_blocks	list(string)	Admin CIDR Block to access SSH and internal Application ports	`[]`
arch	string	EC2 Architecture arm64/x86_64 (arm64 is suggested)	`"arm64"`
size	string	ASG Size	`"2"`
internal	bool	ALB internal/public flag	`false`
lb_subnets	list(string)	ALB Subnets	`[]`
termination_policies	list(string)	ASG Termination Policy	`[ "Default" ]`
actions_alarm	list(string)	A list of actions to take when alarms are triggered. Will likely be an SNS topic	`[]`
default_cooldown	string	ASG cooldown time	`"30"`
environment	string	Environment Name (e.g. dev, test, uat, prod, etc..)	`"dev"`
vault_version	string	Vault version to install	`"1.6.1"`
ec2_subnets	list(string)	ASG Subnets	`[]`
zone_name	string	Public Route53 Zone name for DNS and ACM validation	`""`
kms_key_id	string	KMS Key Id for vault Auto-Unseal	`""`
app_name	string	Application name N.1 (e.g. vault, secure, store, etc..)	`"vault"`
root_volume_size	string	EC2 ASG Disk Size	`"8"`
alb_ssl_policy	string	ALB ssl policy	`"ELBSecurityPolicy-FS-1-2-2019-08"`
actions_ok	list(string)	A list of actions to take when alarms are cleared. Will likely be an SNS topic f	`[]`
instance_type	string	EC2 Instance Size	`"a1.medium"`

Outputs (7)

vault_fqdn — Vault DNS

kms_key_id — KMS key ID

iam_role_arn — IAM EC2 role ARN

root_pass_arn — SSM vault root password ARN

root_token_arn — SSM vault root token ARN

alb_arn — ALB ARN

alb_hostname — ALB DNS

Resources (22)

aws_acm_certificateaws_acm_certificate_validationaws_albaws_alb_listeneraws_alb_target_groupaws_autoscaling_groupaws_cloudwatch_dashboardaws_cloudwatch_log_groupaws_cloudwatch_metric_alarmaws_dynamodb_tableaws_iam_instance_profileaws_iam_roleaws_iam_role_policyaws_iam_role_policy_attachmentaws_kms_aliasaws_kms_keyaws_launch_configurationaws_route53_recordaws_security_groupaws_security_group_ruleaws_ssm_parameterrandom_integer

Topics & Tags

vault terraform cloud aws dynamodb terraform-module

Details

FrameworkTerraform Module

LanguageHCL

Version1.0.1

Cloud AWS

★ Stars2

Forks7

Total downloads5.9k

Inputs27

Outputs7