GithubHelp home page GithubHelp logo

terraform-vault-hcp-setup's Introduction

Terraform Vault HCP Setup

This Terraform code will create an HCP Vault cluster along with the required vpcs, security groups, subnets, internet gateways, assocations, peering, and vault cluster.

Required Credentials

HCP Vault Credentials

  1. Login at https://portal.cloud.hashicorp.com/sign-in
  2. Go to IAM
  3. Go to Service Principals
  4. Create a Service Principal with the Contributor Role
  5. Click on the User
  6. Click Create Service Principal Key
  7. Add client id and client secret to terraform.tfvars OR export them as environment variables

AWS Credentials

  • Export these credentials as environment variables or add them to the settings.tf file

Requirements

Name Version
terraform ~>1.0.0
aws ~>3.51.0
hcp ~>0.10.0

Providers

Name Version
aws 3.51.0
hcp 0.10.0

Modules

No modules.

Resources

Name Type
aws_internet_gateway.aws_hcp_jump_igw resource
aws_route_table.aws_vault_route_table resource
aws_route_table_association.aws_hcp_jump_subnet_association resource
aws_security_group.aws_vault_sg resource
aws_security_group_rule.aws_vault_sg_rules resource
aws_subnet.aws_hcp_jump_subnet resource
aws_vpc.aws_vpc_hvn resource
aws_vpc_peering_connection_accepter.hvn_aws_accept resource
hcp_aws_network_peering.hvn_aws_peer resource
hcp_hvn.hcp_vault_hvn resource
hcp_hvn_route.hvn_peer_route resource
hcp_vault_cluster.vault_cluster resource
aws_arn.aws_vpc_peer data source

Inputs

Name Description Type Default Required
aws_cidr_block CIDR block for the AWS VPC string "10.0.0.0/16" no
aws_environment_tag Tag that will be applied to all AWS resources string "HCP" no
aws_hcp_ec2_subnet CIDR block for EC2 workloads. Should be allocated from the VPC subnet range. string "10.0.1.0/24" no
aws_hcp_jump_igw_name Name of the Internet Gateway that will be created and associated with the VPC. Specified as a tag string "hcp-vault-jump-igw" no
aws_hcp_jump_subnet_name Name of the Subnet that will be created in the VPC. Specified as a tag string "hcp-vault-subnet" no
aws_owner_tag Tag that will be appled to all AWS resources. string n/a yes
aws_product_tag Tag that will be applied to all AWS resources string "vault" no
aws_route_table_name Name of the AWS Route Table that will be created. Specified as a tag string "hcp-vault-rt" no
aws_vault_sg_desc Description for the AWS Security Group that will be created to allow access to Vault string "Security Group that allows access to HCP Vault" no
aws_vault_sg_name AWS Security Group name tag that will be set on the security group string "hcp-vault-sg" no
aws_vault_sg_prefix AWS Security Group name prefix that will be set on the security group string "hcp-vault-sg-" no
aws_vpc_hvn_name Name of the AWS VPC that will be created. Specified as a tag string "hcp-vault-vpc" no
aws_vpc_peering_name Name of the Peering Connection that will be created. Specified as a tag string "hcp-vault-pc" no
cloud_provider The cloud provider of the HCP HVN and Vault cluster. string "aws" no
hcp_cidr_block CIDR block for the HVN VPC string "172.25.16.0/20" no
hcp_client_id Client ID used to authenticate with HCP string null no
hcp_client_secret Client secret used to authenticate with HCP string null no
hcp_cluster_id The ID of the HCP Vault cluster. string "hcp-vault-cluster" no
hcp_public_endpoint Exposes the cluster to the internet. Defaults to false bool false no
hcp_tier Tier to provision in HCP Vault - dev, standard_small, standard_medium, standard_large string "dev" no
hvn_id The ID of the HCP HVN. string "hcp-vault-hvn" no
hvn_peering_id The ID of the HCP peering connection. string "hcp-hvn-peering" no
hvn_route_id The ID of the HCP HVN route. string "hcp-hvn-route" no
region The region of the HCP HVN and Vault cluster. string "us-west-2" no

Outputs

Name Description
vault_cluster_id n/a
vault_private_endpoint_url n/a
vault_tier n/a
vault_version n/a

terraform-vault-hcp-setup's People

Contributors

kalenarndt avatar

Stargazers

Michael Ethridge avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.