Terraform Vault HCP Setup
This Terraform code will create an HCP Vault cluster along with the required vpcs, security groups, subnets, internet gateways, assocations, peering, and vault cluster.
HCP Vault Credentials
Login at https://portal.cloud.hashicorp.com/sign-in
Go to IAM
Go to Service Principals
Create a Service Principal with the Contributor Role
Click on the User
Click Create Service Principal Key
Add client id and client secret to terraform.tfvars OR export them as environment variables
AWS Credentials
Export these credentials as environment variables or add them to the settings.tf file
Name
Version
aws
3.51.0
hcp
0.10.0
No modules.
Name
Description
Type
Default
Required
aws_cidr_block
CIDR block for the AWS VPC
string
"10.0.0.0/16"
no
aws_environment_tag
Tag that will be applied to all AWS resources
string
"HCP"
no
aws_hcp_ec2_subnet
CIDR block for EC2 workloads. Should be allocated from the VPC subnet range.
string
"10.0.1.0/24"
no
aws_hcp_jump_igw_name
Name of the Internet Gateway that will be created and associated with the VPC. Specified as a tag
string
"hcp-vault-jump-igw"
no
aws_hcp_jump_subnet_name
Name of the Subnet that will be created in the VPC. Specified as a tag
string
"hcp-vault-subnet"
no
aws_owner_tag
Tag that will be appled to all AWS resources.
string
n/a
yes
aws_product_tag
Tag that will be applied to all AWS resources
string
"vault"
no
aws_route_table_name
Name of the AWS Route Table that will be created. Specified as a tag
string
"hcp-vault-rt"
no
aws_vault_sg_desc
Description for the AWS Security Group that will be created to allow access to Vault
string
"Security Group that allows access to HCP Vault"
no
aws_vault_sg_name
AWS Security Group name tag that will be set on the security group
string
"hcp-vault-sg"
no
aws_vault_sg_prefix
AWS Security Group name prefix that will be set on the security group
string
"hcp-vault-sg-"
no
aws_vpc_hvn_name
Name of the AWS VPC that will be created. Specified as a tag
string
"hcp-vault-vpc"
no
aws_vpc_peering_name
Name of the Peering Connection that will be created. Specified as a tag
string
"hcp-vault-pc"
no
cloud_provider
The cloud provider of the HCP HVN and Vault cluster.
string
"aws"
no
hcp_cidr_block
CIDR block for the HVN VPC
string
"172.25.16.0/20"
no
hcp_client_id
Client ID used to authenticate with HCP
string
null
no
hcp_client_secret
Client secret used to authenticate with HCP
string
null
no
hcp_cluster_id
The ID of the HCP Vault cluster.
string
"hcp-vault-cluster"
no
hcp_public_endpoint
Exposes the cluster to the internet. Defaults to false
bool
false
no
hcp_tier
Tier to provision in HCP Vault - dev, standard_small, standard_medium, standard_large
string
"dev"
no
hvn_id
The ID of the HCP HVN.
string
"hcp-vault-hvn"
no
hvn_peering_id
The ID of the HCP peering connection.
string
"hcp-hvn-peering"
no
hvn_route_id
The ID of the HCP HVN route.
string
"hcp-hvn-route"
no
region
The region of the HCP HVN and Vault cluster.
string
"us-west-2"
no