DevOps
/
HC-vault-on-aws-FORK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
46 Commits 2 Branches 1 Tag 238 KiB
Commit Graph

46 Commits

Author SHA1 Message Date
matthieu42morin ffd6c5b400 version aws upgrade 2024-02-29 18:55:55 +01:00
matthieu42morin b75f3facd6 FIX: Error: failed to get shared config profile 2024-02-29 18:52:54 +01:00
matthieu42morin 04824d5695 fix deprecated vpc arg 2024-02-29 18:46:53 +01:00
matthieu42morin 5ee399ef60 fix unsupported tag block 2024-02-29 18:46:28 +01:00
matthieu42morin 236b38f2b5 changing vars, defaults - ver, instance type 2024-02-29 18:31:44 +01:00
matthieu42morin 50322cbf79 userdate_template port to Debian, apt, aws cli install 2024-02-29 18:25:21 +01:00
Cole Morrison c1100f96e6
Merge pull request #5 from conormccullough1/patch-1 
Removed unsupported apply_server_side_encryption
 2022-03-30 11:08:27 -07:00
Conor 9fa9948998
Added s3 sse resource 
Bit of a novel for you in case you were curious, but in TL;DR form, it's worked.

There was no error, it was just not generating the encrypted credentials. I should say there was a 404 error when running the AWS CLI commands, due to the bucket object not existing - though the bucket existed, so I assume the problem popped up somewhere between vault initializing, encrypting & then sending the keys to S3. 

I was unable to properly diagnose it without any explicit error output, but after poking around I noticed a lot of the resources such as the EC2 instances, load balancers, etc - were still in a "Terminating" state while I was rerunning the terraform destroy/apply commands. I decided to wait a bit and try again.. Also learned that a full destroy isn't necessary in this type of scenario which is nice to know :)

I cloned the repo again today and started from scratch, and it's worked now with the aws_s3_bucket_server_side_encryption_configuration resource! The S3 bucket properties now list default encryption as enabled and Server-side-encryption as Amazon S3-managed keys (SSE).
 2022-03-30 12:30:16 +11:00
Conor def3d07aa8
Removed unsupported apply_server_side_encryption 
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#enable-default-server-side-encryption

https://github.com/hashicorp/terraform-provider-aws/issues/23106

This is read-only and so the terraform apply fails as it's unable to use this feature.

Removing this code so that any other noobs like myself going through the project/YouTube series don't get tripped up on this.
 2022-03-28 11:06:41 +11:00
Cole Morrison 9c9edd712e
Merge pull request #3 from cisherlock/hotfix-s3-region 
Updated s3 to remove unsupported region attribute
 2021-07-16 14:29:44 -07:00
Craig 17f538dfb4
Updated s3 to remove unsupported region attribute 2021-02-18 16:16:14 +00:00
J Cole Morrison 65e03e59fa instructions for using github as a module source 2020-04-30 13:27:08 -07:00
J Cole Morrison 6bd42a9ce4 update readme and remove created files from boot 2020-04-30 13:23:25 -07:00
J Cole Morrison 73cd8a1ae5 verify vault download 2020-04-29 19:59:08 -07:00
J Cole Morrison e549787e90 generate and trust certificate 2020-04-29 17:52:40 -07:00
J Cole Morrison a63799126e change health check to https 2020-04-28 20:21:47 -07:00
J Cole Morrison 6b71f8b09f generate tls certificate and key for internal usage 2020-04-28 20:19:51 -07:00
J Cole Morrison 009418074f remove unused file 2020-04-18 20:18:21 -07:00
J Cole Morrison 0b93ec24fa cleanup 2020-04-18 20:14:50 -07:00
J Cole Morrison 09976bb087 add video instructions 2020-04-18 11:00:12 -07:00
J Cole Morrison 8c4861c90a initial readme 2020-04-17 15:11:44 -07:00
J Cole Morrison 9e312c6379 default instance size 2020-04-17 14:06:30 -07:00
J Cole Morrison d05a2897af add infrastructure image 2020-04-16 18:14:53 -07:00
J Cole Morrison 01949dccbd reorganize variables, add outputs, add license, add variable examples 2020-04-16 18:03:53 -07:00
J Cole Morrison 97a39ed3dc output load balancer dns name 2020-04-15 20:26:52 -07:00
J Cole Morrison 09323580c8 support any number of peered VPCs 2020-04-15 13:45:57 -07:00
J Cole Morrison 8fa66281fc output load balancer dns 2020-04-15 12:38:48 -07:00
J Cole Morrison 1ce54ba604 rename user data template and output vault creds script 2020-04-14 18:54:11 -07:00
J Cole Morrison 527c7c548f change log level to info on vault service 2020-04-14 18:19:52 -07:00
J Cole Morrison 5324244868 completed private deploy options 2020-04-14 16:13:50 -07:00
J Cole Morrison 524ad7dcf9 add eigw to correct table 2020-04-14 13:12:25 -07:00
J Cole Morrison 43d49191d9 public version completion 2020-04-13 20:26:06 -07:00
J Cole Morrison 94f374dce2 better listeners 2020-04-13 18:50:26 -07:00
J Cole Morrison a866b0ec9f launch template and auto scaling group 2020-04-13 18:31:14 -07:00
J Cole Morrison 055a1c546d added s3 bucket and associated policies 2020-04-12 14:13:58 -07:00
J Cole Morrison d68a36e52f initial user data script for vault initialization 2020-04-11 13:29:58 -07:00
J Cole Morrison e2383bda9f first pass at boot script 2020-04-10 20:05:48 -07:00
J Cole Morrison 2087b9fd0c bastion instance and actually associate subnets to the route tables 2020-04-10 18:21:07 -07:00
J Cole Morrison 074dab50a8 prefix file names with related aws service 2020-04-10 17:50:21 -07:00
J Cole Morrison 7d77ac588c http redirect listener 2020-04-10 17:49:27 -07:00
J Cole Morrison 326724f39d updated for ipv6, completion of load balancer 2020-04-10 16:01:13 -07:00
J Cole Morrison 3e588e9da7 update vpc to use IPv6 2020-04-10 15:40:24 -07:00
J Cole Morrison 0492d4ed49 wip with load balancers pre IPv6 2020-04-10 15:34:32 -07:00
J Cole Morrison 9b98f95da6 Endpoints done, yet to deploy 2020-04-09 20:40:35 -07:00
J Cole Morrison 9a9b4d0090 security groups 2020-04-09 20:11:09 -07:00
J Cole Morrison ddf83c628c initial commit 2020-04-09 19:37:14 -07:00