This module is designed to provision a HashiCorp Virtual Network as well as a new HCP Vault cluster. Connectivity from the HCP environment is done using a Transit Gateway.
Since most organizations already have an established network strategy, or the network stack is defined in another Terraform configuration, this module assumes the following:
- The VPC in the targeted account (Network account) already exists
- The Transit Gateway in the targeted account (Network account) already exists
- A private route table exists for the VPC in the targeted account
An example .tfvars file is included to configure values of required variables.
Name | Version |
---|---|
hcp | 0.41.0 |
Name | Version |
---|---|
aws | n/a |
hcp | 0.41.0 |
No modules.
Name | Type |
---|---|
aws_ec2_transit_gateway_vpc_attachment_accepter.hcp_vault_accepter | resource |
aws_ram_principal_association.hcp_vault_principal | resource |
aws_ram_resource_association.hcp-vault | resource |
aws_ram_resource_share.tgw_share | resource |
aws_route.hcp_route | resource |
hcp_aws_transit_gateway_attachment.hcp-vault_tgw_attachement | resource |
hcp_hvn.primary | resource |
hcp_hvn_route.route | resource |
hcp_vault_cluster.hcp-cluster | resource |
aws_ec2_transit_gateway.centralized_tgw | data source |
aws_vpc.primary_vpc | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
aws_cloud_region | AWS Cloud Region that HCP Vault will be connected to | string |
"us-east-1" |
no |
client_id | Client ID for HCP Organization | string |
n/a | yes |
client_secret | Client Secret for HCP Organization | string |
n/a | yes |
cluster_id | The ID of the Vault cluster | string |
"primary-vault-cluster" |
no |
hvn_cidr | The CIDR block for HashiCorp Virtual Network | string |
"172.31.0.0/16" |
no |
hvn_id | Name/ID of the HVN Network - displays in the UI | string |
n/a | yes |
public_vault | Should this Vault cluster have a public endpoint? | bool |
false |
no |
route_table_id | The private route table in the network/transit account to route data to the HVN for Vault requests | string |
n/a | yes |
tgw_id | The ID of the existing TGW in your AWS network/transit account | string |
n/a | yes |
vault_tier | Tier of the HCP Vault cluster. Valid options for tiers - dev, starter_small, standard_small, standard_medium, standard_large, plus_small, plus_medium, plus_large | string |
n/a | yes |
vpc_id | VPC ID of an existing VPC in the Network (Transit) account | string |
n/a | yes |
No outputs.