Bala's Blog
🛡 Elevating AWS Security: Integrating Terraform with HashiCorp Vault

🛡 Elevating AWS Security: Integrating Terraform with HashiCorp Vault

Bala's photo
Bala
·

2 min read

In a world where data security is paramount, our mission to fortify AWS infrastructure has led us to a powerful demonstration of how Terraform and HashiCorp Vault work in unison to enhance protection.

🌐 The Setup

  1. Begin with prerequisites: Ensure Terraform and AWS CLI are at your fingertips.

  2. For this showcase, we’ll leverage a Linux environment by creating an Ubuntu instance within AWS.

  3. Install HashiCorp Vault and initialize it with vault server -dev -dev-listen-address="0.0.0.0:8200". Upon launch, you’ll be equipped with a root token and a URL.

  4. Access the Vault server via the provided URL using the root token.

  5. A strategic move: Create a new secret engine or harness an existing KV engine. The choice is yours.

  6. Populate the Vault with your AWS access key, secret access key, and desired region. Ensure you securely save these valuable credentials.

🛠 Configuration with Terraform

Now, let’s craft a main.tf file—your blueprint for this fortified setup. The script includes essential components such as the Terraform provider block, a resource block for an EC2 instance, a data block configured to extract AWS keys from the secure confines of HashiCorp Vault, and the AWS provider itself.

terraform {
  required_providers {
    vault = {
      source = "hashicorp/vault"
      version = "3.21.0"
    }
  }
}

data "vault_generic_secret" "aws_creds" {
    path = "secret/terraform"
}

provider "aws" {
    region = data.vault_generic_secret.aws_creds.data["region"]
  access_key = data.vault_generic_secret.aws_creds.data["aws_access_key_id"]
  secret_key = data.vault_generic_secret.aws_creds.data["aws_secret_access_key"]
}

resource "aws_instance" "myec2" {
  ami                     = "ami-0dcc1e21636832c5d"
  instance_type           = "t2.micro"
  key_name                = "kube"
    tags = {
            Name = "Terraform-vault"
    }
}

Initialize Terraform, symbolizing the readiness of your environment.

Execute terraform plan. This action is crucial as it guarantees that your setup is diligently fetching secrets from the vault.

Finally, the ultimate test. Run terraform apply, and behold, an EC2 resource is summoned into existence. Remarkably, the access keys remain securely tucked away in HashiCorp Vault, a testimony to your commitment to security.

TerraformAWShashicorp-vaultDevops