hashicorp/terraform-aws-consul-enterprise-hvd

mirror of https://github.com/hashicorp/terraform-aws-consul-enterprise-hvd synced 2026-04-05 19:09:56 +00:00

No description

HCL 57.3%
Smarty 42.7%

Find a file

Mark Lewis 1dbedf0b7b Merge pull request #20 from hashicorp/compliance/update-headers-batch-1 [IND-4227] [COMPLIANCE] Update Copyright Headers (Batch 1 of 1)		2025-12-11 08:32:14 +00:00
.github	add release task	2025-12-08 10:34:12 +00:00
docs	Docs review and terraform-docs	2024-10-25 15:48:32 +01:00
examples	[COMPLIANCE] Update Copyright and License Headers (Batch 1 of 1)	2025-12-10 09:52:35 +00:00
templates	review and update	2025-08-26 13:37:23 +01:00
.copywrite.hcl	Exclude yaml files from copywrite	2024-11-06 10:54:38 +00:00
.env.local.example	chore(template): merge template changes 🆙	2025-11-01 00:32:16 +00:00
.gitignore	chore(template): merge template changes 🆙	2025-11-01 00:32:16 +00:00
.terraform-docs.yml	chore(template): merge template changes 🆙 (#15 )	2025-04-09 09:01:24 -05:00
compute.tf	[COMPLIANCE] Update Copyright and License Headers (Batch 1 of 1)	2025-12-10 09:52:35 +00:00
data.tf	[COMPLIANCE] Update Copyright and License Headers (Batch 1 of 1)	2025-12-10 09:52:35 +00:00
dns.tf	[COMPLIANCE] Update Copyright and License Headers (Batch 1 of 1)	2025-12-10 09:52:35 +00:00
ec2_data.tf	[COMPLIANCE] Update Copyright and License Headers (Batch 1 of 1)	2025-12-10 09:52:35 +00:00
iam.tf	[COMPLIANCE] Update Copyright and License Headers (Batch 1 of 1)	2025-12-10 09:52:35 +00:00
LICENSE	[COMPLIANCE] Update Copyright and License Headers (Batch 1 of 1)	2025-12-10 09:52:35 +00:00
load_balancers.tf	[COMPLIANCE] Update Copyright and License Headers (Batch 1 of 1)	2025-12-10 09:52:35 +00:00
README.md	.	2025-08-07 12:09:02 +01:00
security_groups.tf	[COMPLIANCE] Update Copyright and License Headers (Batch 1 of 1)	2025-12-10 09:52:35 +00:00
Taskfile.yml	chore(template): merge template changes 🆙	2025-11-01 00:32:16 +00:00
variables.tf	[COMPLIANCE] Update Copyright and License Headers (Batch 1 of 1)	2025-12-10 09:52:35 +00:00
versions.tf	[COMPLIANCE] Update Copyright and License Headers (Batch 1 of 1)	2025-12-10 09:52:35 +00:00

README.md

Consul Enterprise HVD on AWS EC2

Terraform module aligned with HashiCorp Validated Designs (HVD) to deploy Consul Enterprise on Amazon Web Services (AWS) using EC2 instances. It provides options for defining the size of the cluster and options to use redundancy zones.

Prerequisites

This module requires the following to already be in place in AWS:

An AWS account
A VPC with at least 3 availability zones
An S3 Bucket for snapshots
Certificates added to AWS Systems Manager (SSM)
Consul License added to AWS Systems Manager (SSM)
An AMI to launch ASG instances from
List of AWS subnet IDs for instance(s) to be deployed into
List of subnet IDs to provision internal NLB interfaces within (optional)
SSH key name, already registered in AWS, to use for instance access
ID of the AWS VPC resources are deployed into

Examples

The examples/amazonlinux-internal-nlb-consul-primary folder contains the default deployment setup demonstrating the default options and providing place holders for reuse.

The examples/amazonlinux-internal-nlb-development folder uses public subnets and self-signed certificates for a non-production environment but illustrates how to enable all features of the root module.

Docs

Additional documentation for customization and usage can be found in the docs folder.

Module support

This open source software is maintained by the HashiCorp Technical Field Organization, independently of our enterprise products. While our Support Engineering team provides dedicated support for our enterprise offerings, this open source software is not included.

For help using this open source software, please engage your account team.
To report bugs/issues with this open source software, please open them directly against this code repository using the GitHub issues feature.

Please note that there is no official Service Level Agreement (SLA) for support of this software as a HashiCorp customer. This software falls under the definition of Community Software/Versions in your Agreement. We appreciate your understanding and collaboration in improving our open source projects.

Requirements

Name	Version
terraform	>=1.0.0
aws	~> 5.0
cloudinit	~> 2.0

Providers

Name	Version
aws	~> 5.0
cloudinit	~> 2.0

Resources

Name	Type
aws_autoscaling_group.consul	resource
aws_iam_instance_profile.consul	resource
aws_iam_role.consul	resource
aws_iam_role_policy.consul_discovery	resource
aws_iam_role_policy.consul_secrets	resource
aws_iam_role_policy.consul_snapshots	resource
aws_launch_template.consul	resource
aws_lb.internal	resource
aws_lb_listener.dns	resource
aws_lb_target_group.dns	resource
aws_route53_resolver_endpoint.consul	resource
aws_route53_resolver_rule.fwd_consul	resource
aws_route53_resolver_rule_association.consul	resource
aws_security_group.consul_gossip	resource
aws_security_group.dns_local_forwarder	resource
aws_security_group.egress	resource
aws_ami.amzn2	data source
aws_ami.centos	data source
aws_ami.rhel	data source
aws_ami.ubuntu	data source
aws_availability_zones.available	data source
aws_caller_identity.current	data source
aws_iam_policy_document.consul_discovery	data source
aws_iam_policy_document.consul_secrets	data source
aws_iam_policy_document.ec2_assumerole	data source
aws_iam_policy_document.snapshot_bucket	data source
aws_network_interface.internal_nlb	data source
aws_region.current	data source
aws_s3_bucket.snapshot	data source
aws_subnet.instance	data source
aws_vpc.cluster	data source
cloudinit_config.consul	data source

Inputs

Name	Description	Type	Default	Required
environment_name	Unique environment name to prefix and disambiguate resources using.	`string`	n/a	yes
instance_subnets	List of AWS subnet IDs for instance(s) to be deployed into.	`list(string)`	n/a	yes
internal_nlb_subnets	List of subnet IDs to provision internal NLB interfaces within.	`list(string)`	n/a	yes
key_name	SSH key name, already registered in AWS, to use for instance access	`string`	n/a	yes
tag_owner	Denotes the user/entity responsible for deployment of this cluster.	`string`	n/a	yes
vpc_id	ID of the AWS VPC resources are deployed into.	`string`	n/a	yes
additional_gossip_cidrs	List of additional CIDR blocks to permit Consul Gossip traffic to/from	`list(string)`	`[]`	no
additional_grpc_tls_cidrs	List of additional CIDR blocks to permit Consul gRPC-TLS (peering, dataplane) traffic to/from. Automatically includes the local subnet.	`list(string)`	`[]`	no
additional_security_group_ids	List of AWS security group IDs to apply to all cluster nodes.	`list(string)`	`[]`	no
asg_extra_tags	Additional tags to apply to the Consul auto scaling group. See the Terraform Registry for syntax.	`list(map(string))`	`[]`	no
associate_public_ip	Whether public IPv4 addresses should automatically be attached to cluster nodes.	`bool`	`false`	no
autopilot_health_enabled	Whether autopilot upgrade migration validation is performed for server nodes at boot-time	`bool`	`true`	no
consul_agent	Config object for the Consul Agent (Server/Client)	object({ bootstrap = optional(bool, true) domain = optional(string, "consul") datacenter = string gossip_encryption_key = string consul_log_level = string license_text_arn = string primary_datacenter = string ca_cert_arn = string agent_cert_arn = string agent_key_arn = string initial_token = string ui = optional(bool, true) })	{ "agent_cert_arn": "", "agent_key_arn": "", "bootstrap": true, "ca_cert_arn": "", "consul_log_level": "", "datacenter": "dc1", "domain": "consul", "gossip_encryption_key": "", "initial_token": "", "license_text_arn": "", "primary_datacenter": "dc1", "ui": true }	no
consul_cluster_version	SemVer version string representing the cluster's deploymentiteration. Must always be incremented when deploying updates (e.g. new AMIs, updated launch config)	`string`	`"0.0.1"`	no
consul_config_template	(Optional string) name of `*.tpl` file in the `./templates` folder local to the module decleration, to replace the root `install_consul_config.sh`	`string`	`null`	no
consul_install_version	Version of Consul to install, eg. '1.19.0+ent'	`string`	`"1.19.2+ent"`	no
consul_nodes	Number of Consul nodes to deploy.	`number`	`3`	no
disk_params	Disk parameters to use for the cluster nodes' block devices.	object({ root = object({ volume_type = string, volume_size = number, iops = number }), data = object({ volume_type = string, volume_size = number, iops = number }) })	{ "data": { "iops": 5000, "volume_size": 100, "volume_type": "io1" }, "root": { "iops": 0, "volume_size": 32, "volume_type": "gp2" } }	no
ec2_ami_id	Custom AMI ID for Boundary EC2 Launch Template. If specified, value of `os_distro` must coincide with this custom AMI OS distro.	`string`	`null`	no
ec2_os_distro	Linux OS distribution for Boundary EC2 instance. Choose from `amzn2`, `ubuntu`, `rhel`, `centos`.	`string`	`"ubuntu"`	no
instance_type	EC2 instance type to launch.	`string`	`"m5.large"`	no
permit_all_egress	Whether broad (0.0.0.0/0) egress should be permitted on cluster nodes. If disabled, additional rules must be added to permit HTTP(S) and other necessary network access.	`bool`	`true`	no
route53_resolver_pool	Enable .consul domain resolution with Route53	object({ enabled = bool override_domain = optional(string) })	{ "enabled": false }	no
server_redundancy_zones	Whether Consul Enterprise Redundancy Zones should be enabled. Requires an even number of server nodes spread across 3+ availability zones.	`bool`	`false`	no
snapshot_agent	Config object to enable snapshot agent.	object({ enabled = bool interval = string retention = number s3_bucket_id = string token = string })	{ "enabled": false, "interval": "", "retention": 0, "s3_bucket_id": "", "token": "" }	no