{"id":1185,"date":"2023-09-21T09:39:48","date_gmt":"2023-09-21T04:09:48","guid":{"rendered":"https:\/\/www.openwriteup.com\/?page_id=1185"},"modified":"2023-09-21T09:39:48","modified_gmt":"2023-09-21T04:09:48","slug":"integration-aws-authentication-with-vault-using-terraform","status":"publish","type":"page","link":"https:\/\/www.openwriteup.com\/?page_id=1185","title":{"rendered":"Integration aws authentication with vault (using terraform)"},"content":{"rendered":"<p><em><strong>This post will cover how to vault aws access key and secret key with vault, and using terraform how to access.<\/strong><\/em><\/p>\n<ol>\n<li>Install the vault<\/li>\n<\/ol>\n<pre>wget -O- https:\/\/apt.releases.hashicorp.com\/gpg | sudo gpg --dearmor -o \/usr\/share\/keyrings\/hashicorp-archive-keyring.gpg\r\necho \"deb [signed-by=\/usr\/share\/keyrings\/hashicorp-archive-keyring.gpg] https:\/\/apt.releases.hashicorp.com $(lsb_release -cs) main\" | sudo tee \/etc\/apt\/sources.list.d\/hashicorp.list\r\nsudo apt update &amp;&amp; sudo apt install vault<\/pre>\n<p>2. Start Vault Server:** Start a Vault server in dev mode for this example. Open a terminal and run the following command:<\/p>\n<pre> vault server -dev<\/pre>\n<p>The Vault server will start running at the specified address (usually `http:\/\/127.0.0.1:8200`).<\/p>\n<p>3. In another terminal, set the `VAULT_ADDR` environment variable to the Vault server address:<\/p>\n<pre> export VAULT_ADDR=\"http:\/\/127.0.0.1:8200\"<\/pre>\n<p>Then, initialize Vault and set an initial root token:<\/p>\n<pre> vault operator init<\/pre>\n<p>Make note of the unseal keys and the initial root token.<\/p>\n<p>4. Unseal the Vault using the unseal keys obtained from the previous step:<\/p>\n<pre> vault operator unseal<\/pre>\n<p>5. Enable the Key-Value (KV) secrets engine to store and retrieve secrets:<\/p>\n<pre> vault secrets enable -path=secrets kv-v2<\/pre>\n<p>6. Initialize Terraform to download the Vault provider plugin:<\/p>\n<pre> terraform init<\/pre>\n<p>7. vault kv put secret\/aws_credentials<\/p>\n<pre>access_key=&lt; get from aws account&gt; \r\nsecret_key=&lt;get from aws account&gt;<\/pre>\n<p>8. add access key and secret key in vault<\/p>\n<pre>vault kv put secret\/aws_credentials access_key=&lt;access key&gt; secret_key=&lt;secret key&gt;<\/pre>\n<p>9.\u00a0 tf file for aws account<\/p>\n<pre>provider \"vault\" {\r\naddress = \"http:\/\/127.0.0.1:8200\"\r\n}\r\ndata \"vault_generic_secret\" \"aws_credentials\" {\r\npath = \"secret\/aws_credentials\"\r\n}\r\nprovider \"aws\" {\r\naccess_key = data.vault_generic_secret.aws_credentials.data[\"access_key\"]\r\nsecret_key = data.vault_generic_secret.aws_credentials.data[\"secret_key\"]\r\nregion = \"us-west-2\" # Replace with your desired AWS region\r\n}\r\ndata \"vault_generic_secret\" \"myapp_secret\" {\r\npath = \"secret\/aws_credentials\"\r\n}\r\nresource \"aws_instance\" \"example\" {\r\nami = \"ami-0b8987a72eee28c3d\" # Replace with your desired AMI ID\r\ninstance_type = \"t2.micro\"\r\nsubnet_id = \"subnet-0e09953db95a5ac65\" # Replace with your desired subnet ID\r\n# user_data = data.vault_generic_secret.myapp_secret.data[\"password\"]\r\nkey_name = \"my-key\"\r\nconnection {\r\ntype = \"ssh\"\r\nuser = \"ubuntu\"\r\nprivate_key = file(\"my-key.pem\")\r\nhost = self.public_ip\r\n}\r\n}<\/pre>\n<p>10. Run following command<\/p>\n<pre>terraform plan\r\nterraform apply<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>This post will cover how to vault aws access key and secret key with vault, and using terraform how to access. Install the vault wget -O- https:\/\/apt.releases.hashicorp.com\/gpg | sudo gpg &#8211;dearmor -o \/usr\/share\/keyrings\/hashicorp-archive-keyring.gpg echo &#8220;deb [signed-by=\/usr\/share\/keyrings\/hashicorp-archive-keyring.gpg] https:\/\/apt.releases.hashicorp.com $(lsb_release -cs) main&#8221; | sudo tee \/etc\/apt\/sources.list.d\/hashicorp.list sudo apt update &amp;&amp; sudo apt install vault 2. Start Vault [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_oct_exclude_from_cache":false,"footnotes":""},"class_list":["post-1185","page","type-page","status-publish","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.openwriteup.com\/index.php?rest_route=\/wp\/v2\/pages\/1185","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.openwriteup.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.openwriteup.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.openwriteup.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.openwriteup.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1185"}],"version-history":[{"count":1,"href":"https:\/\/www.openwriteup.com\/index.php?rest_route=\/wp\/v2\/pages\/1185\/revisions"}],"predecessor-version":[{"id":1186,"href":"https:\/\/www.openwriteup.com\/index.php?rest_route=\/wp\/v2\/pages\/1185\/revisions\/1186"}],"wp:attachment":[{"href":"https:\/\/www.openwriteup.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1185"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}