IMPROVEMENTS:
- Update package name syntax in userdata script to prevent breakage when installing latest versions of Vault enterprise.
- Update examples directory with quickstart file that reduces number of steps to provision pre-reqs
- Remove data sources for AWS subnets and allow user to explicitly specify private subnet IDs in main module
- Update main module outputs
- Update default Vault version
- Update Terraform version pin
- Add
permissions_boundaryvariable to support creating the IAM Role with a permissions boundary
IMPROVEMENTS:
- Updated README
- Break code into submodules and add submodule READMEs
- Deploy Vault nodes into private subnets for better security
- Better reflect Vault reference architecture and deployment guide
- Require TLS certs on nodes and load balancers
- Remove lambda functions and use autopilot features for server cleanup
- Tighten file/folder permissions created in userdata script
- Add AWS Session Manager capability for logging into nodes
IMPROVEMENTS:
- Clarify README
IMPROVEMENTS:
- Increased
wait_for_capacity_timeoutin ASG to make sureterraform applydoesn't time out
IMPROVEMENTS:
- security:
- added security group rule to expose API/UI to allowed CIDR blocks
- exposed
elb_internalvariable to user
- documentation: updated README
IMPROVEMENTS:
- Upgrading terraform block syntax for TF version 0.13.0+
- Pinning version number for
aws,random, andtemplateproviders
IMPROVEMENTS:
- security: added security group rule for inbound on port 22 and variable for approved CIDR blocks
IMPROVEMENTS:
- documentation: updated refs and corrected links
- documentation: added CHANGELOG
- Initial release