Skip to content

Instantly share code, notes, and snippets.

@fadeojo

fadeojo/vault-ami.json

Last active July 9, 2019 13:50
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save fadeojo/658185f41f534b59e6cc5f0f8dc5d1f1 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save fadeojo/658185f41f534b59e6cc5f0f8dc5d1f1 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. fadeojo renamed this gist Jul 9, 2019. 1 changed file with 0 additions and 0 deletions.
    0 gistfile1.txt → vault-ami.json
    View file
    File renamed without changes.
  2. fadeojo created this gist Jul 9, 2019.
    63 changes: 63 additions & 0 deletions gistfile1.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,63 @@
    {
    "variables": {
    "aws_region": "",
    "source_ami": "",
    "aws_ami_name": "amazonlinux-{{timestamp}}-vault",
    "vault_version": "1.1.1"
    },

    "builders": [
    {
    "type": "amazon-ebs",
    "region": "{{user `aws_region`}}",
    "instance_type": "m3.medium",
    "ssh_username": "ec2-user",
    "ami_name": "{{user `aws_ami_name`}}",
    "ami_description": "Vault ami",
    "source_ami": "{{user `source_ami`}}"
    }
    ],
    "provisioners": [
    {
    "type": "shell",
    "remote_folder": "/home/ec2-user",
    "inline": [
    "sudo yum install -y unzip",
    "sudo mkdir /etc/vault.d/",
    "cd /usr/local/bin/",
    "sudo chown ec2-user:ec2-user /etc/vault.d/",
    "sudo chown ec2-user:ec2-user /etc/init.d/",
    "sudo chown ec2-user:ec2-user /usr/local/bin/",
    "sudo wget https://releases.hashicorp.com/vault/{{user `vault_version`}}/vault_{{user `vault_version`}}_linux_amd64.zip",
    "sudo unzip vault_{{user `vault_version`}}_linux_amd64.zip",
    "sudo rm vault_{{user `vault_version`}}_linux_amd64.zip",
    "sudo useradd vault"
    ]
    },
    {
    "type": "file",
    "source": "res/vault.hcl",
    "destination": "/etc/vault.d/vault.hcl"
    },
    {
    "type": "file",
    "source": "res/vault.sysvinit",
    "destination": "/etc/init.d/vault.sysvinit"
    },
    {
    "type": "file",
    "source": "res/create-vault-config.sh",
    "destination": "/usr/local/bin/create-vault-config.sh"
    },
    {
    "type": "shell",
    "remote_folder": "/home/ec2-user",
    "inline": [
    "sudo chmod 755 /etc/init.d/vault.sysvinit",
    "sudo chown root /etc/init.d/vault.sysvinit",
    "sudo chmod a+x /usr/local/bin/create-vault-config.sh",
    "sudo setcap cap_ipc_lock=+ep $(readlink -f $(which vault))"
    ]
    }
    ]
    }