Open davidhessler opened 5 years ago
We are also able to specify an "endpoint" using Vault (which does work in the same region); however, Consul doesn't seem to have this functionality.
Could this be related to the Go SDK? (just a hunch) https://github.com/aws/aws-sdk-go/issues/2219
I just googled for the term "isob-east-1" as I had never seen such a region name :grinning:
I moved this to the library where the change would me made for this to work.
Has anyone thought about this?
I know it's been a couple years, but has there been any traction on this? A number of recent high profile vulnerabilities have caused a growing number of organizations, including ours, to begin heavily restricting their egress traffic. This includes using VPC endpoints instead of public AWS endpoints. We need the ability to define a custom ec2 endpoint for cloud auto join in order to operate vault and consul in networks with restricted egress.
When filing a bug, please include the following headings if possible. Any example text in this template can be deleted.
Overview of the Issue
Cloud Auto-Join does not support cases where the region is part of one of the alternative AWS Segments. For example in
isob-east-1
region, Consul queries https://ec2.us-isob-east-1.amazonaws.com (this DNS record does not exist). Attempted to specify the region and received the same error.With packer, you can level customer ec2 endpoints, but cannot with Consul.
Reproduction Steps
Steps to reproduce this issue, eg:
"retry_join": ["provider=aws tag_key=... tag_value=..."]
inserver.json
configuration fileconsul agent
Consul info for both Client and Server
Attempting to create 3 node server cluster. Included in config.json
"retry_join": ["provider=aws tag_key=cault tag_value=server"]
Getting
[ERR] agent: Join LAN: discover-aws: DescribeInstanceInput failed: RequestError: send request
Operating system and Environment details
Running Centos 7.5 on AWS. Same exact config.json works in
us-gov-west-1
region.Log Fragments
[ERR] agent: Join LAN: discover-aws: DescribeInstanceInput failed: RequestError: send request