Multiple AWS accounts and cloud auto-join feature

[psyhomb]

Is it possible to fetch tag value for EC2 instances running in different accounts? https://www.consul.io/docs/agent/cloud-auto-join.html#amazon-ec2

Let's say that consul servers are running on the same shared account and all agents are in several different AWS accounts, is it possible in some way to discover these instances by sending requests to the local EC2 metadata service (HTTP metadata API) or auto-join feature can be used only in the same AWS account?

Thanks

[psyhomb]

So basically my question is, is it possible to use auto-join feature provided by this lib if you have multiple AWS accounts and if it is, how?

[igordcsouza]

@psyhomb had you found a workaround on that?

[psyhomb]

No, I haven't. 😞

The only solution I can think of is using multi-cluster (one per account) with datacenter federation between them.

[StepanKuksenko]

faced with the same case...

[igordcsouza]

@StepanKuksenko

The workaround that I came up with was to use this: "retry_join": [ "consul-servers.internal.dns.cloud" ]

And when i spin up a new server it automatically upgrades the DNS (consul-servers.internal.dns.cloud) with the current consul server's IP.

All my consul servers are in a different account and the only thing you need to make sure of is connectivity between booth VPC/accounts.

[StepanKuksenko]

@StepanKuksenko

The workaround that I came up with was to use this: "retry_join": [ "consul-servers.internal.dns.cloud" ]

And when i spin up a new server it automatically upgrades the DNS (consul-servers.internal.dns.cloud) with the current consul server's IP.

All my consul servers are in a different account and the only thing you need to make sure of is connectivity between booth VPC/accounts.

thank you very much ! it works for me

[ksandrmatveyev]

Hello, any plans to implement cross-account with assume role? I think IAM User creds might be used from a core account as another workaround, but it is not well-secured