search

hashicorp / terraform-aws-consul

A Terraform Module for how to run Consul on AWS using Terraform and Packer
Apache License 2.0
401 stars 484 forks source link

Support AWS Access Keys in retry_join #156

Closed carflo closed 4 years ago

carflo commented 4 years ago

Background: The Consul auto-join feature supports access-keys to discover nodes it should join. Ideally you should be using a role that has the describe-instance permission attached to it. This works great if your cluster is entirely within a single account.

However, there is currently no way use the auto join feature across AWS accounts with IAM roles. The solution for now is to use a AWS access keys to be able to describe instances in a different account.

Problem: The run-consul script does not support access keys. https://github.com/hashicorp/terraform-aws-consul/blob/db3d81e030f03da3832e3865806193400a7b576a/modules/run-consul/run-consul#L253

Solution Add the ability to set both access_key_id and secret_access_key to the retry_join block as mentioned here: https://www.consul.io/docs/agent/cloud-auto-join.html#amazon-ec2

brikis98 commented 4 years ago

Since this isn't a super common use case, is it something you could add to your own config by overriding the configuration?