https://github.com/devops-rob/terraform-vault-aws-secrets-engine

A Terraform module to enable and configure the AWS secrets engine in HashiCorp Vault.
https://github.com/devops-rob/terraform-vault-aws-secrets-engine

Last synced: about 1 month ago
JSON representation

A Terraform module to enable and configure the AWS secrets engine in HashiCorp Vault.

• Host: GitHub
• URL: https://github.com/devops-rob/terraform-vault-aws-secrets-engine
• Owner: devops-rob
• License: apache-2.0
• Created: 2021-01-22T12:46:40.000Z (about 5 years ago)
• Default Branch: main
• Last Pushed: 2021-01-22T12:55:09.000Z (about 5 years ago)
• Last Synced: 2025-10-04T04:56:31.193Z (6 months ago)
• Language: HCL
• Size: 6.84 KB
• Stars: 0
• Watchers: 1
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Terraform Module: AWS Secrets Engine

A Terraform module to enable and configure the AWS secrets engine in HashiCorp Vault.

## AWS requirements

Vault will require an aws account is required with programmatic access. This account should have the ability to create, list, delete AWS accounts. For this example, Vault will also require an IAM group to place provisioned accounts.  The permissions assigned to this group will depend on what actions the provisioned accounts need to perform.

For more information about AWS Groups and permissions, refer to the following resources:

- [AWS Groups best practices](https://aws.amazon.com/iam/features/manage-users/)

- [AWS Permissions best practices](https://aws.amazon.com/iam/features/manage-permissions/)

## Usage example

```hcl

provider "vault" {

  address = "http://localhost:8200"

  token   = var.vault_token

}

variable "vault_token" {}

variable "aws_access_key" {}

variable "aws_secret_key" {}

module "aws_defaults" {

  source = "devops-rob/aws-secrets-engine/vault"

  

  aws_backend_role_name = "test"

  aws_iam_groups        = [

    "test1",

    "test2"

  ]

  aws_access_key = var.aws_access_key

  aws_secret_key = var.aws_secret_key

}

```

## License

Licensed under the Apache License, Version 2.0 (the "License").

You may obtain a copy of the License at [apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0).

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an _"AS IS"_ basis, without WARRANTIES or conditions of any kind, either express or implied.

See the License for the specific language governing permissions and limitations under the License.