v0.6.2

#64: Remove provider and aws_region from examples so you can use them following the instructions in the Terraform Registry.

v0.6.1

#62: You can now specify additional security groups to attach to the ASG in the vault-cluster module using the new additional_security_group_ids parameter.

v0.6.0

#60: Update to Vault 0.10.0. run-vault now configures api_addr instead of redirect_addr.

v0.5.2

#56: All the vault examples now use the new consul-client-security-group-rules to open up ports required for Consul clients to communicate with each other (lan gossip). We recommend you add this module to your deployments if you are using Vault with Consul.

v0.5.1

#55: The vault-cluster module now sets a Name tag on the Launch Configuration security group.

v0.5.0

#52:

BACKWARDS INCOMPATIBLE CHANGE

The vault-cluster module no longer supports the target_group_arns and load_balancers parameters. Instead, to associate a load balancer with your Vault cluster, you should use a separate aws_autoscaling_attachment resource. If you're using the vault-elb module, it will create the aws_autoscaling_attachment resource for you automatically.

Note that to deploy this change without downtime, you will most likely want to spin up a new Vault cluster (new ASG), using the same tags and load balancer, wait for it join the original cluster, and then tear down the old ASG.

v0.4.0

#48:

BACKWARDS INCOMPATIBLE CHANGE

The Vault ASG is now namespaced using the cluster_name variable, just like all the other resources. Terraform treats renaming an ASG as deleting the old one and creating a new one, so be careful when updating!

Probably the best option is to:

1. Add a second vault-cluster module to your code but with the same cluster_tag_key and cluster_tag_value as the first cluster.
2. Run terraform apply.
3. This will bring up a second ASG that should be part of the same Vault cluster as the first. Wait for all the new nodes to come up.
4. SSH to each new node and run vault unseal.
5. SSH to each old node and run vault seal.
6. Remove the old vault-cluster module from your code.
7. Run terraform apply.
8. Now you're left with just the new cluster.

As always, make sure to test this in a pre-prod environment before prod!

v0.3.0

#44: The vault-elb module no longer exposes an availability_zones parameter. Please use subnet_ids instead.

v0.2.1

#43: You can now install Vault from a custom URL. This is especially useful for Vault enterprise.

v0.2.0

#41: You can now enable S3 as a storage backend again (while still using Consul as the HA backend)!

• When deploying the vault-cluster module, set the enable_s3_backend param to true and specify the name of the S3 bucket to use via the s3_bucket_name param.
• When calling run-vault, set the --enable-s3-backend param to true and specify the name and region of the S3 bucket to use via the --s3-bucket and --s3-bucket-region params.