Skip to content

Example usage of HashiCorp Vault using AWS authentication backend for secure introduction

Notifications You must be signed in to change notification settings

hashicorp-guides/vault-aws-auth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Vault AWS Authentication Guide

The goal of this guide is to help Vault users learn how to utilize Vault’s AWS authentication backend. This backend allows a user with AWS credentials, a EC2 instance or any AWS resource with an IAM role to authenticate to Vault.

In such a situation, Amazon Web Services is leveraged as a trusted entity that provides Vault with verification of an instance or service. Once this verification is complete, a Vault token can be introduced to the instance. This token can be used to authenticate to Vault for retrieval of secrets.

There are two main methods of usage for the AWS authentication backend.

  1. EC2 authentication
    Specifically used to authenticate EC2 instances using PKCS7 signature and other parameters (region, vpc, AMI ID, tags).
  2. IAM based authentication
    This allows for IAM role information to be used for authentication purposes of EC2 instances as well as other services, such as ECS tasks (containers), Lambda functions, as well as users.

EC2 example

EC2 Example notes

IAM example

TBD

Reference Content

Blog post about AWS Authentication backend
Vault AWS authentication backend documentation
Vault AWS authentication backend - API documentation
Vault pull request for enhanced AWS authentication backend with background details

About

Example usage of HashiCorp Vault using AWS authentication backend for secure introduction

Resources

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published