devops-adeel · November 15, 2022 10:20
diff --git a/audit.tf b/audit.tf
 resource "vault_audit" "file" {
  type        = "file"
  description = "Vault Audit to File"

  options = {
    file_path = "/var/log/vault_audit.log"
    format    = "json"
    mode      = "0000"
    prefix    = "vault"
  }
 }

 resource "vault_audit" "syslog" {
  type        = "syslog"
  description = "Vault Audit to syslog"

  options = {
    tag      = "vault"
    facility = "AUTH"
    format   = "json"
    prefix   = "vault"
  }
 }
diff --git a/raft_autopilot.tf b/raft_autopilot.tf
 #https://developer.hashicorp.com/vault/api-docs/system/storage/raftautopilot#set-configuration
 #https://developer.hashicorp.com/vault/tutorials/raft/raft-autopilot#autopilot-configuration

 resource "vault_raft_autopilot" "default" {
  cleanup_dead_servers               = true
  dead_server_last_contact_threshold = "10s"
  last_contact_threshold             = "10s"
  max_trailing_logs                  = 1000
  min_quorum                         = 3
  server_stabilization_time          = "10s"
 }
diff --git a/raft_snapshot.tf b/raft_snapshot.tf
 resource "vault_raft_snapshot_agent_config" "local" {
  name             = "local"
  interval_seconds = 86400
  retain           = 7
  path_prefix      = "/opt/vault/snapshots/"
  storage_type     = "local"
  local_max_space = 10000000
 }

 #AWS
 data "aws_region" "default" {}

 resource "vault_raft_snapshot_agent_config" "aws" {
  name             = "s3"
  interval_seconds = 86400
  retain           = 7
  path_prefix      = "/vault/snapshots/"
  storage_type     = "aws-s3"
  aws_s3_bucket         = "vault_snapshots"
  aws_s3_region         = data.aws_region.default.name
 }
	resource "vault_audit" "file" {
	type = "file"
	description = "Vault Audit to File"

	options = {
	file_path = "/var/log/vault_audit.log"
	format = "json"
	mode = "0000"
	prefix = "vault"
	}
	}

	resource "vault_audit" "syslog" {
	type = "syslog"
	description = "Vault Audit to syslog"

	options = {
	tag = "vault"
	facility = "AUTH"
	format = "json"
	prefix = "vault"
	}
	}
	#https://developer.hashicorp.com/vault/api-docs/system/storage/raftautopilot#set-configuration
	#https://developer.hashicorp.com/vault/tutorials/raft/raft-autopilot#autopilot-configuration

	resource "vault_raft_autopilot" "default" {
	cleanup_dead_servers = true
	dead_server_last_contact_threshold = "10s"
	last_contact_threshold = "10s"
	max_trailing_logs = 1000
	min_quorum = 3
	server_stabilization_time = "10s"
	}
	resource "vault_raft_snapshot_agent_config" "local" {
	name = "local"
	interval_seconds = 86400
	retain = 7
	path_prefix = "/opt/vault/snapshots/"
	storage_type = "local"
	local_max_space = 10000000
	}

	#AWS
	data "aws_region" "default" {}

	resource "vault_raft_snapshot_agent_config" "aws" {
	name = "s3"
	interval_seconds = 86400
	retain = 7
	path_prefix = "/vault/snapshots/"
	storage_type = "aws-s3"
	aws_s3_bucket = "vault_snapshots"
	aws_s3_region = data.aws_region.default.name
	}