Provisioning a vault¶
This document describe how to provision a vault using the S3Vaultlib CLI and AWS CloudFormation (via the console)
Provisioning the S3Vault¶
Let’s generate the default config with:
s3vaultcli create_s3vault_config -o myconfig.yml
- edit the example configuration by setting the target S3 bucket to use as vault. The output should look like the following (comments are stripped out):
---
s3vaultlib:
vault:
bucket: "test-bucket-for-s3-vault"
roles:
- name: role_admin
privileges: [read, write]
path: _all_
managed_policies: []
- name: role_webserver
privileges: [read]
kms_alias: role_webserver
path:
- webserver/
- name: role_mysql
privileges: [read]
kms_alias: role_mysql
path:
- mysql/
- with the CLI now we are going to create the cloudformation template for the vault
s3vaultcli create_cloudformation -c test.yml -o test.template
- Now in the AWS Console we enter CloudFormation and we create a new
template from file and we upload
test.template
. In a while we should have our vault completely configured.