I’ve been using GitHub - hashicorp/terraform-aws-vault: A Terraform Module for how to run Vault on AWS using Terraform and Packer as a basis for my vault deployment with consul, and S3 backend, KMS auto unseal. Amazing stuff!
Since it resides in its own VPC, the cost of the NAT gateway does make up a fair chunk of my AWS bill, and it’s pretty unnecessary for the most part.
What would I have to do to operate without any outbound access? I tried it, but found an initial deployment failed at the point when I tried to unseal or ensure consul was functional.
Thank you for any ideas!