So, through plenty of trial and error, I finally managed to figure out how to use Terraform to create and deploy a Vault/Consul cluster. It’s up and running, but I screwed up the public CA cert, and I need to redo it. The trouble is, I’ve already let my IT guy in to set up LDAP, etc. so now would be an excellent time to move my experience from “I can deploy stuff using terraform” to “I can use terraform to reconfigure existing infrastructure”.
If I hadn’t reached the point where I needed to keep this instance live, I would simply nuke it, update the cert, re-roll the AMI with Packer, then re-deploy everything with the correct cert in the updated AMI. Obviously, I’ll update the AMI for future use, but I’m a little less clear on my options for mass configuration of an existing system using terraform. What would be the best way to do this without starting over?