I was following the Vault Agent with AWS documentation and it workes fine until I restart the service or reboot the instance. Any ideas on how I can overcome this problem?
vault agent configuration file vault_agent.hcl
:
pid_file = "./pidfile"
vault {
address = "http://vault-server:8200"
retry {
num_retries = 5
}
}
listener "tcp" {
address = "{{ ansible_ssh_host }}:8200"
cluster_address = "{{ ansible_ssh_host }}:8201"
tls_disable = 1
}
auto_auth {
method "aws" {
mount_path = "auth/aws/project"
config = {
type = "ec2"
role = "test-role"
}
}
cache {
use_auto_auth_token = true
}
sink "file" {
config = {
path = "/tmp/test"
}
}
}
Now the login works without problem.
login
vault login
output
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"
again. Future Vault requests will automatically use this token.
Key Value
--- -----
token xxx
token_accessor xxx
token_duration 46s
token_renewable true
token_policies ["admin-role" "default"]
identity_policies []
policies ["admin-role" "default"]
token_meta_account_id xxx
token_meta_auth_type ec2
token_meta_role test-role
token_meta_role_tag_max_ttl 0s
However, if I restart the agent or reboot the ec2 instance I can’t authunticate anymore:
* client nonce mismatch and instance meta-data incorrect" backoff=1s
[INFO] auth.handler: authenticating
[ERROR] auth.handler: error authenticating: error="Error making API request.