Good evening,
I’m working on building a production ready Vault cluster in AWS using an autoscaling group with auto-unseal and raft storage enabled. I bake my Vault AMI using Packer and then use a slightly modified version of the vault-run script found here on instance startup passed via userdata - terraform-aws-vault/modules/run-vault at master · hashicorp/terraform-aws-vault · GitHub.
The question I’m struggling to find the answer to is whether I need to mount an EBS volume to each instance to store the raft data for persistent storage or would it be ok to rely on S3 backed snapshots for DR and RAFT protocol to sync the data to a newly created EC2 instance during either an AMI update or loss of an EC2 instance?
My raft node_id is currently set to the ec2 instance ID so it would be unique with each newly created instance. Would it even be able to use the raft data written by the previous instance?
Cheers.