Terraform Cloud and Vault Provider Integration for Admin and Operator — AWS STS Assume Dynamic Credentials, Rotate Secret Engine Mounts Automatically, and Sentinel Workspace Policy Checks on Variable Modification and STS Assume

One of the challenges of delivering infrastructure in a multi-cloud, zero-trust world is developing robust framework to allow operators the ability to develop at speed without being blocked as well as allowing admins to control access to resources so operators don’t have access to the entire world. This article clarifies some of those aspects.

Trust Model

The admin workspaces will create the necessary infrastructure for the operator workspace to consume…

In this article, I will go over how to deploy a consul cluster with docker compose along with nginx using consul template to automatically inject consul backend server addresses into the nginx.conf and load balance the consul docker containers.


The following article uses an Ubuntu 20.04.1 LTS virtual machine with docker-ce and docker-compose installed.

Install docker on Ubuntu: https://docs.docker.com/engine/install/ubuntu/

Install docker-compose following the Linux instructions: https://docs.docker.com/compose/install/

Add your current user to the docker group: sudo usermod -aG docker $USER

DNS A Record

I created a DNS A record to point back to the virtual machine IP so I would…

Rick Kemery

I am a devoted learner and writer of technical articles with a devops focus.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store