Added VaultSG tied ConsulMaster to Vault UserData

Author: tonynv

templates/quickstart-hashicorp-vault-master.template

@@ -1,6 +1,6 @@
 {
   "AWSTemplateFormatVersion": "2010-09-09",
-  "Description": "Hashicorp Consul+Vault template master, License: Apache 2.0 (Please do not remove) Oct,26,2016",
+  "Description": "Hashicorp Consul+Vault template master, License: Apache 2.0 (Please do not remove) Oct,27,2016",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
       "ParameterGroups": [{
@@ -481,6 +481,13 @@
             ]
           },
           "Parameters": {
+            "AvailabilityZones": {
+              "Fn::Join": [
+                ",", {
+                  "Ref": "AvailabilityZones"
+                }
+              ]
+            },
             "PrivateSubnet1ID": {
               "Fn::GetAtt": [
                   "VPCStack",
@@ -514,6 +521,9 @@
             "AccessCIDR": {
               "Ref": "AccessCIDR"
             },
+            "EmailAddress": {
+              "Ref": "EmailAddress"
+            },
             "QuickStartS3URL": {
             "Fn::Join": [
                 "/", [{

templates/quickstart-hashicorp-vault.template

@@ -1,7 +1,11 @@
 {
     "AWSTemplateFormatVersion": "2010-09-09",
-    "Description": "QS(0037) HashiCorp Consul License: Apache 2.0 (Please do not remove) Oct,26,2016",
+    "Description": "QS(0037) HashiCorp Consul License: Apache 2.0 (Please do not remove) Oct,27,2016",
     "Parameters": {
+        "AvailabilityZones": {
+            "Description": "List of Availability Zones to use for the subnets in the VPC. Note: The logical order is preserved and only 2 AZs are used for this deployment.",
+            "Type": "List<AWS::EC2::AvailabilityZone::Name>"
+        },
         "KeyPair": {
             "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances",
             "Type": "AWS::EC2::KeyPair::KeyName",
@@ -157,6 +161,37 @@
                 }]
             }
         },
+        "VaultSecGroup": {
+            "Type": "AWS::EC2::SecurityGroup",
+            "Properties": {
+                "GroupDescription": "Enables SSH access to the Consul Master.",
+                "VpcId": {
+                    "Ref": "VPCID"
+                    },
+                    "SecurityGroupIngress": [
+                    {
+                        "IpProtocol": "tcp",
+                        "FromPort": "22",
+                        "ToPort": "22",
+                        "CidrIp": {
+                            "Ref": "AccessCIDR"
+                        }
+                    },
+                    {
+                        "IpProtocol": "tcp",
+                        "FromPort": "0",
+                        "ToPort": "65535",
+                        "CidrIp": {
+                            "Ref": "VPCCIDR"
+                        }
+                    }
+                ],
+                "Tags": [{
+                    "Key": "Name",
+                    "Value": "VaultSecGroup"
+                }]
+            }
+        },
         "Vault1MemoryAlarm": {
             "Type": "AWS::CloudWatch::Alarm",
             "Properties": {
@@ -342,21 +377,22 @@
                 }
             },
             "Properties": {
-                "AvailabilityZone": {
-                    "Fn::Select": [
-                        "0", {
-                            "Fn::GetAZs": {
-                                "Ref": "AWS::Region"
-                            }
-                        }
-                    ]
-                },
                 "InstanceType": {
                     "Ref": "VaultInstanceType"
                 },
                 "KeyName": {
                     "Ref": "KeyPair"
                 },
+                "NetworkInterfaces": [{
+                    "DeleteOnTermination": "true",
+                    "DeviceIndex": 0,
+                    "SubnetId": {
+                        "Ref": "PrivateSubnet1ID"
+                    },  
+                    "GroupSet": [{
+                        "Ref": "VaultSecGroup"
+                    }]  
+                }],
                 "ImageId": {
                     "Fn::FindInMap": [
                         "AWSAMIRegionMap", {
@@ -542,21 +578,22 @@
                 }
             },
             "Properties": {
-                "AvailabilityZone": {
-                    "Fn::Select": [
-                        "1", {
-                            "Fn::GetAZs": {
-                                "Ref": "AWS::Region"
-                            }
-                        }
-                    ]
-                },
                 "InstanceType": {
                     "Ref": "VaultInstanceType"
                 },
                 "KeyName": {
                     "Ref": "KeyPair"
                 },
+                "NetworkInterfaces": [{
+                    "DeleteOnTermination": "true",
+                    "DeviceIndex": 0,
+                    "SubnetId": {
+                        "Ref": "PrivateSubnet2ID"
+                    },  
+                    "GroupSet": [{
+                        "Ref": "VaultSecGroup"
+                    }]  
+                }],
                 "ImageId": {
                     "Fn::FindInMap": [
                         "AWSAMIRegionMap", {