github.com/outbrain/consul@v1.4.5/website/source/docs/guides/consul-aws.html.md (about)

     1  ---
     2  layout: "docs"
     3  page_title: "Consul-AWS"
     4  sidebar_current: "docs-guides-consul-aws"
     5  description: |-
     6    Consul-AWS provides a tool, which syncs Consul's and AWS Cloud Map's service catalog
     7  ---
     8  
     9  # Consul-AWS
    10  
    11  [Consul-AWS](https://github.com/hashicorp/consul-aws/) syncs the services in an AWS Cloud Map namespace to a Consul datacenter. Consul services will be created in AWS Cloud Map and the other way around. This enables native service discovery across Consul and AWS Cloud Map.
    12  This guide will describe how to configure and how to start the sync.
    13  
    14  ## Authentication
    15  
    16  `consul-aws` needs access to Consul and AWS for uni- and bidirectional sync.
    17  
    18  For Consul, the process accepts both the standard CLI flags, `-token` and the environment variables `CONSUL_HTTP_TOKEN`. This should be set to a Consul ACL token if ACLs are enabled.
    19  
    20  For AWS, `consul-aws` uses the default credential provider chain to find AWS credentials. The default provider chain looks for credentials in the following order:
    21  1. Environment variables.
    22  2. Shared credentials file.
    23  3. If your application is running on an Amazon EC2 instance, IAM role for Amazon EC2.
    24  
    25  ## Configuration
    26  
    27  There are two subcommands available on `consul-aws`:
    28  
    29  * version: display version number
    30  * sync-catalog: start syncing the catalogs
    31  
    32  The version subcommand doesn’t do anything besides showing the version, so lets focus on sync-catalog. The following flags are available:
    33  
    34  * A set of parameters to connect to your Consul Cluster like `-http-addr`, `-token`, `-ca-file`, `-client-cert`, and everything else you might need in order to do that
    35  * `-aws-namespace-id`: The AWS namespace to sync with Consul services.
    36  * `-aws-service-prefix`: A prefix to prepend to all services written to AWS from Consul. If this is not set then services will have no prefix.
    37  * `-consul-service-prefix`: A prefix to prepend to all services written to Consul from AWS. If this is not set then services will have no prefix.
    38  * `-to-aws`: If true, Consul services will be synced to AWS (defaults to false).
    39  * `-to-consul`: If true, AWS services will be synced to Consul (defaults to false).
    40  * `-aws-pull-interval`: The interval between fetching from AWS Cloud Map. Accepts a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms", "10s", "1.5m" (defaults to 30s).
    41  * `-aws-dns-ttl`: DNS TTL for services created in AWS Cloud Map in seconds (defaults to 60).
    42  
    43  Independent of how you want to use `consul-aws` it needs to be able to connect to Consul and AWS. Apart from making sure you setup up authenticated access, `-aws-namespace-id` is mandatory.
    44  
    45  ## Syncing Consul services to AWS Cloud Map
    46  
    47  Assuming authenticated access is set up, there is little left to do before starting the sync. Using `-to-aws` command line flag will start the sync to AWS Cloud Map. If `-aws-service-prefix` is provided, every imported service from Consul will be prefixed. For example:
    48  
    49  ```shell
    50  $ consul-aws -aws-namespace-id ns-hjrgt3bapp7phzff -to-aws -consul-service-prefix consul_
    51  ```
    52  
    53  At this point `consul-aws` will start importing services into AWS Cloud Map. A service in Consul named `web` will end up becoming `consul_web` in AWS. The individual service instances from Consul will be created in AWS as well.
    54  
    55  Services in AWS Cloud Map that were imported from Consul have the following properties:
    56  
    57  * Description:  “Imported from Consul”
    58  * Record types: A and SRV
    59  * DNS routing policy: Multivalue answer routing
    60  
    61  ## Syncing AWS Cloud Map services to Consul
    62  
    63  Similar to the previous chapter, there are two relevant flags: `-to-consul` to turn on the sync and optionally `-consul-service-prefix` to prefix every service imported into Consul. For example:
    64  
    65  ```shell
    66  $ consul-aws -aws-namespace-id ns-hjrgt3bapp7phzff -to-consul -aws-service-prefix aws_
    67  ```
    68  
    69  At this point `consul-aws` will start importing services into Consul. A service in AWS named `redis` will end up becoming `aws_redis` in Consul. The individual service instances from AWS will be created in Consul as well.
    70  
    71  * Services in Consul that were imported from AWS Cloud Map have the following properties:
    72  * Tag: aws
    73  * Meta-Data: has aws as the source set, as well as the aws-id, the aws-namespace and every custom attribute the instance had in AWS Cloud Map
    74  * Node: the node name is consul-aws
    75  
    76  ## Syncing both directions
    77  
    78  To enable bidirectional sync only put together the previous two sections and provide `-to-consul` and `-to-aws` as well as optionally `-aws-service-prefix` and `-consul-service-prefix`:
    79  
    80  ```shell
    81  $ consul-aws -aws-namespace-id ns-hjrgt3bapp7phzff -to-consul -aws-service-prefix aws_ -to-aws -consul-service-prefix consul_
    82  ```
    83  
    84  At this point `consul-aws` will start importing services into Consul from AWS Cloud Map and from AWS Cloud Map to Consul.
    85  
    86  ## Summary
    87  
    88  At this point, either uni- or bidirectional sync is set up and service discovery is available across Consul and AWS seamlessly. If you haven’t enabled [ACL](/docs/guides/acl.html), now is a good time to read about it.