Example "vault-cluster-private" doesn't create a private Vault cluster

[boldandbusted]

Hi again. Given this VPC:

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = "pre-dev"
  cidr = "10.50.0.0/16"

  azs              = ["us-west-2a", "us-west-2b", "us-west-2c"]
  private_subnets  = ["10.50.1.0/24", "10.50.2.0/24", "10.50.3.0/24"]
  public_subnets   = ["10.50.11.0/24", "10.50.12.0/24", "10.50.13.0/24"]
  database_subnets = ["10.50.21.0/24", "10.50.22.0/24", "10.50.23.0/24"]

  enable_nat_gateway = true
  enable_vpn_gateway = true

  tags = {
    Terraform   = "true"
    Environment = "pre-dev"
  }
}

and this stanza

module "vault" {
  source = "github.com/boldandbusted/terraform-aws-vault/examples/vault-cluster-private"

  s3_bucket_name = "pre-dev-vault"

  ami_id              = "${data.aws_ami.vault_consul_ubuntu.id}"
  consul_cluster_name = "consul-cluster"
  vault_cluster_name  = "pre-dev-vault-cluster"
  aws_region          = "us-west-2"
  vpc_id              = "${module.vpc.vpc_id}"
  ssh_key_name        = "jesse-laptop"
}

I end up with a ASG that creates vault instances with IPs like this:

10.50.1.177 # Yay
10.50.13.34 # Boo
10.50.12.10 # Boo

Is there something obvious I'm missing (likely!)? Thanks.

NOTE: The Vault module source in the code above, is only a fork of "master", with patches I submitted in PR #26

[brikis98]

I assume that what you were hoping is that the instances would all run in either the private_subnets or database_subnets of your VPC. To make that happen, you'll have to update the values you pass to the subnet_ids param. Right now, it's grabbing all the subnets. You'll need to figure out how to select just the private or database ones you want.