reference deployment

HashiCorp Consul on AWS

Discover, connect, and secure services with a central registry

This Partner Solution deploys HashiCorp Consul to the AWS Cloud. It's for organizations that want to deploy a foundation for service-based networking using a central registry. HashiCorp Consul manages service discovery, health checking, and policy enforcement in your microservice architecture. It is the control plane for a service mesh to secure traffic between services with identity-based policies and encryption. This Partner Solution deploys a distributed Consul system to a cluster of Amazon Elastic Compute Cloud (Amazon EC2) nodes.

This Partner Solution was developed by HashiCorp Inc. in collaboration with AWS. HashiCorp is an AWS Partner.


AWS Service Catalog administrators can add this architecture to their own catalog.  

  •  What you'll build
  • This Partner Solution sets up the following:

    • A highly available architecture that spans three Availability Zones.
    • A VPC configured with public and private subnets according to AWS best practices, to provide you with your own virtual network on AWS.*
    • In the public subnets:
      • Managed network address translation (NAT) gateways to allow outbound internet access for resources in the private subnets.*
      • A Linux bastion host in an Auto Scaling group to allow inbound Secure Shell (SSH) access to Amazon EC2 instances in public and private subnets.*
    • A Classic Load Balancer to distribute traffic among Consul client nodes in the private subnets.
    • In the private subnets:
      • Consul client nodes deployed to Amazon EC2 instances in an Auto Scaling group.
      • Consul server nodes deployed to Amazon EC2 instances in an Auto Scaling group. You can choose to deploy 3, 5, or 7 server nodes (3 shown).
      • Consul template installed to client and server nodes to integrate applications with the Consul service catalog and key/value store (not shown).
      • Dnsmasq installed to client and server nodes to integrate applications with the Consul Domain Name System (DNS) interface for service discovery (not shown).
    • Amazon Certificate Manager (ACM) to create or import a Secure Sockets Layer (SSL) certificate to associate with the Classic Load Balancer.

    * The template that deploys the Partner Solution into an existing VPC skips the tasks marked by asterisks and prompts you for your existing VPC configuration.

  •  How to deploy
  • To deploy HashiCorp Consul, follow the instructions in the deployment guide, which includes these steps.

    1. Sign in to your AWS account. If you don't already have an AWS account, sign up at https://aws.amazon.com.
    2. Launch the Partner Solution. Before you create the stack, choose the AWS Region from the top toolbar. The stack takes about 30–60 minutes to launch. Choose one of the following options:
    3. Access the Consul environment through the bastion hosts and SSH connections.
    4. Access the Consul web UI.
    5. Register services with Consul.

    To customize your deployment, you can choose different instance types for your resources, and change the number of Consul client and server nodes.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Costs and licenses
  • You are responsible for the cost of the AWS services and any third-party licenses used while running this solution. There is no additional cost for using the solution.

    This solution includes configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, refer to the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy a solution, create AWS Cost and Usage Reports to track associated costs. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, refer to What are AWS Cost and Usage Reports?