diff --git a/README.md b/README.md
index 5ccc080..8877782 100644
--- a/README.md
+++ b/README.md
@@ -254,8 +254,8 @@ Default: `null`
| [iam\_role\_arn\_vault\_cluster](#output\_iam\_role\_arn\_vault\_cluster) | IAM role ARN attached to the Vault cluster. |
| [iam\_role\_id\_consul\_cluster](#output\_iam\_role\_id\_consul\_cluster) | IAM role ID attached to the Consul cluster. |
| [iam\_role\_id\_vault\_cluster](#output\_iam\_role\_id\_vault\_cluster) | IAM role ID attached to the Vault cluster. |
-| [launch\_config\_name\_consul\_cluster](#output\_launch\_config\_name\_consul\_cluster) | Launch configuration name of the Consul cluster. |
-| [launch\_config\_name\_vault\_cluster](#output\_launch\_config\_name\_vault\_cluster) | Launch configuration name of the Vault cluster. |
+| [launch\_template\_name\_consul\_cluster](#output\_launch\_template\_name\_consul\_cluster) | Launch template name of the Consul cluster. |
+| [launch\_template\_name\_vault\_cluster](#output\_launch\_template\_name\_vault\_cluster) | Launch template name of the Vault cluster. |
| [security\_group\_id\_consul\_cluster](#output\_security\_group\_id\_consul\_cluster) | Security group ID of the Consul cluster to attach to other security group rules. |
| [security\_group\_id\_vault\_cluster](#output\_security\_group\_id\_vault\_cluster) | Security group ID of the Vault cluster to attach to other security group rules. |
diff --git a/modules/consul-cluster/README.md b/modules/consul-cluster/README.md
index 863e1a3..c8a1f13 100644
--- a/modules/consul-cluster/README.md
+++ b/modules/consul-cluster/README.md
@@ -42,7 +42,7 @@ rules.
| [aws_autoscaling_group.autoscaling_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | resource |
| [aws_iam_instance_profile.instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
| [aws_iam_role.instance_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_launch_configuration.launch_configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration) | resource |
+| [aws_launch_template.launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
| [null_resource.tags_as_list_of_maps](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [aws_iam_policy_document.instance_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -50,28 +50,27 @@ rules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which to deploy the Consul cluster | `string` | n/a | yes |
-| [subnet\_ids](#input\_subnet\_ids) | The subnet IDs into which the EC2 Instances should be deployed. We recommend one subnet ID per node in the cluster\_size variable. At least one of var.subnet\_ids or var.availability\_zones must be non-empty. | `list(string)` | n/a | yes |
| [ami\_id](#input\_ami\_id) | The ID of the AMI to run in this cluster. Should be an AMI that had Consul installed and configured by the install-consul module. | `string` | n/a | yes |
-| [user\_data](#input\_user\_data) | A User Data script to execute while the server is booting. We remmend passing in a bash script that executes the run-consul script, which should have been installed in the Consul AMI by the install-consul module. | `string` | n/a | yes |
-| [instance\_type](#input\_instance\_type) | The type of EC2 Instances to run for each node in the cluster (e.g. t3.micro). | `string` | `"t3.micro"` | no |
+| [cluster\_name](#input\_cluster\_name) | The name of the Consul cluster (e.g. consul-stage). This variable is used to namespace all resources created by this module. | `string` | n/a | yes |
| [cluster\_size](#input\_cluster\_size) | The number of nodes to have in the Consul cluster. We strongly recommended that you use either 3 or 5. | `number` | `3` | no |
-| [tenancy](#input\_tenancy) | The tenancy of the instance. Must be one of: empty string, default or dedicated. For EC2 Spot Instances only empty string or dedicated can be used. | `string` | `""` | no |
-| [root\_volume\_ebs\_optimized](#input\_root\_volume\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized. | `bool` | `false` | no |
-| [root\_volume\_type](#input\_root\_volume\_type) | The type of volume. Must be one of: standard, gp2, or io1. | `string` | `"standard"` | no |
-| [root\_volume\_size](#input\_root\_volume\_size) | The size, in GB, of the root EBS volume. | `number` | `50` | no |
-| [root\_volume\_delete\_on\_termination](#input\_root\_volume\_delete\_on\_termination) | Whether the volume should be destroyed on instance termination. | `bool` | `true` | no |
-| [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, Default. | `string` | `"Default"` | no |
-| [wait\_for\_capacity\_timeout](#input\_wait\_for\_capacity\_timeout) | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | `string` | `"10m"` | no |
-| [health\_check\_type](#input\_health\_check\_type) | Controls how health checking is done. Must be one of EC2 or ELB. | `string` | `"EC2"` | no |
+| [cluster\_tag\_key](#input\_cluster\_tag\_key) | Add a tag with this key and the value var.cluster\_tag\_value to each Instance in the ASG. This can be used to automatically find other Consul nodes and form a cluster. | `string` | `"consul-servers"` | no |
+| [cluster\_tag\_value](#input\_cluster\_tag\_value) | Add a tag with key var.clsuter\_tag\_key and this value to each Instance in the ASG. This can be used to automatically find other Consul nodes and form a cluster. | `string` | `"auto-join"` | no |
| [health\_check\_grace\_period](#input\_health\_check\_grace\_period) | Time, in seconds, after instance comes into service before checking health. | `number` | `60` | no |
+| [health\_check\_type](#input\_health\_check\_type) | Controls how health checking is done. Must be one of EC2 or ELB. | `string` | `"EC2"` | no |
| [instance\_profile\_path](#input\_instance\_profile\_path) | Path in which to create the IAM instance profile. | `string` | `"/"` | no |
+| [instance\_type](#input\_instance\_type) | The type of EC2 Instances to run for each node in the cluster (e.g. t3.micro). | `string` | `"t3.micro"` | no |
+| [root\_volume\_delete\_on\_termination](#input\_root\_volume\_delete\_on\_termination) | Whether the volume should be destroyed on instance termination. | `bool` | `true` | no |
+| [root\_volume\_ebs\_optimized](#input\_root\_volume\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized. | `bool` | `false` | no |
+| [root\_volume\_size](#input\_root\_volume\_size) | The size, in GB, of the root EBS volume. | `number` | `50` | no |
+| [root\_volume\_type](#input\_root\_volume\_type) | The type of volume. Must be one of: standard, gp2, or io1. | `string` | `"standard"` | no |
| [ssh\_security\_group\_id](#input\_ssh\_security\_group\_id) | ID of the security group of a bastion ssh instance from where you can ssh into the Consul instances. | `string` | n/a | yes |
-| [vault\_security\_group\_id](#input\_vault\_security\_group\_id) | ID of the security group of the Vault instances to allow traffic from Vault into Consul. | `string` | n/a | yes |
-| [cluster\_name](#input\_cluster\_name) | The name of the Consul cluster (e.g. consul-stage). This variable is used to namespace all resources created by this module. | `string` | n/a | yes |
+| [subnet\_ids](#input\_subnet\_ids) | The subnet IDs into which the EC2 Instances should be deployed. We recommend one subnet ID per node in the cluster\_size variable. At least one of var.subnet\_ids or var.availability\_zones must be non-empty. | `list(string)` | n/a | yes |
| [tags](#input\_tags) | Tags to attach to all AWS resources | `map(string)` | `{}` | no |
-| [cluster\_tag\_key](#input\_cluster\_tag\_key) | Add a tag with this key and the value var.cluster\_tag\_value to each Instance in the ASG. This can be used to automatically find other Consul nodes and form a cluster. | `string` | `"consul-servers"` | no |
-| [cluster\_tag\_value](#input\_cluster\_tag\_value) | Add a tag with key var.clsuter\_tag\_key and this value to each Instance in the ASG. This can be used to automatically find other Consul nodes and form a cluster. | `string` | `"auto-join"` | no |
+| [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, Default. | `string` | `"Default"` | no |
+| [user\_data](#input\_user\_data) | A User Data script to execute while the server is booting. We remmend passing in a bash script that executes the run-consul script, which should have been installed in the Consul AMI by the install-consul module. | `string` | n/a | yes |
+| [vault\_security\_group\_id](#input\_vault\_security\_group\_id) | ID of the security group of the Vault instances to allow traffic from Vault into Consul. | `string` | n/a | yes |
+| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which to deploy the Consul cluster | `string` | n/a | yes |
+| [wait\_for\_capacity\_timeout](#input\_wait\_for\_capacity\_timeout) | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | `string` | `"10m"` | no |
## Outputs
@@ -79,10 +78,10 @@ rules.
|------|-------------|
| [asg\_name](#output\_asg\_name) | Name of the Consul autoscaling group |
| [cluster\_size](#output\_cluster\_size) | Number of Consul nodes |
-| [launch\_config\_name](#output\_launch\_config\_name) | Name of the Consul launch configuration |
| [iam\_role\_arn](#output\_iam\_role\_arn) | ARN of the IAM role attached to the Consul instance. |
| [iam\_role\_id](#output\_iam\_role\_id) | ID of the IAM role attached to the Consul instance. |
| [iam\_role\_name](#output\_iam\_role\_name) | Name of the IAM role attached to the Consul instance. |
+| [launch\_template](#output\_launch\_template) | Name of the Vault launch\_template |
| [security\_group\_id](#output\_security\_group\_id) | Security group ID to attach to other security group rules as destination. |
diff --git a/modules/vault-cluster/README.md b/modules/vault-cluster/README.md
index 01e9250..444cfb1 100644
--- a/modules/vault-cluster/README.md
+++ b/modules/vault-cluster/README.md
@@ -63,7 +63,7 @@ machines.
| [aws_iam_role.instance_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy.vault_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.vault_s3_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_launch_configuration.launch_configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration) | resource |
+| [aws_launch_template.launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
| [null_resource.tags_as_list_of_maps](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [aws_iam_policy_document.instance_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.vault_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -75,30 +75,29 @@ machines.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which to deploy the cluster | `string` | n/a | yes |
-| [subnet\_ids](#input\_subnet\_ids) | The subnet IDs into which the EC2 Instances should be deployed. You should typically pass in one subnet ID per node in the cluster\_size variable. We strongly recommend that you run Vault in private subnets. At least one of var.subnet\_ids or var.availability\_zones must be non-empty. | `list(string)` | n/a | yes |
| [ami\_id](#input\_ami\_id) | The ID of the AMI to run in this cluster. Should be an AMI that had Vault installed and configured by the install-vault module. | `string` | n/a | yes |
-| [user\_data](#input\_user\_data) | A User Data script to execute while the server is booting. We recommend passing in a bash script that executes the run-vault script, which should have been installed in the AMI by the install-vault module. | `string` | n/a | yes |
-| [instance\_type](#input\_instance\_type) | The type of EC2 Instances to run for each node in the cluster (e.g. t2.micro). | `string` | `"t3.micro"` | no |
+| [cluster\_name](#input\_cluster\_name) | The name of the Vault cluster (e.g. vault-stage). This variable is used to namespace all resources created by this module. | `string` | n/a | yes |
| [cluster\_size](#input\_cluster\_size) | The number of nodes to have in the cluster. We strongly recommend setting this to 3 or 5. | `number` | `3` | no |
-| [tenancy](#input\_tenancy) | The tenancy of the instance. Must be one of: default or dedicated. | `string` | `"default"` | no |
-| [root\_volume\_ebs\_optimized](#input\_root\_volume\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized. | `bool` | `false` | no |
-| [root\_volume\_type](#input\_root\_volume\_type) | The type of volume. Must be one of: standard, gp2, or io1. | `string` | `"standard"` | no |
-| [root\_volume\_size](#input\_root\_volume\_size) | The size, in GB, of the root EBS volume. | `number` | `50` | no |
-| [root\_volume\_delete\_on\_termination](#input\_root\_volume\_delete\_on\_termination) | Whether the volume should be destroyed on instance termination. | `bool` | `true` | no |
-| [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, Default. | `string` | `"Default"` | no |
-| [wait\_for\_capacity\_timeout](#input\_wait\_for\_capacity\_timeout) | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | `string` | `"10m"` | no |
-| [health\_check\_type](#input\_health\_check\_type) | Controls how health checking is done. Must be one of EC2 or ELB. | `string` | `"EC2"` | no |
-| [health\_check\_grace\_period](#input\_health\_check\_grace\_period) | Time, in seconds, after instance comes into service before checking health. | `number` | `60` | no |
-| [elb\_security\_group\_id](#input\_elb\_security\_group\_id) | ID of the security group of a public ELB from which you can API access the Vault instances. | `string` | n/a | yes |
-| [ssh\_security\_group\_id](#input\_ssh\_security\_group\_id) | ID of the security group of a bastion ssh instance from where you can ssh into the Vault instances. | `string` | n/a | yes |
| [consul\_security\_group\_id](#input\_consul\_security\_group\_id) | ID of the security group of the Consul instances to allow traffic from Consul into Vault. | `string` | n/a | yes |
-| [cluster\_name](#input\_cluster\_name) | The name of the Vault cluster (e.g. vault-stage). This variable is used to namespace all resources created by this module. | `string` | n/a | yes |
-| [tags](#input\_tags) | Tags to attach to all AWS resources | `map(string)` | `{}` | no |
+| [elb\_security\_group\_id](#input\_elb\_security\_group\_id) | ID of the security group of a public ELB from which you can API access the Vault instances. | `string` | n/a | yes |
| [enable\_s3\_backend](#input\_enable\_s3\_backend) | Whether to configure an S3 storage backend in addition to Consul. | `bool` | `false` | no |
-| [s3\_bucket\_name](#input\_s3\_bucket\_name) | The name of the S3 bucket in the same region to use as a storage backend. Only used if 'enable\_s3\_backend' is set to true. | `string` | `""` | no |
| [enable\_s3\_backend\_encryption](#input\_enable\_s3\_backend\_encryption) | Whether to configure the S3 storage backend to be encrypted with a KMS key. | `bool` | `false` | no |
+| [health\_check\_grace\_period](#input\_health\_check\_grace\_period) | Time, in seconds, after instance comes into service before checking health. | `number` | `60` | no |
+| [health\_check\_type](#input\_health\_check\_type) | Controls how health checking is done. Must be one of EC2 or ELB. | `string` | `"EC2"` | no |
+| [instance\_type](#input\_instance\_type) | The type of EC2 Instances to run for each node in the cluster (e.g. t2.micro). | `string` | `"t3.micro"` | no |
| [kms\_alias\_name](#input\_kms\_alias\_name) | The name of the KMS key that is used for S3 storage backend encryption. | `string` | `""` | no |
+| [root\_volume\_delete\_on\_termination](#input\_root\_volume\_delete\_on\_termination) | Whether the volume should be destroyed on instance termination. | `bool` | `true` | no |
+| [root\_volume\_ebs\_optimized](#input\_root\_volume\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized. | `bool` | `false` | no |
+| [root\_volume\_size](#input\_root\_volume\_size) | The size, in GB, of the root EBS volume. | `number` | `50` | no |
+| [root\_volume\_type](#input\_root\_volume\_type) | The type of volume. Must be one of: standard, gp2, or io1. | `string` | `"standard"` | no |
+| [s3\_bucket\_name](#input\_s3\_bucket\_name) | The name of the S3 bucket in the same region to use as a storage backend. Only used if 'enable\_s3\_backend' is set to true. | `string` | `""` | no |
+| [ssh\_security\_group\_id](#input\_ssh\_security\_group\_id) | ID of the security group of a bastion ssh instance from where you can ssh into the Vault instances. | `string` | n/a | yes |
+| [subnet\_ids](#input\_subnet\_ids) | The subnet IDs into which the EC2 Instances should be deployed. You should typically pass in one subnet ID per node in the cluster\_size variable. We strongly recommend that you run Vault in private subnets. At least one of var.subnet\_ids or var.availability\_zones must be non-empty. | `list(string)` | n/a | yes |
+| [tags](#input\_tags) | Tags to attach to all AWS resources | `map(string)` | `{}` | no |
+| [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, Default. | `string` | `"Default"` | no |
+| [user\_data](#input\_user\_data) | A User Data script to execute while the server is booting. We recommend passing in a bash script that executes the run-vault script, which should have been installed in the AMI by the install-vault module. | `string` | n/a | yes |
+| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which to deploy the cluster | `string` | n/a | yes |
+| [wait\_for\_capacity\_timeout](#input\_wait\_for\_capacity\_timeout) | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | `string` | `"10m"` | no |
## Outputs
@@ -106,12 +105,12 @@ machines.
|------|-------------|
| [asg\_name](#output\_asg\_name) | Name of the Vault autoscaling group |
| [cluster\_size](#output\_cluster\_size) | Number of Vault nodes |
-| [launch\_config\_name](#output\_launch\_config\_name) | Name of the Vault launch configuration |
| [iam\_role\_arn](#output\_iam\_role\_arn) | ARN of the IAM role attached to the Vault instance. |
| [iam\_role\_id](#output\_iam\_role\_id) | ID of the IAM role attached to the Vault instance. |
| [iam\_role\_name](#output\_iam\_role\_name) | Name of the IAM role attached to the Vault instance. |
-| [security\_group\_id](#output\_security\_group\_id) | Security group ID to attach to other security group rules as destination. |
+| [launch\_template](#output\_launch\_template) | Name of the Vault launch\_template |
| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | ARN of the S3 bucket if used as storage backend |
+| [security\_group\_id](#output\_security\_group\_id) | Security group ID to attach to other security group rules as destination. |