hashicorp · RubenSandwich · Sep 25, 2025 · Sep 26, 2025 · Sep 30, 2025 · Sep 30, 2025
@@ -405,7 +405,6 @@ jobs:
       artifact-name: "boundary_${{ needs.set-product-version.outputs.product-version }}_linux_amd64.zip"
       go-version: ${{ needs.product-metadata.outputs.go-version }}
       edition: ${{ needs.product-metadata.outputs.product-edition }}
-      docker-image-name: ${{ needs.build-docker.outputs.name }}
       docker-image-file: "boundary_default_linux_amd64_${{ needs.set-product-version.outputs.product-version }}_${{ github.sha }}.docker.dev.tar"
     secrets: inherit
   bats:

@@ -15,9 +15,6 @@ on:
       go-version:
         required: true
         type: string
-      docker-image-name:
-        required: false
-        type: string
       docker-image-file:
         required: false
         type: string
@@ -96,7 +93,6 @@ jobs:
       ENOS_VAR_crt_bundle_path: ./support/boundary.zip
       ENOS_VAR_test_email: ${{ secrets.SERVICE_USER_EMAIL }}
       ENOS_VAR_boundary_edition: ${{ inputs.edition }}
-      ENOS_VAR_boundary_docker_image_name: ${{ inputs.docker-image-name }}
       ENOS_VAR_boundary_docker_image_file: ./support/boundary_docker_image.tar
       ENOS_VAR_go_version: ${{ inputs.go-version }}
       ENOS_VAR_gcp_project_id: ${{ secrets.GCP_PROJECT_ID_CI }}

@@ -66,6 +66,8 @@ following lines
 127.0.0.1       localhost       worker
 127.0.0.1       localhost       vault
 ```
+### AWS Credentials
+Copy the AWS Account credentials from doormat and set it in the terminal, where the enos commands are run.
 
 ## Executing Scenarios
 From the `enos` directory:

@@ -81,7 +81,7 @@ scenario "e2e_docker_base_plus" {
       step.build_boundary_docker_image
     ]
     variables {
-      image_name       = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      image_name       = step.build_boundary_docker_image.image_name
       network_name     = [local.network_cluster]
       database_network = local.network_cluster
       postgres_address = step.create_boundary_database.address

@@ -82,7 +82,7 @@ scenario "e2e_docker_base_with_gcp" {
       step.build_boundary_docker_image
     ]
     variables {
-      image_name       = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      image_name       = step.build_boundary_docker_image.image_name
       network_name     = [local.network_cluster]
       database_network = local.network_cluster
       postgres_address = step.create_boundary_database.address

@@ -83,7 +83,7 @@ scenario "e2e_docker_base_with_vault" {
       step.build_boundary_docker_image
     ]
     variables {
-      image_name       = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      image_name       = step.build_boundary_docker_image.image_name
       network_name     = [local.network_cluster]
       database_network = local.network_cluster
       postgres_address = step.create_boundary_database.address

@@ -99,7 +99,7 @@ scenario "e2e_docker_base_with_worker" {
       step.build_boundary_docker_image
     ]
     variables {
-      image_name       = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      image_name       = step.build_boundary_docker_image.image_name
       network_name     = [local.network_cluster, local.network_database]
       database_network = local.network_database
       postgres_address = step.create_boundary_database.address
@@ -143,7 +143,7 @@ scenario "e2e_docker_base_with_worker" {
       step.create_boundary
     ]
     variables {
-      image_name       = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      image_name       = step.build_boundary_docker_image.image_name
       boundary_license = var.boundary_edition != "oss" ? step.read_license.license : ""
       config_file      = "worker-config.hcl"
       container_name   = "worker"

@@ -81,7 +81,7 @@ scenario "e2e_docker_base" {
       step.build_boundary_docker_image
     ]
     variables {
-      image_name       = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      image_name       = step.build_boundary_docker_image.image_name
       network_name     = [local.network_cluster]
       database_network = local.network_cluster
       postgres_address = step.create_boundary_database.address

@@ -99,7 +99,7 @@ scenario "e2e_docker_worker_registration_controller_led" {
       step.build_boundary_docker_image
     ]
     variables {
-      image_name       = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      image_name       = step.build_boundary_docker_image.image_name
       network_name     = [local.network_cluster, local.network_database]
       database_network = local.network_database
       postgres_address = step.create_boundary_database.address
@@ -113,7 +113,7 @@ scenario "e2e_docker_worker_registration_controller_led" {
     depends_on = [step.create_boundary]
     variables {
       address      = step.create_boundary.address
-      image_name   = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      image_name   = step.build_boundary_docker_image.image_name
       network_name = local.network_cluster
       login_name   = step.create_boundary.login_name
       password     = step.create_boundary.password
@@ -157,7 +157,7 @@ scenario "e2e_docker_worker_registration_controller_led" {
       step.create_boundary
     ]
     variables {
-      image_name       = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      image_name       = step.build_boundary_docker_image.image_name
       boundary_license = var.boundary_edition != "oss" ? step.read_license.license : ""
       config_file      = "worker-config-controller-led.hcl"
       container_name   = "worker"

@@ -99,7 +99,7 @@ scenario "e2e_docker_worker_registration_worker_led" {
       step.build_boundary_docker_image
     ]
     variables {
-      image_name       = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      image_name       = step.build_boundary_docker_image.image_name
       network_name     = [local.network_cluster, local.network_database]
       database_network = local.network_database
       postgres_address = step.create_boundary_database.address
@@ -144,7 +144,7 @@ scenario "e2e_docker_worker_registration_worker_led" {
       step.create_boundary
     ]
     variables {
-      image_name              = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      image_name              = step.build_boundary_docker_image.image_name
       boundary_license        = var.boundary_edition != "oss" ? step.read_license.license : ""
       config_file             = "worker-config-worker-led.hcl"
       container_name          = "worker"
@@ -165,7 +165,7 @@ scenario "e2e_docker_worker_registration_worker_led" {
     ]
     variables {
       address      = step.create_boundary.address
-      image_name   = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      image_name   = step.build_boundary_docker_image.image_name
       network_name = local.network_cluster
       login_name   = step.create_boundary.login_name
       password     = step.create_boundary.password

@@ -81,7 +81,7 @@ scenario "e2e_ui_docker" {
       step.build_boundary_docker_image
     ]
     variables {
-      image_name       = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      image_name       = step.build_boundary_docker_image.image_name
       network_name     = [local.network_cluster]
       database_network = local.network_cluster
       postgres_address = step.create_boundary_database.address
@@ -124,7 +124,7 @@ scenario "e2e_ui_docker" {
       step.create_boundary
     ]
     variables {
-      image_name       = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      image_name       = step.build_boundary_docker_image.image_name
       boundary_license = var.boundary_edition != "oss" ? step.read_license.license : ""
       config_file      = "worker-config.hcl"
       container_name   = "worker"

@@ -25,12 +25,6 @@ variable "enos_user" {
 }
 
 # Test configs
-variable "boundary_docker_image_name" {
-  description = "Name:Tag of Docker image to use"
-  type        = string
-  default     = "docker.io/hashicorp/boundary:latest"
-}
-
 variable "boundary_docker_image_file" {
   description = "Path to Boundary Docker image"
   type        = string

@@ -26,6 +26,11 @@ resource "aws_instance" "controller" {
     encrypted   = true
   }
 
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
+
   tags = merge(local.common_tags,
     {
       Name = "${local.name_prefix}-boundary-controller-${count.index}-${split(":", data.aws_caller_identity.current.user_id)[1]}"
@@ -54,6 +59,11 @@ resource "aws_instance" "worker" {
     encrypted   = true
   }
 
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
+
   tags = merge(local.common_tags,
     {
       Name = "${local.name_prefix}-boundary-worker-${count.index}-${split(":", data.aws_caller_identity.current.user_id)[1]}",

@@ -6,14 +6,18 @@ resource "aws_db_subnet_group" "boundary" {
   subnet_ids = data.aws_subnets.infra.ids
 }
 
+data "aws_rds_engine_version" "default" {
+  engine = var.db_engine
+}
+
 resource "aws_db_instance" "boundary" {
   count               = var.db_create == true ? 1 : 0
   identifier          = "boundary-db-${random_string.cluster_id.result}"
   allocated_storage   = var.db_storage
   storage_type        = var.db_storage_type
   iops                = var.db_storage_iops
-  engine              = var.db_engine
-  engine_version      = var.db_engine == "aurora-postgres" ? null : var.db_version
+  engine              = data.aws_rds_engine_version.default.engine
+  engine_version      = data.aws_rds_engine_version.default.version
   instance_class      = var.db_class
   monitoring_interval = var.db_monitoring_interval
   monitoring_role_arn = var.db_monitoring_role_arn

@@ -136,12 +136,6 @@ variable "db_class" {
   default     = "db.t4g.small"
 }
 
-variable "db_version" {
-  description = "AWS RDS DBS engine version (for postgres/mysql)"
-  type        = string
-  default     = "15.7"
-}
-
 variable "db_engine" {
   description = "AWS RDS DB engine type"
   type        = string
@@ -406,4 +400,4 @@ variable "vault_transit_token" {
   description = "vault token used for kms transit in the boundary config"
   type        = string
   default     = ""
-}
+}
@@ -302,6 +302,7 @@ resource "aws_instance" "domain_controller" {
 
   metadata_options {
     http_endpoint          = "enabled"
+    http_tokens            = "required"
     instance_metadata_tags = "enabled"
   }
   get_password_data = true

@@ -234,6 +234,7 @@ ${var.domain_admin_password}
 
   metadata_options {
     http_endpoint          = "enabled"
+    http_tokens            = "required"
     instance_metadata_tags = "enabled"
   }
   get_password_data = true

@@ -251,6 +251,7 @@ ${var.domain_admin_password}
 
   metadata_options {
     http_endpoint          = "enabled"
+    http_tokens            = "required"
     instance_metadata_tags = "enabled"
   }
   get_password_data = true

@@ -126,13 +126,18 @@ resource "aws_instance" "target" {
     "Type" : "target",
     "Project" : "Enos",
     "Project Name" : "qti-enos-boundary",
-    "Environment" : var.environment
+    "Environment" : var.environment,
     "Enos User" : var.enos_user,
   })
 
   root_block_device {
     encrypted = true
   }
+
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
 }
 
 resource "enos_remote_exec" "wait" {

@@ -17,6 +17,11 @@ resource "aws_instance" "vault_instance" {
       Type = local.vault_cluster_tag
     },
   )
+
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
 }
 
 resource "enos_remote_exec" "install_dependencies" {

@@ -253,6 +253,7 @@ resource "aws_instance" "client" {
 
   metadata_options {
     http_endpoint          = "enabled"
+    http_tokens            = "required"
     instance_metadata_tags = "enabled"
   }
   get_password_data = true

@@ -161,6 +161,11 @@ resource "aws_instance" "worker" {
       Name = "${var.name_prefix}-boundary-worker-${split(":", data.aws_caller_identity.current.user_id)[1]}",
     },
   )
+
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
 }
 
 resource "enos_bundle_install" "worker" {

@@ -27,6 +27,21 @@ resource "enos_local_exec" "load_docker_image" {
   inline = ["docker load -i ${var.path}"]
 }
 
+locals {
+  boundary_docker_image_name = replace(
+    element(
+      split("\n", trimspace(enos_local_exec.load_docker_image.stdout)),
+      -1
+    ),
+    "Loaded image: ",
+    ""
+  )
+}
+
 output "cli_zip_path" {
   value = var.cli_build_path
 }
+
+output "image_name" {
+  value = local.boundary_docker_image_name
+}
@@ -1 +1 @@
-0.20.0
+0.20.1
@@ -68,8 +68,8 @@ Complete the following steps to create a storage policy in Boundary for session
    - **Description**: `SOC 2 compliant storage policy for session recordings`
    - **Retention Policy**: `SOC 2 (7 years)`
    - **Deletion Policy**: `Custom`
-   Delete after: `2657` days
-   Toggle the switch beside **Allow orgs to override**.
+   - Delete after: `2657` days
+   - Toggle the switch beside **Allow orgs to override**.
 
 1. Click **Save**.
 

@@ -69,8 +69,8 @@ The following is an example of updating the `soc2-policy` policy.
    - **Description**: `SOC 2 compliant storage policy for session recordings, V2`
    - **Retention Policy**: `SOC 2 (7 years)`
    - **Deletion Policy**: `Custom`
-   **Delete after**: `2757` days
-   Toggle the switch beside **Allow orgs to override** to the off position.
+   - **Delete after**: `2757` days
+   - Toggle the switch beside **Allow orgs to override** to the off position.
 
 1. Click **Save**.
 

@@ -81,7 +81,9 @@ Be careful when you use Secure File Copy (SCP) to transfer large files during a
 ## asciicast
 
 When you view recorded sessions using the CLI or Admin UI, Boundary can convert the recording into other formats for playback.
-Currently Boundary supports converting the recording of an individual SSH channel into an [asciicast](https://github.com/asciinema/asciinema/blob/develop/doc/asciicast-v2.md) format to play back an interactive SSH session.
+Currently Boundary supports converting the recording of an individual SSH channel into an asciicast format to play back an interactive SSH session.
+
+Refer to the [asciinema documentation](https://docs.asciinema.org/) for more information about the [asciicast](https://docs.asciinema.org/manual/asciicast/v3/) format.
 
 ### Limitations