Add Amazon Linux, openSUSE Leap, and SUSE SLES support to Enos scenarios and modules (#25983)

Add Consul edition support to Enos scenarios and modules Add Linux distros and Consul edition to Enos samples Bump RHEL versions to 9.3 and 8.9
2025-11-02 19:47:54 +00:00 · 2024-06-05 12:58:35 -04:00
parent ef10c1a2a4
commit c28739512a
38 changed files with 947 additions and 375 deletions
--- a/.github/workflows/test-run-enos-scenario-matrix.yml
+++ b/.github/workflows/test-run-enos-scenario-matrix.yml
@@ -96,7 +96,13 @@ jobs:
      ENOS_VAR_vault_build_date: ${{ needs.metadata.outputs.build-date }}
      ENOS_VAR_vault_product_version: ${{ needs.metadata.outputs.vault-version }}
      ENOS_VAR_vault_revision: ${{ inputs.vault-revision }}
      ENOS_VAR_consul_license_path: ./support/consul.hclic
      ENOS_VAR_vault_license_path: ./support/vault.hclic
      ENOS_VAR_distro_version_amzn2: ${{ matrix.attributes.distro_version_amzn2 }}
      ENOS_VAR_distro_version_leap: ${{ matrix.attributes.distro_version_leap }}
      ENOS_VAR_distro_version_rhel: ${{ matrix.attributes.distro_version_rhel }}
      ENOS_VAR_distro_version_sles: ${{ matrix.attributes.distro_version_sles }}
      ENOS_VAR_distro_version_ubuntu: ${{ matrix.attributes.distro_version_ubuntu }}
      ENOS_DEBUG_DATA_ROOT_DIR: /tmp/enos-debug-data
    steps:
      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
@@ -134,6 +140,11 @@ jobs:
      - if: contains(inputs.sample-name, 'ent')
        name: Configure Vault license
        run: echo "${{ secrets.VAULT_LICENSE }}" > ./enos/support/vault.hclic || true
      - if: contains(matrix.scenario.id.filter, 'consul_edition:ent')
        name: Configure Consul license
        run: |
          echo "matrix.scenario.id.filter: ${{ matrix.scenario.id.filter }}"
          echo "${{ secrets.CONSUL_LICENSE }}" > ./enos/support/consul.hclic || true
      - id: launch
        name: enos scenario launch ${{ matrix.scenario.id.filter }}
        # Continue once and retry to handle occasional blips when creating infrastructure.
--- a/enos/enos-dev-scenario-pr-replication.hcl
+++ b/enos/enos-dev-scenario-pr-replication.hcl
@@ -69,13 +69,13 @@ scenario "dev_pr_replication" {
  EOF
  // The matrix is where we define all the baseline combinations that enos can utilize to customize
-  // your scenario. By default enos attempts to perform your command an the entire product! Most
+  // your scenario. By default enos attempts to perform your command on the entire product of these
-  // of the time you'll want to reduce that by passing in a filter.
+  // possible comginations! Most of the time you'll want to reduce that by passing in a filter.
  // Run 'enos scenario list --help' to see more about how filtering scenarios works in enos.
  matrix {
    arch              = ["amd64", "arm64"]
    artifact          = ["local", "deb", "rpm", "zip"]
-    distro            = ["ubuntu", "rhel"]
+    distro            = ["amzn2", "leap", "rhel", "sles", "ubuntu"]
    edition           = ["ent", "ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
    primary_backend   = ["consul", "raft"]
    primary_seal      = ["awskms", "pkcs11", "shamir"]
@@ -117,8 +117,8 @@ scenario "dev_pr_replication" {
  // Here we declare all of the providers that we might need for our scenario.
  providers = [
    provider.aws.default,
-    provider.enos.ubuntu,
+    provider.enos.ec2_user,
-    provider.enos.rhel
+    provider.enos.ubuntu
  ]
  // These are variable values that are local to our scenario. They are evaluated after external
@@ -127,7 +127,10 @@ scenario "dev_pr_replication" {
    // The enos provider uses different ssh transport configs for different distros (as
    // specified in enos-providers.hcl), and we need to be able to access both of those here.
    enos_provider = {
-      rhel   = provider.enos.rhel
+      amzn2  = provider.enos.ec2_user
      leap   = provider.enos.ec2_user
      rhel   = provider.enos.ec2_user
      sles   = provider.enos.ec2_user
      ubuntu = provider.enos.ubuntu
    }
    // We install vault packages from artifactory. If you wish to use one of these variants you'll
@@ -139,7 +142,7 @@ scenario "dev_pr_replication" {
    // If you are using an ent edition, you will need a Vault license. Common convention
    // is to store it at ./support/vault.hclic, but you may change this path according
    // to your own preference.
-    vault_install_dir = matrix.artifact == "zip" ? var.vault_install_dir : global.vault_install_dir_packages[matrix.distro]
+    vault_install_dir = matrix.artifact == "zip" || matrix.artifact == "local" ? global.vault_install_dir["bundle"] : global.vault_install_dir["package"]
  }
  // Begin scenario steps. These are the steps we'll perform to get your cluster up and running.
--- a/enos/enos-dev-scenario-single-cluster.hcl
+++ b/enos/enos-dev-scenario-single-cluster.hcl
@@ -68,14 +68,14 @@ scenario "dev_single_cluster" {
  EOF
  // The matrix is where we define all the baseline combinations that enos can utilize to customize
-  // your scenario. By default enos attempts to perform your command an the entire product! Most
+  // your scenario. By default enos attempts to perform your command on the entire product of these
-  // of the time you'll want to reduce that by passing in a filter.
+  // possible comginations! Most of the time you'll want to reduce that by passing in a filter.
  // Run 'enos scenario list --help' to see more about how filtering scenarios works in enos.
  matrix {
    arch     = ["amd64", "arm64"]
    artifact = ["local", "deb", "rpm", "zip"]
    backend  = ["consul", "raft"]
-    distro   = ["ubuntu", "rhel"]
+    distro   = ["amzn2", "leap", "rhel", "sles", "ubuntu"]
    edition  = ["ce", "ent", "ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
    seal     = ["awskms", "pkcs11", "shamir"]
@@ -107,10 +107,12 @@ scenario "dev_single_cluster" {
  terraform     = terraform.default
  // Here we declare all of the providers that we might need for our scenario.
  // There are two different configurations for the Enos provider, each specifying
  // SSH transport configs for different Linux distros.
  providers = [
    provider.aws.default,
-    provider.enos.ubuntu,
+    provider.enos.ec2_user,
-    provider.enos.rhel
+    provider.enos.ubuntu
  ]
  // These are variable values that are local to our scenario. They are evaluated after external
@@ -119,7 +121,10 @@ scenario "dev_single_cluster" {
    // The enos provider uses different ssh transport configs for different distros (as
    // specified in enos-providers.hcl), and we need to be able to access both of those here.
    enos_provider = {
-      rhel   = provider.enos.rhel
+      amzn2  = provider.enos.ec2_user
      leap   = provider.enos.ec2_user
      rhel   = provider.enos.ec2_user
      sles   = provider.enos.ec2_user
      ubuntu = provider.enos.ubuntu
    }
    // We install vault packages from artifactory. If you wish to use one of these variants you'll
@@ -131,7 +136,7 @@ scenario "dev_single_cluster" {
    // If you are using an ent edition, you will need a Vault license. Common convention
    // is to store it at ./support/vault.hclic, but you may change this path according
    // to your own preference.
-    vault_install_dir = matrix.artifact == "zip" ? var.vault_install_dir : global.vault_install_dir_packages[matrix.distro]
+    vault_install_dir = matrix.artifact == "zip" || matrix.artifact == "local" ? global.vault_install_dir["bundle"] : global.vault_install_dir["package"]
  }
  // Begin scenario steps. These are the steps we'll perform to get your cluster up and running.
--- a/enos/enos-globals.hcl
+++ b/enos/enos-globals.hcl
@@ -16,20 +16,43 @@ globals {
    "ent.hsm.fips1402" = ["ui", "enterprise", "cgo", "hsm", "fips", "fips_140_2", "ent.hsm.fips1402"]
  }
  config_modes    = ["env", "file"]
  consul_editions = ["ce", "ent"]
  consul_versions = ["1.14.11", "1.15.7", "1.16.3", "1.17.0"]
-  distros         = ["ubuntu", "rhel"]
+  distros         = ["amzn2", "leap", "rhel", "sles", "ubuntu"]
  # Different distros may require different packages, or use different aliases for the same package
  distro_packages = {
    amzn2 = ["nc"]
    leap  = ["netcat", "openssl"]
    rhel  = ["nc"]
    # When installing Vault RPM packages on a SLES AMI, the openssl package provided
    # isn't named "openssl, which rpm doesn't know how to handle. Therefore we add the
    # "correctly" named one in our package installation before installing Vault.
    sles   = ["netcat-openbsd", "openssl"]
    ubuntu = ["netcat"]
  }
  distro_version = {
-    "rhel"   = var.rhel_distro_version
+    "amzn2"  = var.distro_version_amzn2
-    "ubuntu" = var.ubuntu_distro_version
+    "leap"   = var.distro_version_leap
    "rhel"   = var.distro_version_rhel
    "sles"   = var.distro_version_sles
    "ubuntu" = var.distro_version_ubuntu
  }
  editions = ["ce", "ent", "ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
-  packages = ["jq"]
+  package_manager = {
-  distro_packages = {
+    "amzn2"  = "yum"
-    ubuntu = ["netcat"]
+    "leap"   = "zypper"
-    rhel   = ["nc"]
+    "rhel"   = "yum"
    "sles"   = "zypper"
    "ubuntu" = "apt"
  }
  packages = ["jq"]
  sample_attributes = {
-    aws_region = ["us-east-1", "us-west-2"]
+    aws_region            = ["us-east-1", "us-west-2"]
    distro_version_amzn2  = ["2"]
    distro_version_leap   = ["15.4", "15.5"]
    distro_version_rhel   = ["8.9", "9.3"]
    distro_version_sles   = ["v15_sp5_standard"]
    distro_version_ubuntu = ["20.04", "22.04"]
  }
  seals = ["awskms", "pkcs11", "shamir"]
  tags = merge({
@@ -42,9 +65,9 @@ globals {
  // that use this global might not work as expected with earlier versions. Below 1.8.x is
  // not supported in any way.
  upgrade_initial_versions = ["1.11.12", "1.12.11", "1.13.11", "1.14.7", "1.15.3"]
-  vault_install_dir_packages = {
+  vault_install_dir = {
-    rhel   = "/bin"
+    bundle  = "/opt/vault/bin"
-    ubuntu = "/usr/bin"
+    package = "/usr/bin"
  }
  vault_license_path = abspath(var.vault_license_path != null ? var.vault_license_path : joinpath(path.root, "./support/vault.hclic"))
  vault_tag_key      = "Type" // enos_vault_start expects Type as the tag key
--- a/enos/enos-providers.hcl
+++ b/enos/enos-providers.hcl
@@ -5,7 +5,8 @@ provider "aws" "default" {
  region = var.aws_region
 }
-provider "enos" "rhel" {
+# This default SSH user is used in RHEL, Amazon Linux, SUSE, and Leap distros
 provider "enos" "ec2_user" {
  transport = {
    ssh = {
      user             = "ec2-user"
@@ -14,6 +15,7 @@ provider "enos" "rhel" {
  }
 }
 # This default SSH user is used in the Ubuntu distro
 provider "enos" "ubuntu" {
  transport = {
    ssh = {
--- a/enos/enos-samples-ce-build.hcl
+++ b/enos/enos-samples-ce-build.hcl
@@ -97,7 +97,7 @@ sample "build_ce_linux_arm64_rpm" {
      arch            = ["arm64"]
      artifact_source = ["crt"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -107,7 +107,7 @@ sample "build_ce_linux_arm64_rpm" {
      arch            = ["arm64"]
      artifact_source = ["crt"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -117,7 +117,7 @@ sample "build_ce_linux_arm64_rpm" {
      arch            = ["arm64"]
      artifact_source = ["crt"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -127,7 +127,7 @@ sample "build_ce_linux_arm64_rpm" {
      arch            = ["arm64"]
      artifact_source = ["crt"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -141,7 +141,7 @@ sample "build_ce_linux_amd64_rpm" {
      arch            = ["amd64"]
      artifact_source = ["crt"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "leap", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -151,7 +151,7 @@ sample "build_ce_linux_amd64_rpm" {
      arch            = ["amd64"]
      artifact_source = ["crt"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "leap", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -161,7 +161,7 @@ sample "build_ce_linux_amd64_rpm" {
      arch            = ["amd64"]
      artifact_source = ["crt"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "leap", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -171,7 +171,7 @@ sample "build_ce_linux_amd64_rpm" {
      arch            = ["amd64"]
      artifact_source = ["crt"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "leap", "rhel", "sles"]
      edition         = ["ce"]
      exclude {
@@ -191,6 +191,7 @@ sample "build_ce_linux_amd64_zip" {
      arch            = ["amd64"]
      artifact_type   = ["bundle"]
      artifact_source = ["crt"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
@@ -200,6 +201,7 @@ sample "build_ce_linux_amd64_zip" {
      arch            = ["amd64"]
      artifact_type   = ["bundle"]
      artifact_source = ["crt"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
@@ -209,6 +211,7 @@ sample "build_ce_linux_amd64_zip" {
      arch            = ["amd64"]
      artifact_type   = ["bundle"]
      artifact_source = ["crt"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
@@ -218,6 +221,7 @@ sample "build_ce_linux_amd64_zip" {
      arch            = ["amd64"]
      artifact_type   = ["bundle"]
      artifact_source = ["crt"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
@@ -231,6 +235,7 @@ sample "build_ce_linux_arm64_zip" {
      arch            = ["arm64"]
      artifact_source = ["crt"]
      artifact_type   = ["bundle"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
@@ -240,6 +245,7 @@ sample "build_ce_linux_arm64_zip" {
      arch            = ["arm64"]
      artifact_source = ["crt"]
      artifact_type   = ["bundle"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
@@ -249,6 +255,7 @@ sample "build_ce_linux_arm64_zip" {
      arch            = ["arm64"]
      artifact_source = ["crt"]
      artifact_type   = ["bundle"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
@@ -258,6 +265,7 @@ sample "build_ce_linux_arm64_zip" {
      arch            = ["arm64"]
      artifact_source = ["crt"]
      artifact_type   = ["bundle"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
--- a/enos/enos-samples-ce-release.hcl
+++ b/enos/enos-samples-ce-release.hcl
@@ -97,7 +97,7 @@ sample "release_ce_linux_arm64_rpm" {
      arch            = ["arm64"]
      artifact_source = ["artifactory"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -107,7 +107,7 @@ sample "release_ce_linux_arm64_rpm" {
      arch            = ["arm64"]
      artifact_source = ["artifactory"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -117,7 +117,7 @@ sample "release_ce_linux_arm64_rpm" {
      arch            = ["arm64"]
      artifact_source = ["artifactory"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -127,7 +127,7 @@ sample "release_ce_linux_arm64_rpm" {
      arch            = ["arm64"]
      artifact_source = ["artifactory"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -141,7 +141,7 @@ sample "release_ce_linux_amd64_rpm" {
      arch            = ["amd64"]
      artifact_source = ["artifactory"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "leap", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -151,7 +151,7 @@ sample "release_ce_linux_amd64_rpm" {
      arch            = ["amd64"]
      artifact_source = ["artifactory"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "leap", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -161,7 +161,7 @@ sample "release_ce_linux_amd64_rpm" {
      arch            = ["amd64"]
      artifact_source = ["artifactory"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "leap", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -171,7 +171,7 @@ sample "release_ce_linux_amd64_rpm" {
      arch            = ["amd64"]
      artifact_source = ["artifactory"]
      artifact_type   = ["package"]
-      distro          = ["rhel"]
+      distro          = ["amzn2", "leap", "rhel", "sles"]
      edition         = ["ce"]
    }
  }
@@ -185,6 +185,7 @@ sample "release_ce_linux_amd64_zip" {
      arch            = ["amd64"]
      artifact_type   = ["bundle"]
      artifact_source = ["artifactory"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
@@ -194,6 +195,7 @@ sample "release_ce_linux_amd64_zip" {
      arch            = ["amd64"]
      artifact_type   = ["bundle"]
      artifact_source = ["artifactory"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
@@ -203,6 +205,7 @@ sample "release_ce_linux_amd64_zip" {
      arch            = ["amd64"]
      artifact_type   = ["bundle"]
      artifact_source = ["artifactory"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
@@ -212,6 +215,7 @@ sample "release_ce_linux_amd64_zip" {
      arch            = ["amd64"]
      artifact_type   = ["bundle"]
      artifact_source = ["artifactory"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
@@ -225,6 +229,7 @@ sample "release_ce_linux_arm64_zip" {
      arch            = ["arm64"]
      artifact_source = ["artifactory"]
      artifact_type   = ["bundle"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
@@ -234,6 +239,7 @@ sample "release_ce_linux_arm64_zip" {
      arch            = ["arm64"]
      artifact_source = ["artifactory"]
      artifact_type   = ["bundle"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
@@ -243,6 +249,7 @@ sample "release_ce_linux_arm64_zip" {
      arch            = ["arm64"]
      artifact_source = ["artifactory"]
      artifact_type   = ["bundle"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
@@ -252,6 +259,7 @@ sample "release_ce_linux_arm64_zip" {
      arch            = ["arm64"]
      artifact_source = ["artifactory"]
      artifact_type   = ["bundle"]
      distro          = ["amzn2", "ubuntu"]
      edition         = ["ce"]
    }
  }
--- a/enos/enos-scenario-agent.hcl
+++ b/enos/enos-scenario-agent.hcl
@@ -8,6 +8,7 @@ scenario "agent" {
    artifact_type   = global.artifact_types
    backend         = global.backends
    config_mode     = global.config_modes
    consul_edition  = global.consul_editions
    consul_version  = global.consul_versions
    distro          = global.distros
    edition         = global.editions
@@ -30,24 +31,39 @@ scenario "agent" {
      seal    = ["pkcs11"]
      edition = ["ce", "ent", "ent.fips1402"]
    }
    # arm64 AMIs are not offered for Leap 15.4
    exclude {
      distro = ["leap"]
      arch   = ["arm64"]
    }
    # softhsm packages not available for leap/sles; Enos support for softhsm
    # on amzn2 to be added later.
    exclude {
      seal   = ["pkcs11"]
      distro = ["amzn2", "leap", "sles"]
    }
  }
  terraform_cli = terraform_cli.default
  terraform     = terraform.default
  providers = [
    provider.aws.default,
-    provider.enos.ubuntu,
+    provider.enos.ec2_user,
-    provider.enos.rhel
+    provider.enos.ubuntu
  ]
  locals {
    artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
    enos_provider = {
-      rhel   = provider.enos.rhel
+      amzn2  = provider.enos.ec2_user
      leap   = provider.enos.ec2_user
      rhel   = provider.enos.ec2_user
      sles   = provider.enos.ec2_user
      ubuntu = provider.enos.ubuntu
    }
-    manage_service    = matrix.artifact_type == "bundle"
+    manage_service = matrix.artifact_type == "bundle"
    vault_install_dir = matrix.artifact_type == "bundle" ? var.vault_install_dir : global.vault_install_dir_packages[matrix.distro]
  }
  step "get_local_metadata" {
@@ -89,9 +105,9 @@ scenario "agent" {
  }
  // This step reads the contents of the backend license if we're using a Consul backend and
-  // the edition is "ent".
+  // an "ent" Consul edition.
  step "read_backend_license" {
-    skip_step = matrix.backend == "raft" || var.backend_edition == "ce"
+    skip_step = matrix.backend == "raft" || matrix.consul_edition == "ce"
    module    = module.read_license
    variables {
@@ -169,9 +185,9 @@ scenario "agent" {
    variables {
      cluster_name    = step.create_vault_cluster_backend_targets.cluster_name
      cluster_tag_key = global.backend_tag_key
-      license         = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      license         = (matrix.backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      release = {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      }
      target_hosts = step.create_vault_cluster_backend_targets.hosts
@@ -196,13 +212,13 @@ scenario "agent" {
      backend_cluster_tag_key = global.backend_tag_key
      cluster_name            = step.create_vault_cluster_targets.cluster_name
      config_mode             = matrix.config_mode
-      consul_license          = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      consul_license          = (matrix.backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      consul_release = matrix.backend == "consul" ? {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      } : null
      enable_audit_devices = var.vault_enable_audit_devices
-      install_dir          = local.vault_install_dir
+      install_dir          = global.vault_install_dir[matrix.artifact_type]
      license              = matrix.edition != "ce" ? step.read_vault_license.license : null
      local_artifact_path  = local.artifact_path
      manage_service       = local.manage_service
@@ -226,7 +242,7 @@ scenario "agent" {
    variables {
      timeout           = 120 # seconds
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -244,7 +260,7 @@ scenario "agent" {
    }
    variables {
-      vault_install_dir                = local.vault_install_dir
+      vault_install_dir                = global.vault_install_dir[matrix.artifact_type]
      vault_instances                  = step.create_vault_cluster_targets.hosts
      vault_root_token                 = step.create_vault_cluster.root_token
      vault_agent_template_destination = "/tmp/agent_output.txt"
@@ -281,7 +297,7 @@ scenario "agent" {
    variables {
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -297,7 +313,7 @@ scenario "agent" {
    variables {
      vault_instances       = step.create_vault_cluster_targets.hosts
      vault_edition         = matrix.edition
-      vault_install_dir     = local.vault_install_dir
+      vault_install_dir     = global.vault_install_dir[matrix.artifact_type]
      vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
      vault_revision        = matrix.artifact_source == "local" ? step.get_local_metadata.revision : var.vault_revision
      vault_build_date      = matrix.artifact_source == "local" ? step.get_local_metadata.build_date : var.vault_build_date
@@ -314,7 +330,7 @@ scenario "agent" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
    }
  }
@@ -334,7 +350,7 @@ scenario "agent" {
      leader_public_ip  = step.get_vault_cluster_ips.leader_public_ip
      leader_private_ip = step.get_vault_cluster_ips.leader_private_ip
      vault_instances   = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -352,7 +368,7 @@ scenario "agent" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
      vault_root_token  = step.create_vault_cluster.root_token
    }
@@ -371,7 +387,7 @@ scenario "agent" {
    variables {
      vault_edition     = matrix.edition
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
    }
  }
@@ -389,7 +405,7 @@ scenario "agent" {
    variables {
      node_public_ips   = step.get_vault_cluster_ips.follower_public_ips
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
    }
  }
--- a/enos/enos-scenario-autopilot.hcl
+++ b/enos/enos-scenario-autopilot.hcl
@@ -34,24 +34,40 @@ scenario "autopilot" {
      seal    = ["pkcs11"]
      edition = ["ce", "ent", "ent.fips1402"]
    }
    # arm64 AMIs are not offered for Leap 15.4
    exclude {
      distro = ["leap"]
      arch   = ["arm64"]
    }
    # softhsm packages not available for leap/sles; Enos support for softhsm
    # on amzn2 to be added later.
    exclude {
      seal   = ["pkcs11"]
      distro = ["amzn2", "leap", "sles"]
    }
  }
  terraform_cli = terraform_cli.default
  terraform     = terraform.default
  providers = [
    provider.aws.default,
-    provider.enos.ubuntu,
+    provider.enos.ec2_user,
-    provider.enos.rhel
+    provider.enos.ubuntu
  ]
  locals {
    artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
    enos_provider = {
-      rhel   = provider.enos.rhel
+      amzn2  = provider.enos.ec2_user
      leap   = provider.enos.ec2_user
      rhel   = provider.enos.ec2_user
      sles   = provider.enos.ec2_user
      ubuntu = provider.enos.ubuntu
    }
    manage_service                     = matrix.artifact_type == "bundle"
-    vault_install_dir                  = matrix.artifact_type == "bundle" ? var.vault_install_dir : global.vault_install_dir_packages[matrix.distro]
+    vault_install_dir                  = global.vault_install_dir[matrix.artifact_type]
    vault_autopilot_default_max_leases = semverconstraint(matrix.initial_version, ">=1.16.0-0") ? "300000" : ""
  }
@@ -159,7 +175,7 @@ scenario "autopilot" {
      cluster_name         = step.create_vault_cluster_targets.cluster_name
      config_mode          = matrix.config_mode
      enable_audit_devices = var.vault_enable_audit_devices
-      install_dir          = local.vault_install_dir
+      install_dir          = global.vault_install_dir[matrix.artifact_type]
      license              = matrix.edition != "ce" ? step.read_license.license : null
      packages             = concat(global.packages, global.distro_packages[matrix.distro])
      release = {
@@ -191,7 +207,7 @@ scenario "autopilot" {
    variables {
      vault_hosts       = step.create_vault_cluster.target_hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -211,7 +227,7 @@ scenario "autopilot" {
      leader_public_ip  = step.get_vault_cluster_ips.leader_public_ip
      leader_private_ip = step.get_vault_cluster_ips.leader_private_ip
      vault_instances   = step.create_vault_cluster.target_hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -245,7 +261,7 @@ scenario "autopilot" {
      log_level                   = var.vault_log_level
      force_unseal                = matrix.seal == "shamir"
      initialize_cluster          = false
-      install_dir                 = local.vault_install_dir
+      install_dir                 = global.vault_install_dir[matrix.artifact_type]
      license                     = matrix.edition != "ce" ? step.read_license.license : null
      local_artifact_path         = local.artifact_path
      manage_service              = local.manage_service
@@ -274,7 +290,7 @@ scenario "autopilot" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.upgrade_vault_cluster_with_autopilot.target_hosts
    }
  }
@@ -291,7 +307,7 @@ scenario "autopilot" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.upgrade_vault_cluster_with_autopilot.target_hosts
      vault_root_token  = step.upgrade_vault_cluster_with_autopilot.root_token
    }
@@ -312,7 +328,7 @@ scenario "autopilot" {
    variables {
      vault_autopilot_upgrade_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
      vault_autopilot_upgrade_status  = "await-server-removal"
-      vault_install_dir               = local.vault_install_dir
+      vault_install_dir               = global.vault_install_dir[matrix.artifact_type]
      vault_instances                 = step.create_vault_cluster.target_hosts
      vault_root_token                = step.upgrade_vault_cluster_with_autopilot.root_token
    }
@@ -332,7 +348,7 @@ scenario "autopilot" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
      vault_hosts       = step.upgrade_vault_cluster_with_autopilot.target_hosts
    }
@@ -354,7 +370,7 @@ scenario "autopilot" {
    variables {
      vault_hosts       = step.upgrade_vault_cluster_with_autopilot.target_hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -375,7 +391,7 @@ scenario "autopilot" {
    variables {
      node_public_ips      = step.get_updated_vault_cluster_ips.follower_public_ips
      vault_instance_count = 6
-      vault_install_dir    = local.vault_install_dir
+      vault_install_dir    = global.vault_install_dir[matrix.artifact_type]
    }
  }
@@ -395,7 +411,7 @@ scenario "autopilot" {
    variables {
      operator_instance      = step.get_updated_vault_cluster_ips.leader_public_ip
      remove_vault_instances = step.create_vault_cluster.target_hosts
-      vault_install_dir      = local.vault_install_dir
+      vault_install_dir      = global.vault_install_dir[matrix.artifact_type]
      vault_instance_count   = 3
      vault_root_token       = step.create_vault_cluster.root_token
    }
@@ -434,7 +450,7 @@ scenario "autopilot" {
    variables {
      vault_autopilot_upgrade_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
      vault_autopilot_upgrade_status  = "idle"
-      vault_install_dir               = local.vault_install_dir
+      vault_install_dir               = global.vault_install_dir[matrix.artifact_type]
      vault_instances                 = step.upgrade_vault_cluster_with_autopilot.target_hosts
      vault_root_token                = step.create_vault_cluster.root_token
    }
@@ -455,7 +471,7 @@ scenario "autopilot" {
    variables {
      vault_edition     = matrix.edition
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.upgrade_vault_cluster_with_autopilot.target_hosts
    }
  }
@@ -476,7 +492,7 @@ scenario "autopilot" {
    variables {
      vault_instances       = step.upgrade_vault_cluster_with_autopilot.target_hosts
      vault_edition         = matrix.edition
-      vault_install_dir     = local.vault_install_dir
+      vault_install_dir     = global.vault_install_dir[matrix.artifact_type]
      vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
      vault_revision        = matrix.artifact_source == "local" ? step.get_local_metadata.revision : var.vault_revision
      vault_build_date      = matrix.artifact_source == "local" ? step.get_local_metadata.build_date : var.vault_build_date
@@ -519,7 +535,7 @@ scenario "autopilot" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.upgrade_vault_cluster_with_autopilot.target_hosts
      vault_root_token  = step.create_vault_cluster.root_token
    }
--- a/enos/enos-scenario-proxy.hcl
+++ b/enos/enos-scenario-proxy.hcl
@@ -8,6 +8,7 @@ scenario "proxy" {
    artifact_type   = global.artifact_types
    backend         = global.backends
    config_mode     = global.config_modes
    consul_edition  = global.consul_editions
    consul_version  = global.consul_versions
    distro          = global.distros
    edition         = global.editions
@@ -30,24 +31,40 @@ scenario "proxy" {
      seal    = ["pkcs11"]
      edition = ["ce", "ent", "ent.fips1402"]
    }
    # arm64 AMIs are not offered for Leap 15.4
    exclude {
      distro = ["leap"]
      arch   = ["arm64"]
    }
    # softhsm packages not available for leap/sles; Enos support for softhsm
    # on amzn2 to be added later.
    exclude {
      seal   = ["pkcs11"]
      distro = ["amzn2", "leap", "sles"]
    }
  }
  terraform_cli = terraform_cli.default
  terraform     = terraform.default
  providers = [
    provider.aws.default,
-    provider.enos.ubuntu,
+    provider.enos.ec2_user,
-    provider.enos.rhel
+    provider.enos.ubuntu
  ]
  locals {
    artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
    enos_provider = {
-      rhel   = provider.enos.rhel
+      amzn2  = provider.enos.ec2_user
      leap   = provider.enos.ec2_user
      rhel   = provider.enos.ec2_user
      sles   = provider.enos.ec2_user
      ubuntu = provider.enos.ubuntu
    }
    manage_service    = matrix.artifact_type == "bundle"
-    vault_install_dir = matrix.artifact_type == "bundle" ? var.vault_install_dir : global.vault_install_dir_packages[matrix.distro]
+    vault_install_dir = global.vault_install_dir[matrix.artifact_type]
  }
  step "get_local_metadata" {
@@ -89,9 +106,9 @@ scenario "proxy" {
  }
  // This step reads the contents of the backend license if we're using a Consul backend and
-  // the edition is "ent".
+  // an "ent" Consul edition.
  step "read_backend_license" {
-    skip_step = matrix.backend == "raft" || var.backend_edition == "ce"
+    skip_step = matrix.backend == "raft" || matrix.consul_edition == "ce"
    module    = module.read_license
    variables {
@@ -169,9 +186,9 @@ scenario "proxy" {
    variables {
      cluster_name    = step.create_vault_cluster_backend_targets.cluster_name
      cluster_tag_key = global.backend_tag_key
-      license         = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      license         = (matrix.backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      release = {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      }
      target_hosts = step.create_vault_cluster_backend_targets.hosts
@@ -196,13 +213,13 @@ scenario "proxy" {
      backend_cluster_tag_key = global.backend_tag_key
      cluster_name            = step.create_vault_cluster_targets.cluster_name
      config_mode             = matrix.config_mode
-      consul_license          = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      consul_license          = (matrix.backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      consul_release = matrix.backend == "consul" ? {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      } : null
      enable_audit_devices = var.vault_enable_audit_devices
-      install_dir          = local.vault_install_dir
+      install_dir          = global.vault_install_dir[matrix.artifact_type]
      license              = matrix.edition != "ce" ? step.read_vault_license.license : null
      local_artifact_path  = local.artifact_path
      manage_service       = local.manage_service
@@ -226,7 +243,7 @@ scenario "proxy" {
    variables {
      timeout           = 120 # seconds
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -243,7 +260,7 @@ scenario "proxy" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
      vault_root_token  = step.create_vault_cluster.root_token
    }
@@ -259,7 +276,7 @@ scenario "proxy" {
    variables {
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -275,7 +292,7 @@ scenario "proxy" {
    variables {
      vault_instances       = step.create_vault_cluster_targets.hosts
      vault_edition         = matrix.edition
-      vault_install_dir     = local.vault_install_dir
+      vault_install_dir     = global.vault_install_dir[matrix.artifact_type]
      vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
      vault_revision        = matrix.artifact_source == "local" ? step.get_local_metadata.revision : var.vault_revision
      vault_build_date      = matrix.artifact_source == "local" ? step.get_local_metadata.build_date : var.vault_build_date
@@ -292,7 +309,7 @@ scenario "proxy" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
    }
  }
@@ -312,7 +329,7 @@ scenario "proxy" {
      leader_public_ip  = step.get_vault_cluster_ips.leader_public_ip
      leader_private_ip = step.get_vault_cluster_ips.leader_private_ip
      vault_instances   = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -327,7 +344,7 @@ scenario "proxy" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
      vault_root_token  = step.create_vault_cluster.root_token
    }
@@ -343,7 +360,7 @@ scenario "proxy" {
    variables {
      vault_edition     = matrix.edition
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
    }
  }
@@ -361,7 +378,7 @@ scenario "proxy" {
    variables {
      node_public_ips   = step.get_vault_cluster_ips.follower_public_ips
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
    }
  }
--- a/enos/enos-scenario-replication.hcl
+++ b/enos/enos-scenario-replication.hcl
@@ -10,6 +10,7 @@ scenario "replication" {
    artifact_source   = global.artifact_sources
    artifact_type     = global.artifact_types
    config_mode       = global.config_modes
    consul_edition    = global.consul_editions
    consul_version    = global.consul_versions
    distro            = global.distros
    edition           = global.editions
@@ -40,24 +41,40 @@ scenario "replication" {
      secondary_seal = ["pkcs11"]
      edition        = ["ce", "ent", "ent.fips1402"]
    }
    # arm64 AMIs are not offered for Leap 15.4
    exclude {
      distro = ["leap"]
      arch   = ["arm64"]
    }
    # softhsm packages not available for leap/sles; Enos support for softhsm
    # on amzn2 to be added later.
    exclude {
      seal   = ["pkcs11"]
      distro = ["amzn2", "leap", "sles"]
    }
  }
  terraform_cli = terraform_cli.default
  terraform     = terraform.default
  providers = [
    provider.aws.default,
-    provider.enos.ubuntu,
+    provider.enos.ec2_user,
-    provider.enos.rhel
+    provider.enos.ubuntu
  ]
  locals {
    artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
    enos_provider = {
-      rhel   = provider.enos.rhel
+      amzn2  = provider.enos.ec2_user
      leap   = provider.enos.ec2_user
      rhel   = provider.enos.ec2_user
      sles   = provider.enos.ec2_user
      ubuntu = provider.enos.ubuntu
    }
    manage_service    = matrix.artifact_type == "bundle"
-    vault_install_dir = matrix.artifact_type == "bundle" ? var.vault_install_dir : global.vault_install_dir_packages[matrix.distro]
+    vault_install_dir = matrix.artifact_type == "bundle" ? var.vault_install_dir : global.vault_install_dir[matrix.artifact_type]
  }
  step "get_local_metadata" {
@@ -99,9 +116,9 @@ scenario "replication" {
  }
  // This step reads the contents of the backend license if we're using a Consul backend and
-  // the edition is "ent".
+  // an "ent" Consul edition.
  step "read_backend_license" {
-    skip_step = (matrix.primary_backend == "raft" && matrix.secondary_backend == "raft") || var.backend_edition == "ce"
+    skip_step = (matrix.primary_backend == "raft" && matrix.secondary_backend == "raft") || matrix.consul_edition == "ce"
    module    = module.read_license
    variables {
@@ -255,9 +272,9 @@ scenario "replication" {
    variables {
      cluster_name    = step.create_primary_cluster_backend_targets.cluster_name
      cluster_tag_key = global.backend_tag_key
-      license         = (matrix.primary_backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      license         = (matrix.primary_backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      release = {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      }
      target_hosts = step.create_primary_cluster_backend_targets.hosts
@@ -281,14 +298,14 @@ scenario "replication" {
      backend_cluster_name    = step.create_primary_cluster_backend_targets.cluster_name
      backend_cluster_tag_key = global.backend_tag_key
      config_mode             = matrix.config_mode
-      consul_license          = (matrix.primary_backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      consul_license          = (matrix.primary_backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      cluster_name            = step.create_primary_cluster_targets.cluster_name
      consul_release = matrix.primary_backend == "consul" ? {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      } : null
      enable_audit_devices = var.vault_enable_audit_devices
-      install_dir          = local.vault_install_dir
+      install_dir          = global.vault_install_dir[matrix.artifact_type]
      license              = matrix.edition != "ce" ? step.read_vault_license.license : null
      local_artifact_path  = local.artifact_path
      manage_service       = local.manage_service
@@ -313,9 +330,9 @@ scenario "replication" {
    variables {
      cluster_name    = step.create_secondary_cluster_backend_targets.cluster_name
      cluster_tag_key = global.backend_tag_key
-      license         = (matrix.secondary_backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      license         = (matrix.secondary_backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      release = {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      }
      target_hosts = step.create_secondary_cluster_backend_targets.hosts
@@ -339,14 +356,14 @@ scenario "replication" {
      backend_cluster_name    = step.create_secondary_cluster_backend_targets.cluster_name
      backend_cluster_tag_key = global.backend_tag_key
      config_mode             = matrix.config_mode
-      consul_license          = (matrix.secondary_backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      consul_license          = (matrix.secondary_backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      cluster_name            = step.create_secondary_cluster_targets.cluster_name
      consul_release = matrix.secondary_backend == "consul" ? {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      } : null
      enable_audit_devices = var.vault_enable_audit_devices
-      install_dir          = local.vault_install_dir
+      install_dir          = global.vault_install_dir[matrix.artifact_type]
      license              = matrix.edition != "ce" ? step.read_vault_license.license : null
      local_artifact_path  = local.artifact_path
      manage_service       = local.manage_service
@@ -370,7 +387,7 @@ scenario "replication" {
    variables {
      vault_instances   = step.create_primary_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
    }
  }
@@ -386,7 +403,7 @@ scenario "replication" {
    variables {
      vault_instances   = step.create_secondary_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
    }
  }
@@ -403,7 +420,7 @@ scenario "replication" {
    variables {
      vault_instances       = step.create_primary_cluster_targets.hosts
      vault_edition         = matrix.edition
-      vault_install_dir     = local.vault_install_dir
+      vault_install_dir     = global.vault_install_dir[matrix.artifact_type]
      vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
      vault_revision        = matrix.artifact_source == "local" ? step.get_local_metadata.revision : var.vault_revision
      vault_build_date      = matrix.artifact_source == "local" ? step.get_local_metadata.build_date : var.vault_build_date
@@ -440,7 +457,7 @@ scenario "replication" {
    variables {
      vault_hosts       = step.create_primary_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_primary_cluster.root_token
    }
  }
@@ -464,7 +481,7 @@ scenario "replication" {
    variables {
      vault_hosts       = step.create_secondary_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_secondary_cluster.root_token
    }
  }
@@ -482,7 +499,7 @@ scenario "replication" {
      leader_public_ip  = step.get_primary_cluster_ips.leader_public_ip
      leader_private_ip = step.get_primary_cluster_ips.leader_private_ip
      vault_instances   = step.create_primary_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_primary_cluster.root_token
    }
  }
@@ -502,7 +519,7 @@ scenario "replication" {
    variables {
      primary_leader_public_ip  = step.get_primary_cluster_ips.leader_public_ip
      primary_leader_private_ip = step.get_primary_cluster_ips.leader_private_ip
-      vault_install_dir         = local.vault_install_dir
+      vault_install_dir         = global.vault_install_dir[matrix.artifact_type]
      vault_root_token          = step.create_primary_cluster.root_token
    }
  }
@@ -517,7 +534,7 @@ scenario "replication" {
    variables {
      primary_leader_public_ip = step.get_primary_cluster_ips.leader_public_ip
-      vault_install_dir        = local.vault_install_dir
+      vault_install_dir        = global.vault_install_dir[matrix.artifact_type]
      vault_root_token         = step.create_primary_cluster.root_token
    }
  }
@@ -533,7 +550,7 @@ scenario "replication" {
    variables {
      secondary_leader_public_ip  = step.get_secondary_cluster_ips.leader_public_ip
      secondary_leader_private_ip = step.get_secondary_cluster_ips.leader_private_ip
-      vault_install_dir           = local.vault_install_dir
+      vault_install_dir           = global.vault_install_dir[matrix.artifact_type]
      vault_root_token            = step.create_secondary_cluster.root_token
      wrapping_token              = step.generate_secondary_token.secondary_token
    }
@@ -556,7 +573,7 @@ scenario "replication" {
    variables {
      follower_public_ips = step.get_secondary_cluster_ips.follower_public_ips
-      vault_install_dir   = local.vault_install_dir
+      vault_install_dir   = global.vault_install_dir[matrix.artifact_type]
      vault_unseal_keys   = matrix.primary_seal == "shamir" ? step.create_primary_cluster.unseal_keys_hex : step.create_primary_cluster.recovery_keys_hex
      vault_seal_type     = matrix.primary_seal == "shamir" ? matrix.primary_seal : matrix.secondary_seal
    }
@@ -574,7 +591,7 @@ scenario "replication" {
    variables {
      vault_instances   = step.create_secondary_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
    }
  }
@@ -591,7 +608,7 @@ scenario "replication" {
      primary_leader_private_ip   = step.get_primary_cluster_ips.leader_private_ip
      secondary_leader_public_ip  = step.get_secondary_cluster_ips.leader_public_ip
      secondary_leader_private_ip = step.get_secondary_cluster_ips.leader_private_ip
-      vault_install_dir           = local.vault_install_dir
+      vault_install_dir           = global.vault_install_dir[matrix.artifact_type]
    }
  }
@@ -609,7 +626,7 @@ scenario "replication" {
    variables {
      node_public_ips   = step.get_secondary_cluster_ips.follower_public_ips
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
    }
  }
@@ -633,15 +650,15 @@ scenario "replication" {
      backend_cluster_tag_key = global.backend_tag_key
      cluster_name            = step.create_primary_cluster_targets.cluster_name
      config_mode             = matrix.config_mode
-      consul_license          = (matrix.primary_backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      consul_license          = (matrix.primary_backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      consul_release = matrix.primary_backend == "consul" ? {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      } : null
      enable_audit_devices = var.vault_enable_audit_devices
      force_unseal         = matrix.primary_seal == "shamir"
      initialize_cluster   = false
-      install_dir          = local.vault_install_dir
+      install_dir          = global.vault_install_dir[matrix.artifact_type]
      license              = matrix.edition != "ce" ? step.read_vault_license.license : null
      local_artifact_path  = local.artifact_path
      manage_service       = local.manage_service
@@ -666,7 +683,7 @@ scenario "replication" {
    variables {
      vault_instances   = step.create_primary_cluster_additional_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
    }
  }
@@ -685,7 +702,7 @@ scenario "replication" {
    variables {
      vault_instances   = step.create_primary_cluster_additional_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_primary_cluster.root_token
    }
  }
@@ -755,7 +772,7 @@ scenario "replication" {
    variables {
      timeout           = 120 # seconds
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_primary_cluster.root_token
      vault_hosts       = step.get_remaining_hosts_replication_data.remaining_hosts
    }
@@ -775,7 +792,7 @@ scenario "replication" {
    variables {
      vault_hosts          = step.get_remaining_hosts_replication_data.remaining_hosts
-      vault_install_dir    = local.vault_install_dir
+      vault_install_dir    = global.vault_install_dir[matrix.artifact_type]
      vault_instance_count = step.get_remaining_hosts_replication_data.remaining_hosts_count
      vault_root_token     = step.create_primary_cluster.root_token
    }
@@ -799,7 +816,7 @@ scenario "replication" {
      primary_leader_private_ip   = step.get_updated_primary_cluster_ips.leader_private_ip
      secondary_leader_public_ip  = step.get_secondary_cluster_ips.leader_public_ip
      secondary_leader_private_ip = step.get_secondary_cluster_ips.leader_private_ip
-      vault_install_dir           = local.vault_install_dir
+      vault_install_dir           = global.vault_install_dir[matrix.artifact_type]
    }
  }
@@ -874,7 +891,7 @@ scenario "replication" {
  }
  output "initial_known_primary_cluster_addresses" {
-    description = "The Vault secondary cluster performance replication status"
+    description = "The initial known Vault primary cluster addresses"
    value       = step.verify_performance_replication.known_primary_cluster_addrs
  }
@@ -889,7 +906,7 @@ scenario "replication" {
  }
  output "initial_secondary_replication_data_primaries" {
-    description = "The Vault  secondary cluster primaries connection status"
+    description = "The Vault secondary cluster primaries connection status"
    value       = step.verify_performance_replication.secondary_replication_data_primaries
  }
--- a/enos/enos-scenario-seal-ha.hcl
+++ b/enos/enos-scenario-seal-ha.hcl
@@ -8,6 +8,7 @@ scenario "seal_ha" {
    artifact_type   = global.artifact_types
    backend         = global.backends
    config_mode     = global.config_modes
    consul_edition  = global.consul_editions
    consul_version  = global.consul_versions
    distro          = global.distros
    edition         = global.editions
@@ -37,24 +38,46 @@ scenario "seal_ha" {
      secondary_seal = ["pkcs11"]
      edition        = ["ce", "ent", "ent.fips1402"]
    }
    # arm64 AMIs are not offered for Leap 15.4
    exclude {
      distro = ["leap"]
      arch   = ["arm64"]
    }
    # softhsm packages not available for leap/sles; Enos support for softhsm
    # on amzn2 to be added later.
    exclude {
      primary_seal = ["pkcs11"]
      distro       = ["amzn2", "leap", "sles"]
    }
    # softhsm packages not available for leap/sles; Enos support for softhsm
    # on amzn2 to be added later.
    exclude {
      secondary_seal = ["pkcs11"]
      distro         = ["amzn2", "leap", "sles"]
    }
  }
  terraform_cli = terraform_cli.default
  terraform     = terraform.default
  providers = [
    provider.aws.default,
-    provider.enos.ubuntu,
+    provider.enos.ec2_user,
-    provider.enos.rhel
+    provider.enos.ubuntu
  ]
  locals {
    artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
    enos_provider = {
-      rhel   = provider.enos.rhel
+      amzn2  = provider.enos.ec2_user
      leap   = provider.enos.ec2_user
      rhel   = provider.enos.ec2_user
      sles   = provider.enos.ec2_user
      ubuntu = provider.enos.ubuntu
    }
-    manage_service    = matrix.artifact_type == "bundle"
+    manage_service = matrix.artifact_type == "bundle"
    vault_install_dir = matrix.artifact_type == "bundle" ? var.vault_install_dir : global.vault_install_dir_packages[matrix.distro]
  }
  step "get_local_metadata" {
@@ -127,9 +150,9 @@ scenario "seal_ha" {
  }
  // This step reads the contents of the backend license if we're using a Consul backend and
-  // the edition is "ent".
+  // an "ent" Consul edition.
  step "read_backend_license" {
-    skip_step = matrix.backend == "raft" || var.backend_edition == "ce"
+    skip_step = matrix.backend == "raft" || matrix.consul_edition == "ce"
    module    = module.read_license
    variables {
@@ -193,9 +216,9 @@ scenario "seal_ha" {
    variables {
      cluster_name    = step.create_vault_cluster_backend_targets.cluster_name
      cluster_tag_key = global.backend_tag_key
-      license         = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      license         = (matrix.backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      release = {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      }
      target_hosts = step.create_vault_cluster_backend_targets.hosts
@@ -220,13 +243,13 @@ scenario "seal_ha" {
      backend_cluster_tag_key = global.backend_tag_key
      cluster_name            = step.create_vault_cluster_targets.cluster_name
      config_mode             = matrix.config_mode
-      consul_license          = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      consul_license          = (matrix.backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      consul_release = matrix.backend == "consul" ? {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      } : null
      enable_audit_devices = var.vault_enable_audit_devices
-      install_dir          = local.vault_install_dir
+      install_dir          = global.vault_install_dir[matrix.artifact_type]
      license              = matrix.edition != "ce" ? step.read_vault_license.license : null
      local_artifact_path  = local.artifact_path
      manage_service       = local.manage_service
@@ -251,7 +274,7 @@ scenario "seal_ha" {
    variables {
      timeout           = 120 # seconds
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -266,7 +289,7 @@ scenario "seal_ha" {
    variables {
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -280,7 +303,7 @@ scenario "seal_ha" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
    }
  }
@@ -302,7 +325,7 @@ scenario "seal_ha" {
      leader_public_ip  = step.get_vault_cluster_ips.leader_public_ip
      leader_private_ip = step.get_vault_cluster_ips.leader_private_ip
      vault_instances   = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -320,7 +343,7 @@ scenario "seal_ha" {
    variables {
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -354,7 +377,7 @@ scenario "seal_ha" {
    variables {
      cluster_name              = step.create_vault_cluster_targets.cluster_name
-      install_dir               = local.vault_install_dir
+      install_dir               = global.vault_install_dir[matrix.artifact_type]
      license                   = matrix.edition != "ce" ? step.read_vault_license.license : null
      manage_service            = local.manage_service
      seal_attributes           = step.create_primary_seal_key.attributes
@@ -378,7 +401,7 @@ scenario "seal_ha" {
    variables {
      timeout           = 120 # seconds
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -393,7 +416,7 @@ scenario "seal_ha" {
    variables {
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -408,7 +431,7 @@ scenario "seal_ha" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      leader_host       = step.get_leader_ip_for_step_down.leader_host
      vault_root_token  = step.create_vault_cluster.root_token
    }
@@ -426,7 +449,7 @@ scenario "seal_ha" {
    variables {
      timeout           = 120 # seconds
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -441,7 +464,7 @@ scenario "seal_ha" {
    variables {
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -455,7 +478,7 @@ scenario "seal_ha" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
    }
  }
@@ -474,7 +497,7 @@ scenario "seal_ha" {
    variables {
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -491,7 +514,7 @@ scenario "seal_ha" {
    variables {
      vault_instances       = step.create_vault_cluster_targets.hosts
      vault_edition         = matrix.edition
-      vault_install_dir     = local.vault_install_dir
+      vault_install_dir     = global.vault_install_dir[matrix.artifact_type]
      vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
      vault_revision        = matrix.artifact_source == "local" ? step.get_local_metadata.revision : var.vault_revision
      vault_build_date      = matrix.artifact_source == "local" ? step.get_local_metadata.build_date : var.vault_build_date
@@ -509,7 +532,7 @@ scenario "seal_ha" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
      vault_root_token  = step.create_vault_cluster.root_token
    }
@@ -525,7 +548,7 @@ scenario "seal_ha" {
    variables {
      vault_edition     = matrix.edition
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
    }
  }
@@ -541,7 +564,7 @@ scenario "seal_ha" {
    variables {
      node_public_ips   = step.get_updated_cluster_ips.follower_public_ips
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
    }
  }
@@ -570,7 +593,7 @@ scenario "seal_ha" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_hosts       = step.create_vault_cluster_targets.hosts
      seal_type         = "multiseal"
    }
@@ -607,7 +630,7 @@ scenario "seal_ha" {
    variables {
      cluster_name    = step.create_vault_cluster_targets.cluster_name
-      install_dir     = local.vault_install_dir
+      install_dir     = global.vault_install_dir[matrix.artifact_type]
      license         = matrix.edition != "ce" ? step.read_vault_license.license : null
      manage_service  = local.manage_service
      seal_alias      = "secondary"
@@ -630,7 +653,7 @@ scenario "seal_ha" {
    variables {
      timeout           = 120 # seconds
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -646,7 +669,7 @@ scenario "seal_ha" {
    variables {
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -661,7 +684,7 @@ scenario "seal_ha" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
    }
  }
@@ -680,7 +703,7 @@ scenario "seal_ha" {
    variables {
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -696,7 +719,7 @@ scenario "seal_ha" {
    variables {
      node_public_ips   = step.get_cluster_ips_after_migration.follower_public_ips
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
    }
  }
@@ -712,7 +735,7 @@ scenario "seal_ha" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_hosts       = step.create_vault_cluster_targets.hosts
      seal_type         = matrix.secondary_seal
    }
--- a/enos/enos-scenario-smoke.hcl
+++ b/enos/enos-scenario-smoke.hcl
@@ -8,6 +8,7 @@ scenario "smoke" {
    artifact_type   = global.artifact_types
    backend         = global.backends
    config_mode     = global.config_modes
    consul_edition  = global.consul_editions
    consul_version  = global.consul_versions
    distro          = global.distros
    edition         = global.editions
@@ -30,24 +31,39 @@ scenario "smoke" {
      seal    = ["pkcs11"]
      edition = ["ce", "ent", "ent.fips1402"]
    }
    # arm64 AMIs are not offered for Leap 15.4
    exclude {
      distro = ["leap"]
      arch   = ["arm64"]
    }
    # softhsm packages not available for leap/sles; Enos support for softhsm
    # on amzn2 to be added later.
    exclude {
      seal   = ["pkcs11"]
      distro = ["amzn2", "leap", "sles"]
    }
  }
  terraform_cli = terraform_cli.default
  terraform     = terraform.default
  providers = [
    provider.aws.default,
-    provider.enos.ubuntu,
+    provider.enos.ec2_user,
-    provider.enos.rhel
+    provider.enos.ubuntu
  ]
  locals {
    artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
    enos_provider = {
-      rhel   = provider.enos.rhel
+      amzn2  = provider.enos.ec2_user
      leap   = provider.enos.ec2_user
      rhel   = provider.enos.ec2_user
      sles   = provider.enos.ec2_user
      ubuntu = provider.enos.ubuntu
    }
-    manage_service    = matrix.artifact_type == "bundle"
+    manage_service = matrix.artifact_type == "bundle"
    vault_install_dir = matrix.artifact_type == "bundle" ? var.vault_install_dir : global.vault_install_dir_packages[matrix.distro]
  }
  step "get_local_metadata" {
@@ -89,9 +105,9 @@ scenario "smoke" {
  }
  // This step reads the contents of the backend license if we're using a Consul backend and
-  // the edition is "ent".
+  // an "ent" Consul edition.
  step "read_backend_license" {
-    skip_step = matrix.backend == "raft" || var.backend_edition == "ce"
+    skip_step = matrix.backend == "raft" || matrix.consul_edition == "ce"
    module    = module.read_license
    variables {
@@ -169,9 +185,9 @@ scenario "smoke" {
    variables {
      cluster_name    = step.create_vault_cluster_backend_targets.cluster_name
      cluster_tag_key = global.backend_tag_key
-      license         = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      license         = (matrix.backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      release = {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      }
      target_hosts = step.create_vault_cluster_backend_targets.hosts
@@ -196,13 +212,13 @@ scenario "smoke" {
      backend_cluster_tag_key = global.backend_tag_key
      cluster_name            = step.create_vault_cluster_targets.cluster_name
      config_mode             = matrix.config_mode
-      consul_license          = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      consul_license          = (matrix.backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      consul_release = matrix.backend == "consul" ? {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      } : null
      enable_audit_devices = var.vault_enable_audit_devices
-      install_dir          = local.vault_install_dir
+      install_dir          = global.vault_install_dir[matrix.artifact_type]
      license              = matrix.edition != "ce" ? step.read_vault_license.license : null
      local_artifact_path  = local.artifact_path
      manage_service       = local.manage_service
@@ -226,7 +242,7 @@ scenario "smoke" {
    variables {
      timeout           = 120 # seconds
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -241,7 +257,7 @@ scenario "smoke" {
    variables {
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -256,7 +272,7 @@ scenario "smoke" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      leader_host       = step.get_leader_ip_for_step_down.leader_host
      vault_root_token  = step.create_vault_cluster.root_token
    }
@@ -274,7 +290,7 @@ scenario "smoke" {
    variables {
      timeout           = 120 # seconds
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -289,7 +305,7 @@ scenario "smoke" {
    variables {
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -305,7 +321,7 @@ scenario "smoke" {
    variables {
      vault_instances       = step.create_vault_cluster_targets.hosts
      vault_edition         = matrix.edition
-      vault_install_dir     = local.vault_install_dir
+      vault_install_dir     = global.vault_install_dir[matrix.artifact_type]
      vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
      vault_revision        = matrix.artifact_source == "local" ? step.get_local_metadata.revision : var.vault_revision
      vault_build_date      = matrix.artifact_source == "local" ? step.get_local_metadata.build_date : var.vault_build_date
@@ -322,7 +338,7 @@ scenario "smoke" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
    }
  }
@@ -342,7 +358,7 @@ scenario "smoke" {
      leader_public_ip  = step.get_vault_cluster_ips.leader_public_ip
      leader_private_ip = step.get_vault_cluster_ips.leader_private_ip
      vault_instances   = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -360,7 +376,7 @@ scenario "smoke" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
      vault_root_token  = step.create_vault_cluster.root_token
    }
@@ -379,7 +395,7 @@ scenario "smoke" {
    variables {
      vault_edition     = matrix.edition
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
    }
  }
@@ -397,7 +413,7 @@ scenario "smoke" {
    variables {
      node_public_ips   = step.get_vault_cluster_ips.follower_public_ips
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
    }
  }
--- a/enos/enos-scenario-ui.hcl
+++ b/enos/enos-scenario-ui.hcl
@@ -3,8 +3,9 @@
 scenario "ui" {
  matrix {
-    backend = global.backends
+    backend        = global.backends
-    edition = ["ce", "ent"]
+    consul_edition = global.consul_editions
    edition        = ["ce", "ent"]
  }
  terraform_cli = terraform_cli.default
@@ -23,7 +24,7 @@ scenario "ui" {
      "ce"  = ["ui"]
      "ent" = ["ui", "enterprise", "ent"]
    }
-    bundle_path    = abspath(var.vault_artifact_path)
+    artifact_path  = abspath(var.vault_artifact_path)
    distro         = "ubuntu"
    consul_version = "1.17.0"
    seal           = "awskms"
@@ -32,10 +33,6 @@ scenario "ui" {
      "Project" : "Enos",
      "Environment" : "ci"
    }, var.tags)
    vault_install_dir_packages = {
      rhel   = "/bin"
      ubuntu = "/usr/bin"
    }
    vault_install_dir  = var.vault_install_dir
    vault_license_path = abspath(var.vault_license_path != null ? var.vault_license_path : joinpath(path.root, "./support/vault.hclic"))
    vault_tag_key      = "Type" // enos_vault_start expects Type as the tag key
@@ -47,7 +44,7 @@ scenario "ui" {
    variables {
      build_tags      = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition]
-      bundle_path     = local.bundle_path
+      artifact_path   = local.artifact_path
      goarch          = local.arch
      goos            = "linux"
      product_version = var.vault_product_version
@@ -78,9 +75,9 @@ scenario "ui" {
  }
  // This step reads the contents of the backend license if we're using a Consul backend and
-  // the edition is "ent".
+  // an "ent" Consul edition.
  step "read_backend_license" {
-    skip_step = matrix.backend == "raft" || var.backend_edition == "ce"
+    skip_step = matrix.backend == "raft" || matrix.consul_edition == "ce"
    module    = module.read_license
    variables {
@@ -106,10 +103,10 @@ scenario "ui" {
    }
    variables {
-      ami_id          = step.ec2_info.ami_ids[local.arch][local.distro][var.ubuntu_distro_version]
+      ami_id          = step.ec2_info.ami_ids[local.arch][local.distro][var.distro_version_ubuntu]
      cluster_tag_key = local.vault_tag_key
      common_tags     = local.tags
-      seal_names      = step.create_seal_key.resource_names
+      seal_key_names  = step.create_seal_key.resource_names
      vpc_id          = step.create_vpc.id
    }
  }
@@ -126,7 +123,7 @@ scenario "ui" {
      ami_id          = step.ec2_info.ami_ids["arm64"]["ubuntu"]["22.04"]
      cluster_tag_key = local.backend_tag_key
      common_tags     = local.tags
-      seal_names      = step.create_seal_key.resource_names
+      seal_key_names  = step.create_seal_key.resource_names
      vpc_id          = step.create_vpc.id
    }
  }
@@ -144,9 +141,9 @@ scenario "ui" {
    variables {
      cluster_name    = step.create_vault_cluster_backend_targets.cluster_name
      cluster_tag_key = local.backend_tag_key
-      license         = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      license         = (matrix.backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      release = {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = local.consul_version
      }
      target_hosts = step.create_vault_cluster_backend_targets.hosts
@@ -169,15 +166,15 @@ scenario "ui" {
      backend_cluster_name    = step.create_vault_cluster_backend_targets.cluster_name
      backend_cluster_tag_key = local.backend_tag_key
      cluster_name            = step.create_vault_cluster_targets.cluster_name
-      consul_license          = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      consul_license          = (matrix.backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      consul_release = matrix.backend == "consul" ? {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = local.consul_version
      } : null
      enable_audit_devices = var.vault_enable_audit_devices
      install_dir          = local.vault_install_dir
      license              = matrix.edition != "ce" ? step.read_vault_license.license : null
-      local_artifact_path  = local.bundle_path
+      local_artifact_path  = local.artifact_path
      packages             = global.distro_packages["ubuntu"]
      seal_name            = step.create_seal_key.resource_name
      seal_type            = local.seal
--- a/enos/enos-scenario-upgrade.hcl
+++ b/enos/enos-scenario-upgrade.hcl
@@ -8,6 +8,7 @@ scenario "upgrade" {
    artifact_type   = global.artifact_types
    backend         = global.backends
    config_mode     = global.config_modes
    consul_edition  = global.consul_editions
    consul_version  = global.consul_versions
    distro          = global.distros
    edition         = global.editions
@@ -43,24 +44,39 @@ scenario "upgrade" {
      seal    = ["pkcs11"]
      edition = ["ce", "ent", "ent.fips1402"]
    }
    # arm64 AMIs are not offered for Leap 15.4
    exclude {
      distro = ["leap"]
      arch   = ["arm64"]
    }
    # softhsm packages not available for leap/sles; Enos support for softhsm
    # on amzn2 to be added later.
    exclude {
      seal   = ["pkcs11"]
      distro = ["amzn2", "leap", "sles"]
    }
  }
  terraform_cli = terraform_cli.default
  terraform     = terraform.default
  providers = [
    provider.aws.default,
-    provider.enos.ubuntu,
+    provider.enos.ec2_user,
-    provider.enos.rhel
+    provider.enos.ubuntu
  ]
  locals {
    artifact_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_artifact_path) : null
    enos_provider = {
-      rhel   = provider.enos.rhel
+      amzn2  = provider.enos.ec2_user
      leap   = provider.enos.ec2_user
      rhel   = provider.enos.ec2_user
      sles   = provider.enos.ec2_user
      ubuntu = provider.enos.ubuntu
    }
-    manage_service    = matrix.artifact_type == "bundle"
+    manage_service = matrix.artifact_type == "bundle"
    vault_install_dir = matrix.artifact_type == "bundle" ? var.vault_install_dir : global.vault_install_dir_packages[matrix.distro]
  }
  step "get_local_metadata" {
@@ -103,9 +119,9 @@ scenario "upgrade" {
  }
  // This step reads the contents of the backend license if we're using a Consul backend and
-  // the edition is "ent".
+  // an "ent" Consul edition.
  step "read_backend_license" {
-    skip_step = matrix.backend == "raft" || var.backend_edition == "ce"
+    skip_step = matrix.backend == "raft" || matrix.consul_edition == "ce"
    module    = module.read_license
    variables {
@@ -183,9 +199,9 @@ scenario "upgrade" {
    variables {
      cluster_name    = step.create_vault_cluster_backend_targets.cluster_name
      cluster_tag_key = global.backend_tag_key
-      license         = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      license         = (matrix.backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      release = {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      }
      target_hosts = step.create_vault_cluster_backend_targets.hosts
@@ -209,13 +225,13 @@ scenario "upgrade" {
      backend_cluster_tag_key = global.backend_tag_key
      cluster_name            = step.create_vault_cluster_targets.cluster_name
      config_mode             = matrix.config_mode
-      consul_license          = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
+      consul_license          = (matrix.backend == "consul" && matrix.consul_edition == "ent") ? step.read_backend_license.license : null
      consul_release = matrix.backend == "consul" ? {
-        edition = var.backend_edition
+        edition = matrix.consul_edition
        version = matrix.consul_version
      } : null
      enable_audit_devices = var.vault_enable_audit_devices
-      install_dir          = local.vault_install_dir
+      install_dir          = global.vault_install_dir[matrix.artifact_type]
      license              = matrix.edition != "ce" ? step.read_vault_license.license : null
      packages             = concat(global.packages, global.distro_packages[matrix.distro])
      release = {
@@ -239,7 +255,7 @@ scenario "upgrade" {
    variables {
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -259,7 +275,7 @@ scenario "upgrade" {
      leader_public_ip  = step.get_vault_cluster_ips.leader_public_ip
      leader_private_ip = step.get_vault_cluster_ips.leader_private_ip
      vault_instances   = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -282,7 +298,7 @@ scenario "upgrade" {
      vault_instances           = step.create_vault_cluster_targets.hosts
      vault_local_artifact_path = local.artifact_path
      vault_artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null
-      vault_install_dir         = local.vault_install_dir
+      vault_install_dir         = global.vault_install_dir[matrix.artifact_type]
      vault_unseal_keys         = matrix.seal == "shamir" ? step.create_vault_cluster.unseal_keys_hex : null
      vault_seal_type           = matrix.seal
    }
@@ -303,7 +319,7 @@ scenario "upgrade" {
    variables {
      timeout           = 120 # seconds
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -318,7 +334,7 @@ scenario "upgrade" {
    variables {
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -333,7 +349,7 @@ scenario "upgrade" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      leader_host       = step.get_leader_ip_for_step_down.leader_host
      vault_root_token  = step.create_vault_cluster.root_token
    }
@@ -351,7 +367,7 @@ scenario "upgrade" {
    variables {
      timeout           = 120 # seconds
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -368,7 +384,7 @@ scenario "upgrade" {
    variables {
      vault_hosts       = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_root_token  = step.create_vault_cluster.root_token
    }
  }
@@ -386,7 +402,7 @@ scenario "upgrade" {
    variables {
      vault_instances       = step.create_vault_cluster_targets.hosts
      vault_edition         = matrix.edition
-      vault_install_dir     = local.vault_install_dir
+      vault_install_dir     = global.vault_install_dir[matrix.artifact_type]
      vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
      vault_revision        = matrix.artifact_source == "local" ? step.get_local_metadata.revision : var.vault_revision
      vault_build_date      = matrix.artifact_source == "local" ? step.get_local_metadata.build_date : var.vault_build_date
@@ -406,7 +422,7 @@ scenario "upgrade" {
    variables {
      vault_instances   = step.create_vault_cluster_targets.hosts
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
    }
  }
@@ -424,7 +440,7 @@ scenario "upgrade" {
    variables {
      node_public_ips   = step.get_updated_vault_cluster_ips.follower_public_ips
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
    }
  }
@@ -440,7 +456,7 @@ scenario "upgrade" {
    }
    variables {
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
      vault_root_token  = step.create_vault_cluster.root_token
    }
@@ -458,7 +474,7 @@ scenario "upgrade" {
    variables {
      vault_edition     = matrix.edition
-      vault_install_dir = local.vault_install_dir
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
      vault_instances   = step.create_vault_cluster_targets.hosts
    }
  }
--- a/enos/enos-variables.hcl
+++ b/enos/enos-variables.hcl
@@ -75,10 +75,34 @@ variable "project_name" {
  default     = "vault-enos-integration"
 }
-variable "rhel_distro_version" {
+variable "distro_version_amzn2" {
  description = "The version of Amazon Linux 2 to use"
  type        = string
  default     = "2"
 }
 variable "distro_version_leap" {
  description = "The version of openSUSE leap to use"
  type        = string
  default     = "15.5" // or "15.4"
 }
 variable "distro_version_rhel" {
  description = "The version of RHEL to use"
  type        = string
-  default     = "9.1" // or "8.8"
+  default     = "9.3" // or "8.9"
 }
 variable "distro_version_sles" {
  description = "The version of SUSE SLES to use"
  type        = string
  default     = "v15_sp5_standard"
 }
 variable "distro_version_ubuntu" {
  description = "The version of ubuntu to use"
  type        = string
  default     = "22.04" // or "20.04"
 }
 variable "tags" {
@@ -93,12 +117,6 @@ variable "terraform_plugin_cache_dir" {
  default     = null
 }
 variable "ubuntu_distro_version" {
  description = "The version of ubuntu to use"
  type        = string
  default     = "22.04" // or "20.04", "18.04"
 }
 variable "ui_test_filter" {
  type        = string
  description = "A test filter to limit the ui tests to execute. Will be appended to the ember test command as '-f=\"<filter>\"'"
--- a/enos/enos.vars.hcl
+++ b/enos/enos.vars.hcl
@@ -23,9 +23,6 @@
 # aws_ssh_private_key_path is the path to the AWS keypair private key
 # aws_ssh_private_key_path = "./support/private_key.pem"
 # backend_edition is the backend (consul) release edition if applicable to the scenario.
 # backend_edition = "ce"
 # backend_license_path is the license for the backend if applicable (Consul Enterprise)".
 # backend_license_path = "./support/consul.hclic"
@@ -40,8 +37,20 @@
 # resources.
 # project_name = "vault-enos-integration"
-# rhel_distro_version is the version of RHEL to use for "distro:rhel" variants.
+# distro_version_amzn2 is the version of Amazon Linux 2 to use for "distro:amzn2" variants
-# rhel_distro_version = "9.1" // or "8.8"
+# distro_version_amzn2 = "2"
 # distro_version_leap is the version of openSUSE Leap to use for "distro:leap" variants
 # distro_version_leap = "15.5" // or "15.4"
 # distro_version_rhel is the version of RHEL to use for "distro:rhel" variants.
 # distro_version_rhel = "9.3" // or "8.9"
 # distro_version_sles is the version of SUSE SLES to use for "distro:sles" variants.
 # distro_version_sles = "v15_sp5_standard"
 # distro_version_ubuntu is the version of ubuntu to use for "distro:ubuntu" variants
 # distro_version_ubuntu = "22.04" // or "20.04", "18.04"
 # tags are a map of tags that will be applied to infrastructure resources that
 # support tagging.
@@ -59,9 +68,6 @@
 # cluster will be created but no tests will be run.
 # ui_run_tests = true
 # ubuntu_distro_version is the version of ubuntu to use for "distro:ubuntu" variants
 # ubuntu_distro_version = "22.04" // or "20.04", "18.04"
 # vault_artifact_path is the path to CRT generated or local vault.zip bundle. When
 # using the "builder:local" variant a bundle will be built from the current branch.
 # In CI it will use the output of the build workflow.
--- a/enos/modules/build_artifactory_artifact/locals.tf
+++ b/enos/modules/build_artifactory_artifact/locals.tf
@@ -6,12 +6,18 @@ locals {
  // file name extensions for the install packages of vault for the various architectures, distributions and editions
  package_extensions = {
    amd64 = {
-      ubuntu = "-1_amd64.deb"
+      amzn2  = "-1.x86_64.rpm"
      leap   = "-1.x86_64.rpm"
      rhel   = "-1.x86_64.rpm"
      sles   = "-1.x86_64.rpm"
      ubuntu = "-1_amd64.deb"
    }
    arm64 = {
-      ubuntu = "-1_arm64.deb"
+      amzn2  = "-1.aarch64.rpm"
      leap   = "-1.aarch64.rpm"
      rhel   = "-1.aarch64.rpm"
      sles   = "-1.aarch64.rpm"
      ubuntu = "-1_arm64.deb"
    }
  }
@@ -20,12 +26,19 @@ locals {
  // file name prefixes for the install packages of vault for the various distributions and artifact types (package or bundle)
  artifact_package_release_names = {
-    ubuntu = {
+    amzn2 = {
-      "ce"               = "vault_"
+      "ce"               = "vault-"
-      "ent"              = "vault-enterprise_",
+      "ent"              = "vault-enterprise-",
-      "ent.fips1402"     = "vault-enterprise-fips1402_",
+      "ent.fips1402"     = "vault-enterprise-fips1402-",
-      "ent.hsm"          = "vault-enterprise-hsm_",
+      "ent.hsm"          = "vault-enterprise-hsm-",
-      "ent.hsm.fips1402" = "vault-enterprise-hsm-fips1402_",
+      "ent.hsm.fips1402" = "vault-enterprise-hsm-fips1402-",
    },
    leap = {
      "ce"               = "vault-"
      "ent"              = "vault-enterprise-",
      "ent.fips1402"     = "vault-enterprise-fips1402-",
      "ent.hsm"          = "vault-enterprise-hsm-",
      "ent.hsm.fips1402" = "vault-enterprise-hsm-fips1402-",
    },
    rhel = {
      "ce"               = "vault-"
@@ -33,19 +46,27 @@ locals {
      "ent.fips1402"     = "vault-enterprise-fips1402-",
      "ent.hsm"          = "vault-enterprise-hsm-",
      "ent.hsm.fips1402" = "vault-enterprise-hsm-fips1402-",
    },
    sles = {
      "ce"               = "vault-"
      "ent"              = "vault-enterprise-",
      "ent.fips1402"     = "vault-enterprise-fips1402-",
      "ent.hsm"          = "vault-enterprise-hsm-",
      "ent.hsm.fips1402" = "vault-enterprise-hsm-fips1402-",
    }
    ubuntu = {
      "ce"               = "vault_"
      "ent"              = "vault-enterprise_",
      "ent.fips1402"     = "vault-enterprise-fips1402_",
      "ent.hsm"          = "vault-enterprise-hsm_",
      "ent.hsm.fips1402" = "vault-enterprise-hsm-fips1402_",
    }
  }
-  // edition --> artifact name edition
+  # Prefix for the artifact name. Ex: vault_, vault-, vault-enterprise_, vault-enterprise-hsm-fips1402-, etc
-  artifact_name_edition = {
+  artifact_name_prefix = var.artifact_type == "package" ? local.artifact_package_release_names[var.distro][var.edition] : "vault_"
-    "ce"               = ""
+  # Suffix and extension for the artifact name. Ex: _linux_<arch>.zip, 
    "ent"              = ""
    "ent.hsm"          = ".hsm"
    "ent.fips1402"     = ".fips1402"
    "ent.hsm.fips1402" = ".hsm.fips1402"
  }
  artifact_name_prefix    = var.artifact_type == "package" ? local.artifact_package_release_names[var.distro][var.edition] : "vault_"
  artifact_name_extension = var.artifact_type == "package" ? local.package_extensions[var.arch][var.distro] : "_linux_${var.arch}.zip"
-  artifact_name           = var.artifact_type == "package" ? "${local.artifact_name_prefix}${replace(local.artifact_version, "-", "~")}${local.artifact_name_extension}" : "${local.artifact_name_prefix}${var.product_version}${local.artifact_name_extension}"
+  # Combine prefix/suffix/extension together to form the artifact name
  artifact_name = var.artifact_type == "package" ? "${local.artifact_name_prefix}${replace(local.artifact_version, "-", "~")}${local.artifact_name_extension}" : "${local.artifact_name_prefix}${var.product_version}${local.artifact_name_extension}"
 }
--- a/enos/modules/disable_selinux/main.tf
+++ b/enos/modules/disable_selinux/main.tf
@@ -0,0 +1,30 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: BUSL-1.1
 terraform {
  required_providers {
    enos = {
      source = "registry.terraform.io/hashicorp-forge/enos"
    }
  }
 }
 variable "hosts" {
  type = map(object({
    private_ip = string
    public_ip  = string
  }))
  description = "The hosts to install packages on"
 }
 resource "enos_remote_exec" "make_selinux_permissive" {
  for_each = var.hosts
  scripts = [abspath("${path.module}/scripts/make-selinux-permissive.sh")]
  transport = {
    ssh = {
      host = each.value.public_ip
    }
  }
 }
--- a/enos/modules/disable_selinux/scripts/make-selinux-permissive.sh
+++ b/enos/modules/disable_selinux/scripts/make-selinux-permissive.sh
@@ -0,0 +1,18 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: BUSL-1.1
 set -e
 fail() {
  echo "$1" 1>&2
  exit 1
 }
 if ! type getenforce &> /dev/null; then
  exit 0
 fi
 if sudo getenforce | grep Enforcing; then
  sudo setenforce 0
 fi
--- a/enos/modules/ec2_info/main.tf
+++ b/enos/modules/ec2_info/main.tf
@@ -1,27 +1,50 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: BUSL-1.1
 # Note: in order to use the openSUSE Leap AMIs, the AWS account in use must "subscribe"
 # and accept SUSE's terms of use. You can do this at the links below. If the AWS account
 # you are using is already subscribed, this confirmation will be displayed on each page.
 # openSUSE Leap arm64 subscription: https://aws.amazon.com/marketplace/server/procurement?productId=a516e959-df54-4035-bb1a-63599b7a6df9
 # openSUSE leap amd64 subscription: https://aws.amazon.com/marketplace/server/procurement?productId=5535c495-72d4-4355-b169-54ffa874f849
 locals {
  architectures      = toset(["arm64", "x86_64"])
  amzn2_owner_id     = "591542846629"
  canonical_owner_id = "099720109477"
  sles_owner_id      = "013907871322"
  suse_owner_id      = "679593333241"
  rhel_owner_id      = "309956199498"
  ids = {
    "arm64" = {
      "amzn2" = {
        "2" = data.aws_ami.amzn2["arm64"].id
      }
      "rhel" = {
-        "8.8" = data.aws_ami.rhel_88["arm64"].id
+        "8.9" = data.aws_ami.rhel_89["arm64"].id
-        "9.1" = data.aws_ami.rhel_91["arm64"].id
+        "9.3" = data.aws_ami.rhel_93["arm64"].id
      }
      "sles" = {
        "v15_sp5_standard" = data.aws_ami.sles_15_sp5_standard["arm64"].id
      }
      "ubuntu" = {
        "18.04" = data.aws_ami.ubuntu_1804["arm64"].id
        "20.04" = data.aws_ami.ubuntu_2004["arm64"].id
        "22.04" = data.aws_ami.ubuntu_2204["arm64"].id
      }
    }
    "amd64" = {
      "amzn2" = {
        "2" = data.aws_ami.amzn2["x86_64"].id
      }
      "leap" = {
        "15.4" = data.aws_ami.leap_154.id
        "15.5" = data.aws_ami.leap_155.id
      }
      "rhel" = {
-        "7.9" = data.aws_ami.rhel_79.id
+        "8.9" = data.aws_ami.rhel_89["x86_64"].id
-        "8.8" = data.aws_ami.rhel_88["x86_64"].id
+        "9.3" = data.aws_ami.rhel_93["x86_64"].id
-        "9.1" = data.aws_ami.rhel_91["x86_64"].id
+      }
      "sles" = {
        "v15_sp5_standard" = data.aws_ami.sles_15_sp5_standard["x86_64"].id
      }
      "ubuntu" = {
        "18.04" = data.aws_ami.ubuntu_1804["x86_64"].id
@@ -98,13 +121,14 @@ data "aws_ami" "ubuntu_2204" {
  owners = [local.canonical_owner_id]
 }
-data "aws_ami" "rhel_79" {
+data "aws_ami" "rhel_89" {
  most_recent = true
  for_each    = local.architectures
  # Currently latest latest point release-1
  filter {
    name   = "name"
-    values = ["RHEL-7.9*HVM-20*"]
+    values = ["RHEL-8.9*HVM-20*"]
  }
  filter {
@@ -114,56 +138,105 @@ data "aws_ami" "rhel_79" {
  filter {
    name   = "architecture"
    values = [each.value]
  }
  owners = [local.rhel_owner_id]
 }
 data "aws_ami" "rhel_93" {
  most_recent = true
  for_each    = local.architectures
  # Currently latest latest point release-1
  filter {
    name   = "name"
    values = ["RHEL-9.3*HVM-20*"]
  }
  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }
  filter {
    name   = "architecture"
    values = [each.value]
  }
  owners = [local.rhel_owner_id]
 }
 data "aws_ami" "amzn2" {
  most_recent = true
  for_each    = local.architectures
  filter {
    name   = "name"
    values = ["amzn2-ami-ecs-hvm-2.0*"]
  }
  filter {
    name   = "architecture"
    values = [each.value]
  }
  owners = [local.amzn2_owner_id]
 }
 data "aws_ami" "sles_15_sp5_standard" {
  most_recent = true
  for_each    = local.architectures
  filter {
    name   = "name"
    values = ["suse-sles-15-sp5-v*-hvm-*"]
  }
  filter {
    name   = "architecture"
    values = [each.value]
  }
  owners = [local.sles_owner_id]
 }
 data "aws_ami" "leap_154" {
  most_recent = true
  filter {
    name   = "name"
    values = ["openSUSE-Leap-15.4*"]
  }
  filter {
    name = "architecture"
    # Note: arm64 AMIs are offered for Leap 15.5, but not 15.4. For now we will
    # only use x86_64 for both in order to not introduce complexity in our matrix
    # exclusions.
    values = ["x86_64"]
  }
-  owners = [local.rhel_owner_id]
+  owners = [local.suse_owner_id]
 }
-data "aws_ami" "rhel_88" {
+data "aws_ami" "leap_155" {
  most_recent = true
  for_each    = local.architectures
  # Currently latest latest point release-1
  filter {
    name   = "name"
-    values = ["RHEL-8.8*HVM-20*"]
+    values = ["openSUSE-Leap-15.5*"]
  }
  filter {
-    name   = "virtualization-type"
+    name = "architecture"
-    values = ["hvm"]
+    # Note: arm64 AMIs are offered for Leap 15.5, but not 15.4. For now we will
    # only use x86_64 for both in order to not introduce complexity in our matrix
    # exclusions.
    values = ["x86_64"]
  }
-  filter {
+  owners = [local.suse_owner_id]
    name   = "architecture"
    values = [each.value]
  }
  owners = [local.rhel_owner_id]
 }
 data "aws_ami" "rhel_91" {
  most_recent = true
  for_each    = local.architectures
  # Currently latest latest point release-1
  filter {
    name   = "name"
    values = ["RHEL-9.1*HVM-20*"]
  }
  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }
  filter {
    name   = "architecture"
    values = [each.value]
  }
  owners = [local.rhel_owner_id]
 }
 data "aws_region" "current" {}
--- a/enos/modules/install_packages/main.tf
+++ b/enos/modules/install_packages/main.tf
@@ -9,6 +9,32 @@ terraform {
  }
 }
 locals {
  arch = {
    "amd64" = "x86_64"
    "arm64" = "aarch64"
  }
  package_manager = {
    # Note: though we generally use "amzn2" as our distro name for Amazon Linux 2, 
    # enos_host_info.hosts[each.key].distro returns "amzn", so that is what we reference here.
    "amzn"          = "yum"
    "opensuse-leap" = "zypper"
    "rhel"          = "yum"
    "sles"          = "zypper"
    "ubuntu"        = "apt"
  }
  distro_repos = {
    # Currently sles is the only distro that requires setting up repos before installing packages
    "sles" = {
      "15.5" = "https://download.opensuse.org/repositories/network:utilities/SLE_15_SP5/network:utilities.repo"
    }
    "rhel" = {
      "8.9" = "https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm"
      "9.3" = "https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm"
    }
  }
 }
 variable "packages" {
  type    = list(string)
  default = []
@@ -34,10 +60,43 @@ variable "retry_interval" {
  default     = 2
 }
-resource "enos_remote_exec" "install_packages" {
+resource "enos_host_info" "hosts" {
  for_each = var.hosts
  transport = {
    ssh = {
      host = each.value.public_ip
    }
  }
 }
 # Set up repos for each distro (in order to install some packages, some distros
 # require us to manually add the repo for that package first)
 resource "enos_remote_exec" "distro_repo_setup" {
  for_each = var.hosts
  environment = {
    DISTRO          = enos_host_info.hosts[each.key].distro
    DISTRO_REPOS    = try(local.distro_repos[enos_host_info.hosts[each.key].distro][enos_host_info.hosts[each.key].distro_version], "__none")
    RETRY_INTERVAL  = var.retry_interval
    TIMEOUT_SECONDS = var.timeout
  }
  scripts = [abspath("${path.module}/scripts/distro-repo-setup.sh")]
  transport = {
    ssh = {
      host = each.value.public_ip
    }
  }
 }
 resource "enos_remote_exec" "install_packages" {
  for_each   = var.hosts
  depends_on = [enos_remote_exec.distro_repo_setup]
  environment = {
    PACKAGE_MANAGER = local.package_manager[enos_host_info.hosts[each.key].distro]
    PACKAGES        = length(var.packages) >= 1 ? join(" ", var.packages) : "__skip"
    RETRY_INTERVAL  = var.retry_interval
    TIMEOUT_SECONDS = var.timeout
--- a/enos/modules/install_packages/scripts/distro-repo-setup.sh
+++ b/enos/modules/install_packages/scripts/distro-repo-setup.sh
@@ -0,0 +1,57 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: BUSL-1.1
 set -e
 fail() {
  echo "$1" 1>&2
  exit 1
 }
 [[ -z "$DISTRO" ]] && fail "DISTRO env variable has not been set"
 [[ -z "$RETRY_INTERVAL" ]] && fail "RETRY_INTERVAL env variable has not been set"
 [[ -z "$TIMEOUT_SECONDS" ]] && fail "TIMEOUT_SECONDS env variable has not been set"
 setup_repos() {
  # If we don't have any repos on the list for this distro, no action needed.
  if [ ${#DISTRO_REPOS[@]} -lt 1 ]; then
    echo "DISTRO_REPOS is empty; No repos required for the packages for this Linux distro."
    return 0
  fi
  # Wait for cloud-init to finish so it doesn't race with any of our package installations.
  # Note: Amazon Linux 2 throws Python 2.7 errors when running `cloud-init status` as
  # non-root user (known bug).
  sudo cloud-init status --wait
  case $DISTRO in
    "sles")
      for repo in ${DISTRO_REPOS}; do
        sudo zypper addrepo "${repo}"
      done
      ;;
    "rhel")
      for repo in ${DISTRO_REPOS}; do
        sudo rm -r /var/cache/dnf
        sudo dnf install -y "${repo}"
        sudo dnf update -y --refresh
      done
      ;;
    *)
      return
      ;;
  esac
 }
 begin_time=$(date +%s)
 end_time=$((begin_time + TIMEOUT_SECONDS))
 while [ "$(date +%s)" -lt "$end_time" ]; do
  if setup_repos; then
    exit 0
  fi
  sleep "$RETRY_INTERVAL"
 done
 fail "Timed out waiting for distro repos to install"
--- a/enos/modules/install_packages/scripts/install-packages.sh
+++ b/enos/modules/install_packages/scripts/install-packages.sh
@@ -9,41 +9,75 @@ fail() {
  exit 1
 }
-[[ -z "$RETRY_INTERVAL" ]] && fail "RETRY_INTERVAL env variable has not been set"
+[[ -z "${RETRY_INTERVAL}" ]] && fail "RETRY_INTERVAL env variable has not been set"
-[[ -z "$TIMEOUT_SECONDS" ]] && fail "TIMEOUT_SECONDS env variable has not been set"
+[[ -z "${TIMEOUT_SECONDS}" ]] && fail "TIMEOUT_SECONDS env variable has not been set"
-[[ -z "$PACKAGES" ]] && fail "PACKAGES env variable has not been set"
+[[ -z "${PACKAGES}" ]] && fail "PACKAGES env variable has not been set"
 [[ -z "${PACKAGE_MANAGER}" ]] && fail "PACKAGE_MANAGER env variable has not been set"
 install_packages() {
-  if [ "$PACKAGES" = "__skip" ]; then
+  if [[ "${PACKAGES}" = "__skip" ]]; then
    return 0
-  fi
+  fi 
-  echo "Installing Dependencies: $PACKAGES"
+  set -x
-  if [ -f /etc/debian_version ]; then
+  echo "Installing Dependencies: ${PACKAGES}"
    # Do our best to make sure that we don't race with cloud-init. Wait a reasonable time until we
    # see ec2 in the sources list. Very rarely cloud-init will take longer than we wait. In that case
    # we'll just install our packages.
    grep ec2 /etc/apt/sources.list || true
-    cd /tmp
+  # Use the default package manager of the current Linux distro to install packages
-    sudo apt update
+  case $PACKAGE_MANAGER in
-    # shellcheck disable=2068
+
-    sudo apt install -y ${PACKAGES[@]}
+    "apt")
-  else
+      sudo apt update
-    cd /tmp
+      for package in ${PACKAGES}; do
-    # shellcheck disable=2068
+        if dpkg -s "${package}"; then
-    sudo yum -y install ${PACKAGES[@]}
+          continue
-  fi
+        else
          echo "Installing ${package}"
          sudo apt install -y "${package}"
        fi
      done
      ;;
    "yum")
      for package in ${PACKAGES}; do
        if rpm -q "${package}"; then
          continue
        else
          echo "Installing ${package}"
          sudo yum -y install "${package}"
        fi
      done
      ;;
    "zypper")
      cd /tmp
      sudo zypper --gpg-auto-import-keys ref
      for package in ${PACKAGES}; do
        if rpm -q "${package}"; then
          continue
        else
          echo "Installing ${package}"
          sudo zypper --non-interactive install "${package}"
          date
        fi
        sudo zypper search -i
      done
      ;;
    *)
      fail "No matching package manager provided."
      ;;
  esac
 }
 begin_time=$(date +%s)
 end_time=$((begin_time + TIMEOUT_SECONDS))
-while [ "$(date +%s)" -lt "$end_time" ]; do
+while [[ "$(date +%s)" -lt "${end_time}" ]]; do
  if install_packages; then
    exit 0
  fi
-  sleep "$RETRY_INTERVAL"
+  sleep "${RETRY_INTERVAL}"
 done
 fail "Timed out waiting for packages to install"
--- a/enos/modules/softhsm_create_vault_keys/main.tf
+++ b/enos/modules/softhsm_create_vault_keys/main.tf
@@ -22,11 +22,12 @@ variable "hosts" {
 }
 locals {
-  pin        = resource.random_string.pin.result
+  pin             = resource.random_string.pin.result
-  aes_label  = "vault_hsm_aes_${local.pin}"
+  aes_label       = "vault_hsm_aes_${local.pin}"
-  hmac_label = "vault_hsm_hmac_${local.pin}"
+  hmac_label      = "vault_hsm_hmac_${local.pin}"
-  target     = tomap({ "1" = var.hosts[0] })
+  seal_attributes = jsondecode(resource.enos_remote_exec.create_keys.stdout)
-  token      = "${var.cluster_id}_${local.pin}"
+  target          = tomap({ "1" = var.hosts[0] })
  token           = "${var.cluster_id}_${local.pin}"
 }
 resource "random_string" "pin" {
@@ -95,10 +96,6 @@ resource "enos_remote_exec" "get_keys" {
  }
 }
 locals {
  seal_attributes = jsondecode(resource.enos_remote_exec.create_keys.stdout)
 }
 output "seal_attributes" {
  description = "Seal device specific attributes. Contains all required keys for the seal stanza"
  value       = local.seal_attributes
--- a/enos/modules/start_vault/main.tf
+++ b/enos/modules/start_vault/main.tf
@@ -52,7 +52,9 @@ locals {
        // keys on a machines that have different shared object locations.
        merge(
          try({ for key, val in var.seal_attributes : key => val if key != "token_base64" && key != "token_dir" }, {}),
-          try({ lib = module.maybe_configure_hsm.lib }, {})
+          # Note: the below reference has to point to a specific instance of the maybe_configure_hsm
          # module (in this case [0]) due to the maybe_configure_hsm module call using `count` to control whether it runs or not.
          try({ lib = module.maybe_configure_hsm[0].lib }, {})
        ),
      )
    }
@@ -81,7 +83,9 @@ locals {
        },
        merge(
          try({ for key, val in var.seal_attributes_secondary : key => val if key != "token_base64" && key != "token_dir" }, {}),
-          try({ lib = module.maybe_configure_hsm_secondary.lib }, {})
+          # Note: the below reference has to point to a specific instance of the maybe_configure_hsm_secondary
          # module (in this case [0]) due to the maybe_configure_hsm_secondary module call using `count` to control whether it runs or not.
          try({ lib = module.maybe_configure_hsm_secondary[0].lib }, {})
        ),
      )
    }
@@ -135,6 +139,7 @@ locals {
 # the key data that was passed in via seal attributes.
 module "maybe_configure_hsm" {
  source = "../softhsm_distribute_vault_keys"
  count  = (var.seal_type == "pkcs11" || var.seal_type_secondary == "pkcs11") ? 1 : 0
  hosts        = var.target_hosts
  token_base64 = local.token_base64
@@ -143,6 +148,7 @@ module "maybe_configure_hsm" {
 module "maybe_configure_hsm_secondary" {
  source     = "../softhsm_distribute_vault_keys"
  depends_on = [module.maybe_configure_hsm]
  count      = (var.seal_type == "pkcs11" || var.seal_type_secondary == "pkcs11") ? 1 : 0
  hosts        = var.target_hosts
  token_base64 = local.token_base64_secondary
--- a/enos/modules/target_ec2_fleet/main.tf
+++ b/enos/modules/target_ec2_fleet/main.tf
@@ -335,4 +335,5 @@ data "aws_instance" "targets" {
  for_each = local.instances
  instance_id = aws_ec2_fleet.targets.fleet_instance_set[0].instance_ids[each.key]
 }
--- a/enos/modules/target_ec2_fleet/variables.tf
+++ b/enos/modules/target_ec2_fleet/variables.tf
@@ -26,6 +26,12 @@ variable "common_tags" {
  }
 }
 variable "disable_selinux" {
  description = "Optionally disable SELinux for certain distros/versions"
  type        = bool
  default     = true
 }
 variable "instance_mem_min" {
  description = "The minimum amount of memory in mebibytes for each instance in the fleet. (1 MiB = 1024 bytes)"
  type        = number
--- a/enos/modules/target_ec2_instances/main.tf
+++ b/enos/modules/target_ec2_instances/main.tf
@@ -257,3 +257,13 @@ resource "aws_instance" "targets" {
    },
  )
 }
 module "disable_selinux" {
  source = "../disable_selinux"
  count  = var.disable_selinux == true ? 1 : 0
  hosts = { for idx in range(var.instance_count) : idx => {
    public_ip  = aws_instance.targets[idx].public_ip
    private_ip = aws_instance.targets[idx].private_ip
  } }
 }
--- a/enos/modules/target_ec2_instances/variables.tf
+++ b/enos/modules/target_ec2_instances/variables.tf
@@ -24,6 +24,12 @@ variable "common_tags" {
  default     = { "Project" : "vault-ci" }
 }
 variable "disable_selinux" {
  description = "Optionally disable SELinux for certain distros/versions"
  type        = bool
  default     = true
 }
 variable "instance_count" {
  description = "The number of target instances to create"
  type        = number
--- a/enos/modules/target_ec2_shim/main.tf
+++ b/enos/modules/target_ec2_shim/main.tf
@@ -16,6 +16,7 @@ variable "ami_id" { default = null }
 variable "cluster_name" { default = null }
 variable "cluster_tag_key" { default = null }
 variable "common_tags" { default = null }
 variable "disable_selinux" { default = true }
 variable "instance_count" { default = 3 }
 variable "instance_cpu_max" { default = null }
 variable "instance_cpu_min" { default = null }
--- a/enos/modules/target_ec2_spot_fleet/main.tf
+++ b/enos/modules/target_ec2_spot_fleet/main.tf
@@ -454,3 +454,13 @@ data "aws_instance" "targets" {
  instance_id = data.aws_instances.targets.ids[each.key]
 }
 module "disable_selinux" {
  source = "../disable_selinux"
  count  = var.disable_selinux == true ? 1 : 0
  hosts = { for idx in range(var.instance_count) : idx => {
    public_ip  = aws_instance.targets[idx].public_ip
    private_ip = aws_instance.targets[idx].private_ip
  } }
 }
--- a/enos/modules/target_ec2_spot_fleet/variables.tf
+++ b/enos/modules/target_ec2_spot_fleet/variables.tf
@@ -26,6 +26,12 @@ variable "common_tags" {
  }
 }
 variable "disable_selinux" {
  description = "Optionally disable SELinux for certain distros/versions"
  type        = bool
  default     = true
 }
 variable "instance_mem_min" {
  description = "The minimum amount of memory in mebibytes for each instance in the fleet. (1 MiB = 1024 bytes)"
  type        = number
--- a/enos/modules/vault_cluster/main.tf
+++ b/enos/modules/vault_cluster/main.tf
@@ -37,6 +37,13 @@ locals {
    "pkcs11" = null
  }
  leader = toset(slice(local.instances, 0, 1))
  netcat_command = {
    amzn          = "nc"
    opensuse-leap = "netcat"
    rhel          = "nc"
    sles          = "nc"
    ubuntu        = "netcat"
  }
  recovery_shares = {
    "awskms" = 5
    "shamir" = null
@@ -50,6 +57,16 @@ locals {
  vault_service_user = "vault"
 }
 resource "enos_host_info" "hosts" {
  for_each = var.target_hosts
  transport = {
    ssh = {
      host = each.value.public_ip
    }
  }
 }
 resource "enos_bundle_install" "consul" {
  for_each = {
    for idx, host in var.target_hosts : idx => var.target_hosts[idx]
@@ -66,8 +83,21 @@ resource "enos_bundle_install" "consul" {
  }
 }
 # We run install_packages before we install Vault because for some combinations of
 # certain Linux distros and artifact types (e.g. SLES and RPM packages), there may
 # be packages that are required to perform Vault installation (e.g. openssl).
 module "install_packages" {
  source = "../install_packages"
  hosts    = var.target_hosts
  packages = var.packages
 }
 resource "enos_bundle_install" "vault" {
  for_each = var.target_hosts
  depends_on = [
    module.install_packages, // Don't race for the package manager locks with install_packages
  ]
  destination = var.install_dir
  release     = var.release == null ? var.release : merge({ product = "vault" }, var.release)
@@ -81,22 +111,17 @@ resource "enos_bundle_install" "vault" {
  }
 }
 module "install_packages" {
  source = "../install_packages"
  depends_on = [
    enos_bundle_install.vault, // Don't race for the package manager locks with vault install
  ]
  hosts    = var.target_hosts
  packages = var.packages
 }
 resource "enos_consul_start" "consul" {
  for_each = enos_bundle_install.consul
  bin_path = local.consul_bin_path
  data_dir = var.consul_data_dir
  config = {
    # GetPrivateInterfaces is a go-sockaddr template that helps Consul get the correct
    # addr in all of our default cases. This is required in the case of Amazon Linux,
    # because amzn2 has a default docker listener that will make Consul try to use the
    # incorrect addr.
    bind_addr        = "{{ GetPrivateInterfaces | include \"type\" \"IP\" | sort \"default\" |  limit 1 | attr \"address\"}}"
    data_dir         = var.consul_data_dir
    datacenter       = "dc1"
    retry_join       = ["provider=aws tag_key=${var.backend_cluster_tag_key} tag_value=${var.backend_cluster_name}"]
@@ -122,6 +147,7 @@ module "start_vault" {
  depends_on = [
    enos_consul_start.consul,
    module.install_packages,
    enos_bundle_install.vault,
  ]
@@ -307,7 +333,8 @@ resource "enos_remote_exec" "start_audit_socket_listener" {
  ])
  environment = {
-    SOCKET_PORT = local.audit_socket_port
+    NETCAT_COMMAND = local.netcat_command[enos_host_info.hosts[each.key].distro]
    SOCKET_PORT    = local.audit_socket_port
  }
  scripts = [abspath("${path.module}/scripts/start-audit-socket-listener.sh")]
--- a/enos/modules/vault_cluster/scripts/enable-audit-devices.sh
+++ b/enos/modules/vault_cluster/scripts/enable-audit-devices.sh
@@ -1,4 +1,4 @@
-#!/bin/env bash
+#!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: BUSL-1.1
--- a/enos/modules/vault_cluster/scripts/start-audit-socket-listener.sh
+++ b/enos/modules/vault_cluster/scripts/start-audit-socket-listener.sh
@@ -1,4 +1,4 @@
-#!/bin/env bash
+#!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: BUSL-1.1
@@ -9,18 +9,19 @@ fail() {
  exit 1
 }
 [[ -z "$NETCAT_COMMAND" ]] && fail "NETCAT_COMMAND env variable has not been set"
 [[ -z "$SOCKET_PORT" ]] && fail "SOCKET_PORT env variable has not been set"
 socket_listener_procs() {
-  pgrep -x nc
+  pgrep -x "${NETCAT_COMMAND}"
 }
 kill_socket_listener() {
-  pkill nc
+  pkill  "${NETCAT_COMMAND}"
 }
 test_socket_listener() {
-  nc -zvw 2 127.0.0.1 "$SOCKET_PORT" < /dev/null
+   "${NETCAT_COMMAND}" -zvw 2 127.0.0.1 "$SOCKET_PORT" < /dev/null
 }
 start_socket_listener() {
@@ -42,6 +43,7 @@ read_log() {
 }
 main() {
  if socket_listener_procs; then
    # Clean up old nc's that might not be working
    kill_socket_listener
--- a/enos/modules/vault_cluster/variables.tf
+++ b/enos/modules/vault_cluster/variables.tf
@@ -100,6 +100,12 @@ variable "consul_release" {
  }
 }
 variable "distro_version" {
  type        = string
  description = "The Linux distro version"
  default     = null
 }
 variable "enable_audit_devices" {
  description = "If true every audit device will be enabled"
  type        = bool
@@ -120,7 +126,7 @@ variable "initialize_cluster" {
 variable "install_dir" {
  type        = string
-  description = "The directory where the vault binary will be installed"
+  description = "The directory where the Vault binary will be installed"
  default     = "/opt/vault/bin"
 }
--- a/enos/modules/vault_verify_raft_auto_join_voter/scripts/verify-raft-auto-join-voter.sh
+++ b/enos/modules/vault_verify_raft_auto_join_voter/scripts/verify-raft-auto-join-voter.sh
@@ -47,4 +47,4 @@ export VAULT_ADDR='http://127.0.0.1:8200'
 # Retry a few times because it can take some time for things to settle after
 # all the nodes are unsealed
-retry 7 check_voter_status
+retry 10 check_voter_status