From e4d98dfc9b9a3ae3a25cf15cd9eb66969f24905d Mon Sep 17 00:00:00 2001
From: vishalnayak <vishalnayakv@gmail.com>
Date: Sun, 29 May 2016 10:25:04 -0400
Subject: [PATCH 1/7] rename credential/aws as credential/aws-ec2

---
 builtin/credential/{aws => aws-ec2}/backend.go                    | 0
 builtin/credential/{aws => aws-ec2}/backend_test.go               | 0
 builtin/credential/{aws => aws-ec2}/client.go                     | 0
 builtin/credential/{aws => aws-ec2}/path_config_certificate.go    | 0
 builtin/credential/{aws => aws-ec2}/path_config_client.go         | 0
 .../{aws => aws-ec2}/path_config_tidy_identity_whitelist.go       | 0
 .../{aws => aws-ec2}/path_config_tidy_roletag_blacklist.go        | 0
 builtin/credential/{aws => aws-ec2}/path_identity_whitelist.go    | 0
 builtin/credential/{aws => aws-ec2}/path_login.go                 | 0
 builtin/credential/{aws => aws-ec2}/path_role.go                  | 0
 builtin/credential/{aws => aws-ec2}/path_role_tag.go              | 0
 builtin/credential/{aws => aws-ec2}/path_roletag_blacklist.go     | 0
 .../credential/{aws => aws-ec2}/path_tidy_identity_whitelist.go   | 0
 .../credential/{aws => aws-ec2}/path_tidy_roletag_blacklist.go    | 0
 14 files changed, 0 insertions(+), 0 deletions(-)
 rename builtin/credential/{aws => aws-ec2}/backend.go (100%)
 rename builtin/credential/{aws => aws-ec2}/backend_test.go (100%)
 rename builtin/credential/{aws => aws-ec2}/client.go (100%)
 rename builtin/credential/{aws => aws-ec2}/path_config_certificate.go (100%)
 rename builtin/credential/{aws => aws-ec2}/path_config_client.go (100%)
 rename builtin/credential/{aws => aws-ec2}/path_config_tidy_identity_whitelist.go (100%)
 rename builtin/credential/{aws => aws-ec2}/path_config_tidy_roletag_blacklist.go (100%)
 rename builtin/credential/{aws => aws-ec2}/path_identity_whitelist.go (100%)
 rename builtin/credential/{aws => aws-ec2}/path_login.go (100%)
 rename builtin/credential/{aws => aws-ec2}/path_role.go (100%)
 rename builtin/credential/{aws => aws-ec2}/path_role_tag.go (100%)
 rename builtin/credential/{aws => aws-ec2}/path_roletag_blacklist.go (100%)
 rename builtin/credential/{aws => aws-ec2}/path_tidy_identity_whitelist.go (100%)
 rename builtin/credential/{aws => aws-ec2}/path_tidy_roletag_blacklist.go (100%)

diff --git a/builtin/credential/aws/backend.go b/builtin/credential/aws-ec2/backend.go
similarity index 100%
rename from builtin/credential/aws/backend.go
rename to builtin/credential/aws-ec2/backend.go
diff --git a/builtin/credential/aws/backend_test.go b/builtin/credential/aws-ec2/backend_test.go
similarity index 100%
rename from builtin/credential/aws/backend_test.go
rename to builtin/credential/aws-ec2/backend_test.go
diff --git a/builtin/credential/aws/client.go b/builtin/credential/aws-ec2/client.go
similarity index 100%
rename from builtin/credential/aws/client.go
rename to builtin/credential/aws-ec2/client.go
diff --git a/builtin/credential/aws/path_config_certificate.go b/builtin/credential/aws-ec2/path_config_certificate.go
similarity index 100%
rename from builtin/credential/aws/path_config_certificate.go
rename to builtin/credential/aws-ec2/path_config_certificate.go
diff --git a/builtin/credential/aws/path_config_client.go b/builtin/credential/aws-ec2/path_config_client.go
similarity index 100%
rename from builtin/credential/aws/path_config_client.go
rename to builtin/credential/aws-ec2/path_config_client.go
diff --git a/builtin/credential/aws/path_config_tidy_identity_whitelist.go b/builtin/credential/aws-ec2/path_config_tidy_identity_whitelist.go
similarity index 100%
rename from builtin/credential/aws/path_config_tidy_identity_whitelist.go
rename to builtin/credential/aws-ec2/path_config_tidy_identity_whitelist.go
diff --git a/builtin/credential/aws/path_config_tidy_roletag_blacklist.go b/builtin/credential/aws-ec2/path_config_tidy_roletag_blacklist.go
similarity index 100%
rename from builtin/credential/aws/path_config_tidy_roletag_blacklist.go
rename to builtin/credential/aws-ec2/path_config_tidy_roletag_blacklist.go
diff --git a/builtin/credential/aws/path_identity_whitelist.go b/builtin/credential/aws-ec2/path_identity_whitelist.go
similarity index 100%
rename from builtin/credential/aws/path_identity_whitelist.go
rename to builtin/credential/aws-ec2/path_identity_whitelist.go
diff --git a/builtin/credential/aws/path_login.go b/builtin/credential/aws-ec2/path_login.go
similarity index 100%
rename from builtin/credential/aws/path_login.go
rename to builtin/credential/aws-ec2/path_login.go
diff --git a/builtin/credential/aws/path_role.go b/builtin/credential/aws-ec2/path_role.go
similarity index 100%
rename from builtin/credential/aws/path_role.go
rename to builtin/credential/aws-ec2/path_role.go
diff --git a/builtin/credential/aws/path_role_tag.go b/builtin/credential/aws-ec2/path_role_tag.go
similarity index 100%
rename from builtin/credential/aws/path_role_tag.go
rename to builtin/credential/aws-ec2/path_role_tag.go
diff --git a/builtin/credential/aws/path_roletag_blacklist.go b/builtin/credential/aws-ec2/path_roletag_blacklist.go
similarity index 100%
rename from builtin/credential/aws/path_roletag_blacklist.go
rename to builtin/credential/aws-ec2/path_roletag_blacklist.go
diff --git a/builtin/credential/aws/path_tidy_identity_whitelist.go b/builtin/credential/aws-ec2/path_tidy_identity_whitelist.go
similarity index 100%
rename from builtin/credential/aws/path_tidy_identity_whitelist.go
rename to builtin/credential/aws-ec2/path_tidy_identity_whitelist.go
diff --git a/builtin/credential/aws/path_tidy_roletag_blacklist.go b/builtin/credential/aws-ec2/path_tidy_roletag_blacklist.go
similarity index 100%
rename from builtin/credential/aws/path_tidy_roletag_blacklist.go
rename to builtin/credential/aws-ec2/path_tidy_roletag_blacklist.go

From b3ca9cf14b7573d99a95291b9c1e484467f80109 Mon Sep 17 00:00:00 2001
From: vishalnayak <vishalnayakv@gmail.com>
Date: Sun, 29 May 2016 10:55:06 -0400
Subject: [PATCH 2/7] Rename aws as aws-ec2

---
 builtin/credential/aws-ec2/backend.go         |   4 +-
 builtin/credential/aws-ec2/backend_test.go    |   2 +-
 builtin/credential/aws-ec2/client.go          |   2 +-
 .../aws-ec2/path_config_certificate.go        |   2 +-
 .../credential/aws-ec2/path_config_client.go  |   8 +-
 .../path_config_tidy_identity_whitelist.go    |   2 +-
 .../path_config_tidy_roletag_blacklist.go     |   2 +-
 .../aws-ec2/path_identity_whitelist.go        |   2 +-
 builtin/credential/aws-ec2/path_login.go      |   2 +-
 builtin/credential/aws-ec2/path_role.go       |   4 +-
 builtin/credential/aws-ec2/path_role_tag.go   |   4 +-
 .../aws-ec2/path_roletag_blacklist.go         |   2 +-
 .../aws-ec2/path_tidy_identity_whitelist.go   |   2 +-
 .../aws-ec2/path_tidy_roletag_blacklist.go    |   2 +-
 cli/commands.go                               |   4 +-
 website/source/docs/auth/aws.html.md          | 110 +++++++++---------
 website/source/layouts/docs.erb               |   2 +-
 17 files changed, 78 insertions(+), 78 deletions(-)

diff --git a/builtin/credential/aws-ec2/backend.go b/builtin/credential/aws-ec2/backend.go
index 1ff343a343..27f60b5352 100644
--- a/builtin/credential/aws-ec2/backend.go
+++ b/builtin/credential/aws-ec2/backend.go
@@ -1,4 +1,4 @@
-package aws
+package awsEc2
 
 import (
 	"sync"
@@ -160,7 +160,7 @@ func (b *backend) periodicFunc(req *logical.Request) error {
 }
 
 const backendHelp = `
-AWS auth backend takes in PKCS#7 signature of an AWS EC2 instance and a client
+AWS-EC2 auth backend takes in PKCS#7 signature of an AWS EC2 instance and a client
 created nonce to authenticates the EC2 instance with Vault.
 
 Authentication is backed by a preconfigured role in the backend. The role
diff --git a/builtin/credential/aws-ec2/backend_test.go b/builtin/credential/aws-ec2/backend_test.go
index 4a69fa700d..9176f554c9 100644
--- a/builtin/credential/aws-ec2/backend_test.go
+++ b/builtin/credential/aws-ec2/backend_test.go
@@ -1,4 +1,4 @@
-package aws
+package awsEc2
 
 import (
 	"encoding/base64"
diff --git a/builtin/credential/aws-ec2/client.go b/builtin/credential/aws-ec2/client.go
index 01259be690..00c7fff7b5 100644
--- a/builtin/credential/aws-ec2/client.go
+++ b/builtin/credential/aws-ec2/client.go
@@ -1,4 +1,4 @@
-package aws
+package awsEc2
 
 import (
 	"fmt"
diff --git a/builtin/credential/aws-ec2/path_config_certificate.go b/builtin/credential/aws-ec2/path_config_certificate.go
index 7d1efe8571..2bdffebcd5 100644
--- a/builtin/credential/aws-ec2/path_config_certificate.go
+++ b/builtin/credential/aws-ec2/path_config_certificate.go
@@ -1,4 +1,4 @@
-package aws
+package awsEc2
 
 import (
 	"crypto/x509"
diff --git a/builtin/credential/aws-ec2/path_config_client.go b/builtin/credential/aws-ec2/path_config_client.go
index eea42546c7..dc5ee6f584 100644
--- a/builtin/credential/aws-ec2/path_config_client.go
+++ b/builtin/credential/aws-ec2/path_config_client.go
@@ -1,4 +1,4 @@
-package aws
+package awsEc2
 
 import (
 	"github.com/fatih/structs"
@@ -193,7 +193,7 @@ Configure the client credentials that are used to query instance details from AW
 `
 
 const pathConfigClientHelpDesc = `
-AWS auth backend makes DescribeInstances API call to retrieve information regarding
-the instance that performs login. The aws_secret_key and aws_access_key registered with Vault should have the
-permissions to make the API call.
+aws-ec2 auth backend makes DescribeInstances API call to retrieve information regarding
+the instance that performs login. The aws_secret_key and aws_access_key registered with
+Vault should have the permissions to make the API call.
 `
diff --git a/builtin/credential/aws-ec2/path_config_tidy_identity_whitelist.go b/builtin/credential/aws-ec2/path_config_tidy_identity_whitelist.go
index 1ee5ed7f08..52a0c4a0f0 100644
--- a/builtin/credential/aws-ec2/path_config_tidy_identity_whitelist.go
+++ b/builtin/credential/aws-ec2/path_config_tidy_identity_whitelist.go
@@ -1,4 +1,4 @@
-package aws
+package awsEc2
 
 import (
 	"fmt"
diff --git a/builtin/credential/aws-ec2/path_config_tidy_roletag_blacklist.go b/builtin/credential/aws-ec2/path_config_tidy_roletag_blacklist.go
index 1d834030b0..748976869e 100644
--- a/builtin/credential/aws-ec2/path_config_tidy_roletag_blacklist.go
+++ b/builtin/credential/aws-ec2/path_config_tidy_roletag_blacklist.go
@@ -1,4 +1,4 @@
-package aws
+package awsEc2
 
 import (
 	"fmt"
diff --git a/builtin/credential/aws-ec2/path_identity_whitelist.go b/builtin/credential/aws-ec2/path_identity_whitelist.go
index ba7b861b78..39df6ef404 100644
--- a/builtin/credential/aws-ec2/path_identity_whitelist.go
+++ b/builtin/credential/aws-ec2/path_identity_whitelist.go
@@ -1,4 +1,4 @@
-package aws
+package awsEc2
 
 import (
 	"time"
diff --git a/builtin/credential/aws-ec2/path_login.go b/builtin/credential/aws-ec2/path_login.go
index 5e894b26eb..bbd20a6fd8 100644
--- a/builtin/credential/aws-ec2/path_login.go
+++ b/builtin/credential/aws-ec2/path_login.go
@@ -1,4 +1,4 @@
-package aws
+package awsEc2
 
 import (
 	"encoding/json"
diff --git a/builtin/credential/aws-ec2/path_role.go b/builtin/credential/aws-ec2/path_role.go
index e65bbfa252..7790474f2a 100644
--- a/builtin/credential/aws-ec2/path_role.go
+++ b/builtin/credential/aws-ec2/path_role.go
@@ -1,4 +1,4 @@
-package aws
+package awsEc2
 
 import (
 	"fmt"
@@ -54,7 +54,7 @@ using the AMI ID specified by this parameter.`,
 			"disallow_reauthentication": &framework.FieldSchema{
 				Type:        framework.TypeBool,
 				Default:     false,
-				Description: "If set, only allows a single token to be granted per instance ID. In order to perform a fresh login, the entry in whitelist for the instance ID needs to be cleared using 'auth/aws/identity-whitelist/<instance_id>' endpoint.",
+				Description: "If set, only allows a single token to be granted per instance ID. In order to perform a fresh login, the entry in whitelist for the instance ID needs to be cleared using 'auth/aws-ec2/identity-whitelist/<instance_id>' endpoint.",
 			},
 		},
 
diff --git a/builtin/credential/aws-ec2/path_role_tag.go b/builtin/credential/aws-ec2/path_role_tag.go
index bf48a14b82..31ef5aa54c 100644
--- a/builtin/credential/aws-ec2/path_role_tag.go
+++ b/builtin/credential/aws-ec2/path_role_tag.go
@@ -1,4 +1,4 @@
-package aws
+package awsEc2
 
 import (
 	"crypto/hmac"
@@ -54,7 +54,7 @@ If set, the created tag can only be used by the instance with the given ID.`,
 			"disallow_reauthentication": &framework.FieldSchema{
 				Type:        framework.TypeBool,
 				Default:     false,
-				Description: "If set, only allows a single token to be granted per instance ID. In order to perform a fresh login, the entry in whitelist for the instance ID needs to be cleared using the 'auth/aws/identity-whitelist/<instance_id>' endpoint.",
+				Description: "If set, only allows a single token to be granted per instance ID. In order to perform a fresh login, the entry in whitelist for the instance ID needs to be cleared using the 'auth/aws-ec2/identity-whitelist/<instance_id>' endpoint.",
 			},
 		},
 
diff --git a/builtin/credential/aws-ec2/path_roletag_blacklist.go b/builtin/credential/aws-ec2/path_roletag_blacklist.go
index 0bbe33e5c2..71138d2953 100644
--- a/builtin/credential/aws-ec2/path_roletag_blacklist.go
+++ b/builtin/credential/aws-ec2/path_roletag_blacklist.go
@@ -1,4 +1,4 @@
-package aws
+package awsEc2
 
 import (
 	"encoding/base64"
diff --git a/builtin/credential/aws-ec2/path_tidy_identity_whitelist.go b/builtin/credential/aws-ec2/path_tidy_identity_whitelist.go
index 58c6353787..c32affdeb8 100644
--- a/builtin/credential/aws-ec2/path_tidy_identity_whitelist.go
+++ b/builtin/credential/aws-ec2/path_tidy_identity_whitelist.go
@@ -1,4 +1,4 @@
-package aws
+package awsEc2
 
 import (
 	"fmt"
diff --git a/builtin/credential/aws-ec2/path_tidy_roletag_blacklist.go b/builtin/credential/aws-ec2/path_tidy_roletag_blacklist.go
index 6856b3473e..eb92219046 100644
--- a/builtin/credential/aws-ec2/path_tidy_roletag_blacklist.go
+++ b/builtin/credential/aws-ec2/path_tidy_roletag_blacklist.go
@@ -1,4 +1,4 @@
-package aws
+package awsEc2
 
 import (
 	"fmt"
diff --git a/cli/commands.go b/cli/commands.go
index c6f8d901be..92df1a540d 100644
--- a/cli/commands.go
+++ b/cli/commands.go
@@ -9,7 +9,7 @@ import (
 	"github.com/hashicorp/vault/version"
 
 	credAppId "github.com/hashicorp/vault/builtin/credential/app-id"
-	credAws "github.com/hashicorp/vault/builtin/credential/aws"
+	credAwsEc2 "github.com/hashicorp/vault/builtin/credential/aws-ec2"
 	credCert "github.com/hashicorp/vault/builtin/credential/cert"
 	credGitHub "github.com/hashicorp/vault/builtin/credential/github"
 	credLdap "github.com/hashicorp/vault/builtin/credential/ldap"
@@ -64,7 +64,7 @@ func Commands(metaPtr *meta.Meta) map[string]cli.CommandFactory {
 				},
 				CredentialBackends: map[string]logical.Factory{
 					"cert":     credCert.Factory,
-					"aws":      credAws.Factory,
+					"aws-ec2":  credAwsEc2.Factory,
 					"app-id":   credAppId.Factory,
 					"github":   credGitHub.Factory,
 					"userpass": credUserpass.Factory,
diff --git a/website/source/docs/auth/aws.html.md b/website/source/docs/auth/aws.html.md
index 37452036b6..b85f5a2452 100644
--- a/website/source/docs/auth/aws.html.md
+++ b/website/source/docs/auth/aws.html.md
@@ -1,14 +1,14 @@
 ---
 layout: "docs"
-page_title: "Auth Backend: AWS EC2"
-sidebar_current: "docs-auth-aws"
+page_title: "Auth Backend: AWS-EC2"
+sidebar_current: "docs-auth-aws-ec2"
 description: |-
-  The AWS EC2 backend allows automated authentication of AWS EC2 instances.
+  The AWS-EC2 backend allows automated authentication of AWS EC2 instances.
 ---
 
-# Auth Backend: AWS EC2
+# Auth Backend: aws-ec2
 
-The AWS EC2 auth backend provides a secure introduction mechanism for AWS EC2
+The AWS-EC2 auth backend provides a secure introduction mechanism for AWS EC2
 instances, allowing automated retrieval of a Vault token. Unlike most Vault
 authentication backends, this backend does not require first-deploying, or
 provisioning security-sensitive credentials (tokens, username/password, client
@@ -128,7 +128,7 @@ instance. The tag holds information that represents a *subset* of privileges tha
 are set on the role and are used to further restrict the set of the role's
 privileges for that particular instance.
 
-A `role_tag` can be created using `auth/aws/role/<role>/tag` endpoint
+A `role_tag` can be created using `auth/aws-ec2/role/<role>/tag` endpoint
 and is immutable. The information present in the tag is SHA256 hashed and HMAC
 protected. The per-role key to HMAC is only maintained in the backend. This prevents
 an adversarial operator from modifying the tag when setting it on the EC2 instance
@@ -153,7 +153,7 @@ If an EC2 instance loses its client nonce (due to a reboot, a stop/start of the
 client, etc.), subsequent login attempts will not succeed. If the client nonce
 is lost, normally the only option is to delete the entry corresponding to the
 instance ID from the identity `whitelist` in the backend. This can be done via
-the `auth/aws/identity-whitelist/<instance_id>` endpoint. This allows a new
+the `auth/aws-ec2/identity-whitelist/<instance_id>` endpoint. This allows a new
 client nonce to be accepted by the backend during the next login request.
 
 Under certain circumstances there is another useful setting. When the instance
@@ -213,7 +213,7 @@ to the operator. Although role tags are only restrictive (a tag cannot escalate
 privileges above what is set on its role), if a role tag is found to have been
 used incorrectly, and the administrator wants to ensure that the role tag has no
 further effect, the role tag can be placed on a `blacklist` via the endpoint
-`auth/aws/roletag-blacklist/<role_tag>`. Note that this will not invalidate the
+`auth/aws-ec2/roletag-blacklist/<role_tag>`. Note that this will not invalidate the
 tokens that were already issued; this only blocks any further login requests from
 those instances that have the blacklisted tag attached to them.
 
@@ -248,7 +248,7 @@ provided with the backend is applicable for many regions. Instances whose PKCS#7
 signatures cannot be verified by the default public certificate, can register a
 different public certificate which can be found [here]
 (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html),
-via the `auth/aws/config/certificate/<cert_name>` endpoint.
+via the `auth/aws-ec2/config/certificate/<cert_name>` endpoint.
 
 ### Dangling Tokens
 
@@ -274,19 +274,19 @@ Note: the client uses the official AWS SDK and will use environment variable or
 IAM role-provided credentials if available.
 
 ```
-$ vault write auth/aws/config/client secret_key=vCtSM8ZUEQ3mOFVlYPBQkf2sO6F/W7a5TVzrl3Oj access_key=VKIAJBRHKH6EVTTNXDHA
+$ vault write auth/aws-ec2/config/client secret_key=vCtSM8ZUEQ3mOFVlYPBQkf2sO6F/W7a5TVzrl3Oj access_key=VKIAJBRHKH6EVTTNXDHA
 ```
 
 #### Configure the policies on the role.
 
 ```
-$ vault write auth/aws/role/dev-role bound_ami_id=ami-fce3c696 policies=prod,dev max_ttl=500h
+$ vault write auth/aws-ec2/role/dev-role bound_ami_id=ami-fce3c696 policies=prod,dev max_ttl=500h
 ```
 
 #### Perform the login operation
 
 ```
-$ vault write auth/aws/login role=dev-role pkcs7=MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEggGmewogICJkZXZwYXlQcm9kdWN0Q29kZXMiIDogbnVsbCwKICAicHJpdmF0ZUlwIiA6ICIxNzIuMzEuNjMuNjAiLAogICJhdmFpbGFiaWxpdHlab25lIiA6ICJ1cy1lYXN0LTFjIiwKICAidmVyc2lvbiIgOiAiMjAxMC0wOC0zMSIsCiAgImluc3RhbmNlSWQiIDogImktZGUwZjEzNDQiLAogICJiaWxsaW5nUHJvZHVjdHMiIDogbnVsbCwKICAiaW5zdGFuY2VUeXBlIiA6ICJ0Mi5taWNybyIsCiAgImFjY291bnRJZCIgOiAiMjQxNjU2NjE1ODU5IiwKICAiaW1hZ2VJZCIgOiAiYW1pLWZjZTNjNjk2IiwKICAicGVuZGluZ1RpbWUiIDogIjIwMTYtMDQtMDVUMTY6MjY6NTVaIiwKICAiYXJjaGl0ZWN0dXJlIiA6ICJ4ODZfNjQiLAogICJrZXJuZWxJZCIgOiBudWxsLAogICJyYW1kaXNrSWQiIDogbnVsbCwKICAicmVnaW9uIiA6ICJ1cy1lYXN0LTEiCn0AAAAAAAAxggEXMIIBEwIBATBpMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5ndG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2ViIFNlcnZpY2VzIExMQwIJAJa6SNnlXhpnMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA0MDUxNjI3MDBaMCMGCSqGSIb3DQEJBDEWBBRtiynzMTNfTw1TV/d8NvfgVw+XfTAJBgcqhkjOOAQDBC4wLAIUVfpVcNYoOKzN1c+h1Vsm/c5U0tQCFAK/K72idWrONIqMOVJ8Uen0wYg4AAAAAAAA nonce=vault-client-nonce
+$ vault write auth/aws-ec2/login role=dev-role pkcs7=MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEggGmewogICJkZXZwYXlQcm9kdWN0Q29kZXMiIDogbnVsbCwKICAicHJpdmF0ZUlwIiA6ICIxNzIuMzEuNjMuNjAiLAogICJhdmFpbGFiaWxpdHlab25lIiA6ICJ1cy1lYXN0LTFjIiwKICAidmVyc2lvbiIgOiAiMjAxMC0wOC0zMSIsCiAgImluc3RhbmNlSWQiIDogImktZGUwZjEzNDQiLAogICJiaWxsaW5nUHJvZHVjdHMiIDogbnVsbCwKICAiaW5zdGFuY2VUeXBlIiA6ICJ0Mi5taWNybyIsCiAgImFjY291bnRJZCIgOiAiMjQxNjU2NjE1ODU5IiwKICAiaW1hZ2VJZCIgOiAiYW1pLWZjZTNjNjk2IiwKICAicGVuZGluZ1RpbWUiIDogIjIwMTYtMDQtMDVUMTY6MjY6NTVaIiwKICAiYXJjaGl0ZWN0dXJlIiA6ICJ4ODZfNjQiLAogICJrZXJuZWxJZCIgOiBudWxsLAogICJyYW1kaXNrSWQiIDogbnVsbCwKICAicmVnaW9uIiA6ICJ1cy1lYXN0LTEiCn0AAAAAAAAxggEXMIIBEwIBATBpMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5ndG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2ViIFNlcnZpY2VzIExMQwIJAJa6SNnlXhpnMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA0MDUxNjI3MDBaMCMGCSqGSIb3DQEJBDEWBBRtiynzMTNfTw1TV/d8NvfgVw+XfTAJBgcqhkjOOAQDBC4wLAIUVfpVcNYoOKzN1c+h1Vsm/c5U0tQCFAK/K72idWrONIqMOVJ8Uen0wYg4AAAAAAAA nonce=vault-client-nonce
 ```
 
 
@@ -301,19 +301,19 @@ curl -X POST -H "x-vault-token:123" "http://127.0.0.1:8200/v1/sys/auth/aws" -d '
 #### Configure the credentials required to make AWS API calls.
 
 ```
-curl -X POST -H "x-vault-token:123" "http://127.0.0.1:8200/v1/auth/aws/config/client" -d '{"access_key":"VKIAJBRHKH6EVTTNXDHA", "secret_key":"vCtSM8ZUEQ3mOFVlYPBQkf2sO6F/W7a5TVzrl3Oj"}'
+curl -X POST -H "x-vault-token:123" "http://127.0.0.1:8200/v1/auth/aws-ec2/config/client" -d '{"access_key":"VKIAJBRHKH6EVTTNXDHA", "secret_key":"vCtSM8ZUEQ3mOFVlYPBQkf2sO6F/W7a5TVzrl3Oj"}'
 ```
 
 #### Configure the policies on the role.
 
 ```
-curl -X POST -H "x-vault-token:123" "http://127.0.0.1:8200/v1/auth/aws/role/dev-role -d '{"bound_ami_id":"ami-fce3c696","policies":"prod,dev","max_ttl":"500h"}'
+curl -X POST -H "x-vault-token:123" "http://127.0.0.1:8200/v1/auth/aws-ec2/role/dev-role -d '{"bound_ami_id":"ami-fce3c696","policies":"prod,dev","max_ttl":"500h"}'
 ```
 
 #### Perform the login operation
 
 ```
-curl -X POST "http://127.0.0.1:8200/v1/auth/aws/login" -d '{"role":"dev-role","pkcs7":"MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEggGmewogICJkZXZwYXlQcm9kdWN0Q29kZXMiIDogbnVsbCwKICAicHJpdmF0ZUlwIiA6ICIxNzIuMzEuNjMuNjAiLAogICJhdmFpbGFiaWxpdHlab25lIiA6ICJ1cy1lYXN0LTFjIiwKICAidmVyc2lvbiIgOiAiMjAxMC0wOC0zMSIsCiAgImluc3RhbmNlSWQiIDogImktZGUwZjEzNDQiLAogICJiaWxsaW5nUHJvZHVjdHMiIDogbnVsbCwKICAiaW5zdGFuY2VUeXBlIiA6ICJ0Mi5taWNybyIsCiAgImFjY291bnRJZCIgOiAiMjQxNjU2NjE1ODU5IiwKICAiaW1hZ2VJZCIgOiAiYW1pLWZjZTNjNjk2IiwKICAicGVuZGluZ1RpbWUiIDogIjIwMTYtMDQtMDVUMTY6MjY6NTVaIiwKICAiYXJjaGl0ZWN0dXJlIiA6ICJ4ODZfNjQiLAogICJrZXJuZWxJZCIgOiBudWxsLAogICJyYW1kaXNrSWQiIDogbnVsbCwKICAicmVnaW9uIiA6ICJ1cy1lYXN0LTEiCn0AAAAAAAAxggEXMIIBEwIBATBpMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5ndG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2ViIFNlcnZpY2VzIExMQwIJAJa6SNnlXhpnMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA0MDUxNjI3MDBaMCMGCSqGSIb3DQEJBDEWBBRtiynzMTNfTw1TV/d8NvfgVw+XfTAJBgcqhkjOOAQDBC4wLAIUVfpVcNYoOKzN1c+h1Vsm/c5U0tQCFAK/K72idWrONIqMOVJ8Uen0wYg4AAAAAAAA","nonce":"vault-client-nonce"}'
+curl -X POST "http://127.0.0.1:8200/v1/auth/aws-ec2/login" -d '{"role":"dev-role","pkcs7":"MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEggGmewogICJkZXZwYXlQcm9kdWN0Q29kZXMiIDogbnVsbCwKICAicHJpdmF0ZUlwIiA6ICIxNzIuMzEuNjMuNjAiLAogICJhdmFpbGFiaWxpdHlab25lIiA6ICJ1cy1lYXN0LTFjIiwKICAidmVyc2lvbiIgOiAiMjAxMC0wOC0zMSIsCiAgImluc3RhbmNlSWQiIDogImktZGUwZjEzNDQiLAogICJiaWxsaW5nUHJvZHVjdHMiIDogbnVsbCwKICAiaW5zdGFuY2VUeXBlIiA6ICJ0Mi5taWNybyIsCiAgImFjY291bnRJZCIgOiAiMjQxNjU2NjE1ODU5IiwKICAiaW1hZ2VJZCIgOiAiYW1pLWZjZTNjNjk2IiwKICAicGVuZGluZ1RpbWUiIDogIjIwMTYtMDQtMDVUMTY6MjY6NTVaIiwKICAiYXJjaGl0ZWN0dXJlIiA6ICJ4ODZfNjQiLAogICJrZXJuZWxJZCIgOiBudWxsLAogICJyYW1kaXNrSWQiIDogbnVsbCwKICAicmVnaW9uIiA6ICJ1cy1lYXN0LTEiCn0AAAAAAAAxggEXMIIBEwIBATBpMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5ndG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2ViIFNlcnZpY2VzIExMQwIJAJa6SNnlXhpnMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA0MDUxNjI3MDBaMCMGCSqGSIb3DQEJBDEWBBRtiynzMTNfTw1TV/d8NvfgVw+XfTAJBgcqhkjOOAQDBC4wLAIUVfpVcNYoOKzN1c+h1Vsm/c5U0tQCFAK/K72idWrONIqMOVJ8Uen0wYg4AAAAAAAA","nonce":"vault-client-nonce"}'
 ```
 
 
@@ -347,7 +347,7 @@ The response will be in JSON. For example:
 ```
 
 ## API
-### /auth/aws/config/client
+### /auth/aws-ec2/config/client
 #### POST
 <dl class="api">
   <dt>Description</dt>
@@ -368,7 +368,7 @@ The response will be in JSON. For example:
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/config/client`</dd>
+  <dd>`/auth/aws-ec2/config/client`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -412,7 +412,7 @@ The response will be in JSON. For example:
   <dd>GET</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/config/client`</dd>
+  <dd>`/auth/aws-ec2/config/client`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -452,7 +452,7 @@ The response will be in JSON. For example:
   <dd>DELETE</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/config/client`</dd>
+  <dd>`/auth/aws-ec2/config/client`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -465,7 +465,7 @@ The response will be in JSON. For example:
 </dl>
 
 
-### /auth/aws/config/certificate/<cert_name>
+### /auth/aws-ec2/config/certificate/<cert_name>
 #### POST
 <dl class="api">
   <dt>Description</dt>
@@ -478,7 +478,7 @@ The response will be in JSON. For example:
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/config/certificate/<cert_name>`</dd>
+  <dd>`/auth/aws-ec2/config/certificate/<cert_name>`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -515,7 +515,7 @@ The response will be in JSON. For example:
   <dd>GET</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/config/certificate/<cert_name>`</dd>
+  <dd>`/auth/aws-ec2/config/certificate/<cert_name>`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -552,7 +552,7 @@ The response will be in JSON. For example:
   <dd>GET</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/config/certificates?list=true`</dd>
+  <dd>`/auth/aws-ec2/config/certificates?list=true`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -580,7 +580,7 @@ The response will be in JSON. For example:
   </dd>
 </dl>
 
-### /auth/aws/config/tidy/identity-whitelist
+### /auth/aws-ec2/config/tidy/identity-whitelist
 ##### POST
 <dl class="api">
   <dt>Description</dt>
@@ -592,7 +592,7 @@ The response will be in JSON. For example:
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/config/tidy/identity-whitelist`</dd>
+  <dd>`/auth/aws-ec2/config/tidy/identity-whitelist`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -631,7 +631,7 @@ The response will be in JSON. For example:
   <dd>GET</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/config/tidy/identity-whitelist`</dd>
+  <dd>`/auth/aws-ec2/config/tidy/identity-whitelist`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -669,7 +669,7 @@ The response will be in JSON. For example:
   <dd>DELETE</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/config/tidy/identity-whitelist`</dd>
+  <dd>`/auth/aws-ec2/config/tidy/identity-whitelist`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -683,7 +683,7 @@ The response will be in JSON. For example:
 
 
 
-### /auth/aws/config/tidy/roletag-blacklist
+### /auth/aws-ec2/config/tidy/roletag-blacklist
 ##### POST
 <dl class="api">
   <dt>Description</dt>
@@ -695,7 +695,7 @@ The response will be in JSON. For example:
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/config/tidy/roletag-blacklist`</dd>
+  <dd>`/auth/aws-ec2/config/tidy/roletag-blacklist`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -733,7 +733,7 @@ The response will be in JSON. For example:
   <dd>GET</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/config/tidy/roletag-blacklist`</dd>
+  <dd>`/auth/aws-ec2/config/tidy/roletag-blacklist`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -771,7 +771,7 @@ The response will be in JSON. For example:
   <dd>DELETE</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/config/tidy/roletag-blacklist`</dd>
+  <dd>`/auth/aws-ec2/config/tidy/roletag-blacklist`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -785,7 +785,7 @@ The response will be in JSON. For example:
 
 
 
-### /auth/aws/role/<role>
+### /auth/aws-ec2/role/<role>
 #### POST
 <dl class="api">
   <dt>Description</dt>
@@ -801,7 +801,7 @@ The response will be in JSON. For example:
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/role/<role>`</dd>
+  <dd>`/auth/aws-ec2/role/<role>`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -854,7 +854,7 @@ The response will be in JSON. For example:
       <li>
         <span class="param">disallow_reauthentication</span>
         <span class="param-flags">optional</span>
-        If set, only allows a single token to be granted per instance ID. In order to perform a fresh login, the entry in whitelist for the instance ID needs to be cleared using 'auth/aws/identity-whitelist/<instance_id>' endpoint. Defaults to 'false'.
+        If set, only allows a single token to be granted per instance ID. In order to perform a fresh login, the entry in whitelist for the instance ID needs to be cleared using 'auth/aws-ec2/identity-whitelist/<instance_id>' endpoint. Defaults to 'false'.
       </li>
     </ul>
   </dd>
@@ -876,7 +876,7 @@ The response will be in JSON. For example:
   <dd>GET</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/role/<role>`</dd>
+  <dd>`/auth/aws-ec2/role/<role>`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -923,7 +923,7 @@ The response will be in JSON. For example:
   <dd>GET</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/roles?list=true`</dd>
+  <dd>`/auth/aws-ec2/roles?list=true`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -964,7 +964,7 @@ The response will be in JSON. For example:
   <dd>DELETE</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/role/<role>`</dd>
+  <dd>`/auth/aws-ec2/role/<role>`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -977,7 +977,7 @@ The response will be in JSON. For example:
 </dl>
 
 
-### /auth/aws/role/<role>/tag
+### /auth/aws-ec2/role/<role>/tag
 #### POST
 <dl class="api">
   <dt>Description</dt>
@@ -990,7 +990,7 @@ The response will be in JSON. For example:
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/role/<role>/tag`</dd>
+  <dd>`/auth/aws-ec2/role/<role>/tag`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -1028,7 +1028,7 @@ The response will be in JSON. For example:
       <li>
         <span class="param">disallow_reauthentication</span>
         <span class="param-flags">optional</span>
-        If set, only allows a single token to be granted per instance ID. This can be cleared with the auth/aws/identity-whitelist endpoint. Defaults to 'false'.
+        If set, only allows a single token to be granted per instance ID. This can be cleared with the auth/aws-ec2/identity-whitelist endpoint. Defaults to 'false'.
       </li>
     </ul>
     <ul>
@@ -1061,7 +1061,7 @@ The response will be in JSON. For example:
 </dl>
 
 
-### /auth/aws/login
+### /auth/aws-ec2/login
 #### POST
 <dl class="api">
   <dt>Description</dt>
@@ -1075,7 +1075,7 @@ The response will be in JSON. For example:
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/login`</dd>
+  <dd>`/auth/aws-ec2/login`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -1140,7 +1140,7 @@ The response will be in JSON. For example:
 </dl>
 
 
-### /auth/aws/roletag-blacklist/<role_tag>
+### /auth/aws-ec2/roletag-blacklist/<role_tag>
 #### POST
 <dl class="api">
   <dt>Description</dt>
@@ -1156,7 +1156,7 @@ The response will be in JSON. For example:
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/roletag-blacklist/<role_tag>`</dd>
+  <dd>`/auth/aws-ec2/roletag-blacklist/<role_tag>`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -1187,7 +1187,7 @@ The response will be in JSON. For example:
   <dd>GET</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/broletag-blacklist/<role_tag>`</dd>
+  <dd>`/auth/aws-ec2/broletag-blacklist/<role_tag>`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -1226,7 +1226,7 @@ The response will be in JSON. For example:
   <dd>GET</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/roletag-blacklist?list=true`</dd>
+  <dd>`/auth/aws-ec2/roletag-blacklist?list=true`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -1266,7 +1266,7 @@ The response will be in JSON. For example:
   <dd>DELETE</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/roletag-blacklist/<role_tag>`</dd>
+  <dd>`/auth/aws-ec2/roletag-blacklist/<role_tag>`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -1279,7 +1279,7 @@ The response will be in JSON. For example:
 </dl>
 
 
-### /auth/aws/tidy/roletag-blacklist
+### /auth/aws-ec2/tidy/roletag-blacklist
 #### POST
 <dl class="api">
   <dt>Description</dt>
@@ -1291,7 +1291,7 @@ The response will be in JSON. For example:
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/tidy/roletag-blacklist`</dd>
+  <dd>`/auth/aws-ec2/tidy/roletag-blacklist`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -1310,7 +1310,7 @@ The response will be in JSON. For example:
 </dl>
 
 
-### /auth/aws/identity-whitelist/<instance_id>
+### /auth/aws-ec2/identity-whitelist/<instance_id>
 #### GET
 <dl class="api">
   <dt>Description</dt>
@@ -1322,7 +1322,7 @@ The response will be in JSON. For example:
   <dd>GET</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/identity-whitelist/<instance_id>`</dd>
+  <dd>`/auth/aws-ec2/identity-whitelist/<instance_id>`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -1371,7 +1371,7 @@ The response will be in JSON. For example:
   <dd>GET</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/identity-whitelist?list=true`</dd>
+  <dd>`/auth/aws-ec2/identity-whitelist?list=true`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -1411,7 +1411,7 @@ The response will be in JSON. For example:
   <dd>DELETE</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/identity-whitelist/<instance_id>`</dd>
+  <dd>`/auth/aws-ec2/identity-whitelist/<instance_id>`</dd>
 
   <dt>Parameters</dt>
   <dd>
@@ -1424,7 +1424,7 @@ The response will be in JSON. For example:
 </dl>
 
 
-### /auth/aws/tidy/identity-whitelist
+### /auth/aws-ec2/tidy/identity-whitelist
 #### POST
 <dl class="api">
   <dt>Description</dt>
@@ -1436,7 +1436,7 @@ The response will be in JSON. For example:
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/aws/tidy/identity-whitelist`</dd>
+  <dd>`/auth/aws-ec2/tidy/identity-whitelist`</dd>
 
   <dt>Parameters</dt>
   <dd>
diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb
index 386a1396be..7212168c47 100644
--- a/website/source/layouts/docs.erb
+++ b/website/source/layouts/docs.erb
@@ -186,7 +186,7 @@
 							<a href="/docs/auth/userpass.html">Username &amp; Password</a>
 						</li>
 
-						<li<%= sidebar_current("docs-auth-aws") %>>
+						<li<%= sidebar_current("docs-auth-aws-ec2") %>>
 							<a href="/docs/auth/aws.html">AWS EC2 Auth</a>
 						</li>
 					</ul>

From 5500df40cbb0d544ef1d3aaea862e5d8be40e3ed Mon Sep 17 00:00:00 2001
From: vishalnayak <vishalnayakv@gmail.com>
Date: Sun, 29 May 2016 10:58:32 -0400
Subject: [PATCH 3/7] rename aws.html.md as aws-ec2.html.md

---
 website/source/docs/auth/{aws.html.md => aws-ec2.html.md} | 0
 website/source/layouts/docs.erb                           | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename website/source/docs/auth/{aws.html.md => aws-ec2.html.md} (100%)

diff --git a/website/source/docs/auth/aws.html.md b/website/source/docs/auth/aws-ec2.html.md
similarity index 100%
rename from website/source/docs/auth/aws.html.md
rename to website/source/docs/auth/aws-ec2.html.md
diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb
index 7212168c47..92ca793a03 100644
--- a/website/source/layouts/docs.erb
+++ b/website/source/layouts/docs.erb
@@ -187,7 +187,7 @@
 						</li>
 
 						<li<%= sidebar_current("docs-auth-aws-ec2") %>>
-							<a href="/docs/auth/aws.html">AWS EC2 Auth</a>
+							<a href="/docs/auth/aws-ec2.html">AWS EC2 Auth</a>
 						</li>
 					</ul>
 				</li>

From 6d96a1843f53cfc2af4f8f0d32993ac16a3b9e29 Mon Sep 17 00:00:00 2001
From: vishalnayak <vishalnayakv@gmail.com>
Date: Mon, 30 May 2016 18:58:58 -0400
Subject: [PATCH 4/7] Upgrade 'aws' auth table entry to 'aws-ec2'

---
 vault/auth.go      |  7 ++++++
 vault/auth_test.go | 57 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+)

diff --git a/vault/auth.go b/vault/auth.go
index 2c1f2d2868..b86401cbfb 100644
--- a/vault/auth.go
+++ b/vault/auth.go
@@ -224,6 +224,13 @@ func (c *Core) loadCredentials() error {
 
 		// Upgrade to table-scoped entries
 		for _, entry := range c.auth.Entries {
+			// The auth backend "aws-ec2" was named "aws" in the master.
+			// This is to support upgrade procedure from "aws" to "aws-ec2".
+			if entry.Path == "aws/" {
+				entry.Path = "aws-ec2/"
+				entry.Type = "aws-ec2"
+				needPersist = true
+			}
 			if entry.Table == "" {
 				entry.Table = c.auth.Type
 				needPersist = true
diff --git a/vault/auth_test.go b/vault/auth_test.go
index 40dbf8ef40..2049faf492 100644
--- a/vault/auth_test.go
+++ b/vault/auth_test.go
@@ -1,12 +1,69 @@
 package vault
 
 import (
+	"encoding/json"
 	"reflect"
 	"testing"
 
 	"github.com/hashicorp/vault/logical"
 )
 
+func TestAuth_UpgradeAWSEC2Auth(t *testing.T) {
+	c, _, _ := TestCoreUnsealed(t)
+
+	// create a no-op backend in the name of "aws"
+	c.credentialBackends["aws"] = func(*logical.BackendConfig) (logical.Backend, error) {
+		return &NoopBackend{}, nil
+	}
+
+	// create a mount entry and create an entry in the mount table
+	me := &MountEntry{
+		Table: credentialTableType,
+		Path:  "aws",
+		Type:  "aws",
+	}
+	err := c.enableCredential(me)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+
+	// save the mount table with an auth entry for "aws"
+	mt := c.auth
+	before, err := json.Marshal(mt)
+	if err != nil {
+		t.Fatal(err)
+	}
+	entry := &Entry{
+		Key:   coreAuthConfigPath,
+		Value: before,
+	}
+	if err := c.barrier.Put(entry); err != nil {
+		t.Fatal(err)
+	}
+
+	// create an expected value
+	var expectedMt MountTable
+	expectedMt = *c.auth
+	expectedMt.Entries[1].Path = "aws-ec2/"
+	expectedMt.Entries[1].Type = "aws-ec2"
+	expected, err := json.Marshal(&expectedMt)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// loadCredentials should upgrade the mount table and the entry should now be "aws-ec2"
+	err = c.loadCredentials()
+
+	// read the entry back again and compare it with the expected value
+	actual, err := c.barrier.Get(coreAuthConfigPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !reflect.DeepEqual(expected, actual.Value) {
+		t.Fatalf("bad: expected\n%s\ngot\n%s\n", string(expected), string(entry.Value))
+	}
+}
+
 func TestCore_DefaultAuthTable(t *testing.T) {
 	c, key, _ := TestCoreUnsealed(t)
 	verifyDefaultAuthTable(t, c.auth)

From b1a7e28d8cba3eebe25b8995c73f8870831a58c3 Mon Sep 17 00:00:00 2001
From: vishalnayak <vishalnayakv@gmail.com>
Date: Tue, 31 May 2016 19:52:08 -0400
Subject: [PATCH 5/7] Modify just the type and not the path

---
 vault/auth.go      | 1 -
 vault/auth_test.go | 8 ++++++--
 vault/router.go    | 3 +++
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/vault/auth.go b/vault/auth.go
index b86401cbfb..e62b61dbcd 100644
--- a/vault/auth.go
+++ b/vault/auth.go
@@ -227,7 +227,6 @@ func (c *Core) loadCredentials() error {
 			// The auth backend "aws-ec2" was named "aws" in the master.
 			// This is to support upgrade procedure from "aws" to "aws-ec2".
 			if entry.Path == "aws/" {
-				entry.Path = "aws-ec2/"
 				entry.Type = "aws-ec2"
 				needPersist = true
 			}
diff --git a/vault/auth_test.go b/vault/auth_test.go
index 2049faf492..3df8f2149d 100644
--- a/vault/auth_test.go
+++ b/vault/auth_test.go
@@ -44,8 +44,12 @@ func TestAuth_UpgradeAWSEC2Auth(t *testing.T) {
 	// create an expected value
 	var expectedMt MountTable
 	expectedMt = *c.auth
-	expectedMt.Entries[1].Path = "aws-ec2/"
-	expectedMt.Entries[1].Type = "aws-ec2"
+
+	for _, entry := range expectedMt.Entries {
+		if entry.Type == "aws" {
+			entry.Type = "aws-ec2"
+		}
+	}
 	expected, err := json.Marshal(&expectedMt)
 	if err != nil {
 		t.Fatal(err)
diff --git a/vault/router.go b/vault/router.go
index 64f63bc3fd..905d7e7692 100644
--- a/vault/router.go
+++ b/vault/router.go
@@ -68,6 +68,9 @@ func (r *Router) Mount(backend logical.Backend, prefix string, mountEntry *Mount
 		rootPaths:   pathsToRadix(paths.Root),
 		loginPaths:  pathsToRadix(paths.Unauthenticated),
 	}
+	if prefix == "auth/aws/" {
+		r.root.Insert("auth/aws-ec2/", re)
+	}
 	r.root.Insert(prefix, re)
 
 	return nil

From 2265d1a890189a27617464f0f0eae36548eeb12e Mon Sep 17 00:00:00 2001
From: vishalnayak <vishalnayakv@gmail.com>
Date: Wed, 1 Jun 2016 10:10:12 -0400
Subject: [PATCH 6/7] Use entry.Type as a criteria for upgrade

---
 builtin/credential/aws-ec2/backend.go                          | 2 +-
 builtin/credential/aws-ec2/backend_test.go                     | 2 +-
 builtin/credential/aws-ec2/client.go                           | 2 +-
 builtin/credential/aws-ec2/path_config_certificate.go          | 2 +-
 builtin/credential/aws-ec2/path_config_client.go               | 2 +-
 .../credential/aws-ec2/path_config_tidy_identity_whitelist.go  | 2 +-
 .../credential/aws-ec2/path_config_tidy_roletag_blacklist.go   | 2 +-
 builtin/credential/aws-ec2/path_identity_whitelist.go          | 2 +-
 builtin/credential/aws-ec2/path_login.go                       | 2 +-
 builtin/credential/aws-ec2/path_role.go                        | 2 +-
 builtin/credential/aws-ec2/path_role_tag.go                    | 2 +-
 builtin/credential/aws-ec2/path_roletag_blacklist.go           | 2 +-
 builtin/credential/aws-ec2/path_tidy_identity_whitelist.go     | 2 +-
 builtin/credential/aws-ec2/path_tidy_roletag_blacklist.go      | 2 +-
 vault/auth.go                                                  | 2 +-
 vault/router.go                                                | 3 ---
 16 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/builtin/credential/aws-ec2/backend.go b/builtin/credential/aws-ec2/backend.go
index 27f60b5352..11f07ed1cd 100644
--- a/builtin/credential/aws-ec2/backend.go
+++ b/builtin/credential/aws-ec2/backend.go
@@ -1,4 +1,4 @@
-package awsEc2
+package awsec2
 
 import (
 	"sync"
diff --git a/builtin/credential/aws-ec2/backend_test.go b/builtin/credential/aws-ec2/backend_test.go
index 9176f554c9..18076fe9a2 100644
--- a/builtin/credential/aws-ec2/backend_test.go
+++ b/builtin/credential/aws-ec2/backend_test.go
@@ -1,4 +1,4 @@
-package awsEc2
+package awsec2
 
 import (
 	"encoding/base64"
diff --git a/builtin/credential/aws-ec2/client.go b/builtin/credential/aws-ec2/client.go
index 00c7fff7b5..59120eda19 100644
--- a/builtin/credential/aws-ec2/client.go
+++ b/builtin/credential/aws-ec2/client.go
@@ -1,4 +1,4 @@
-package awsEc2
+package awsec2
 
 import (
 	"fmt"
diff --git a/builtin/credential/aws-ec2/path_config_certificate.go b/builtin/credential/aws-ec2/path_config_certificate.go
index 2bdffebcd5..ed225abdff 100644
--- a/builtin/credential/aws-ec2/path_config_certificate.go
+++ b/builtin/credential/aws-ec2/path_config_certificate.go
@@ -1,4 +1,4 @@
-package awsEc2
+package awsec2
 
 import (
 	"crypto/x509"
diff --git a/builtin/credential/aws-ec2/path_config_client.go b/builtin/credential/aws-ec2/path_config_client.go
index dc5ee6f584..008e3e69a0 100644
--- a/builtin/credential/aws-ec2/path_config_client.go
+++ b/builtin/credential/aws-ec2/path_config_client.go
@@ -1,4 +1,4 @@
-package awsEc2
+package awsec2
 
 import (
 	"github.com/fatih/structs"
diff --git a/builtin/credential/aws-ec2/path_config_tidy_identity_whitelist.go b/builtin/credential/aws-ec2/path_config_tidy_identity_whitelist.go
index 52a0c4a0f0..8fac923dc3 100644
--- a/builtin/credential/aws-ec2/path_config_tidy_identity_whitelist.go
+++ b/builtin/credential/aws-ec2/path_config_tidy_identity_whitelist.go
@@ -1,4 +1,4 @@
-package awsEc2
+package awsec2
 
 import (
 	"fmt"
diff --git a/builtin/credential/aws-ec2/path_config_tidy_roletag_blacklist.go b/builtin/credential/aws-ec2/path_config_tidy_roletag_blacklist.go
index 748976869e..071ab91446 100644
--- a/builtin/credential/aws-ec2/path_config_tidy_roletag_blacklist.go
+++ b/builtin/credential/aws-ec2/path_config_tidy_roletag_blacklist.go
@@ -1,4 +1,4 @@
-package awsEc2
+package awsec2
 
 import (
 	"fmt"
diff --git a/builtin/credential/aws-ec2/path_identity_whitelist.go b/builtin/credential/aws-ec2/path_identity_whitelist.go
index 39df6ef404..41954ca895 100644
--- a/builtin/credential/aws-ec2/path_identity_whitelist.go
+++ b/builtin/credential/aws-ec2/path_identity_whitelist.go
@@ -1,4 +1,4 @@
-package awsEc2
+package awsec2
 
 import (
 	"time"
diff --git a/builtin/credential/aws-ec2/path_login.go b/builtin/credential/aws-ec2/path_login.go
index bbd20a6fd8..268e02f369 100644
--- a/builtin/credential/aws-ec2/path_login.go
+++ b/builtin/credential/aws-ec2/path_login.go
@@ -1,4 +1,4 @@
-package awsEc2
+package awsec2
 
 import (
 	"encoding/json"
diff --git a/builtin/credential/aws-ec2/path_role.go b/builtin/credential/aws-ec2/path_role.go
index 7790474f2a..d958e5f1bd 100644
--- a/builtin/credential/aws-ec2/path_role.go
+++ b/builtin/credential/aws-ec2/path_role.go
@@ -1,4 +1,4 @@
-package awsEc2
+package awsec2
 
 import (
 	"fmt"
diff --git a/builtin/credential/aws-ec2/path_role_tag.go b/builtin/credential/aws-ec2/path_role_tag.go
index 31ef5aa54c..5544fd3017 100644
--- a/builtin/credential/aws-ec2/path_role_tag.go
+++ b/builtin/credential/aws-ec2/path_role_tag.go
@@ -1,4 +1,4 @@
-package awsEc2
+package awsec2
 
 import (
 	"crypto/hmac"
diff --git a/builtin/credential/aws-ec2/path_roletag_blacklist.go b/builtin/credential/aws-ec2/path_roletag_blacklist.go
index 71138d2953..62ef923ead 100644
--- a/builtin/credential/aws-ec2/path_roletag_blacklist.go
+++ b/builtin/credential/aws-ec2/path_roletag_blacklist.go
@@ -1,4 +1,4 @@
-package awsEc2
+package awsec2
 
 import (
 	"encoding/base64"
diff --git a/builtin/credential/aws-ec2/path_tidy_identity_whitelist.go b/builtin/credential/aws-ec2/path_tidy_identity_whitelist.go
index c32affdeb8..f16637dbf6 100644
--- a/builtin/credential/aws-ec2/path_tidy_identity_whitelist.go
+++ b/builtin/credential/aws-ec2/path_tidy_identity_whitelist.go
@@ -1,4 +1,4 @@
-package awsEc2
+package awsec2
 
 import (
 	"fmt"
diff --git a/builtin/credential/aws-ec2/path_tidy_roletag_blacklist.go b/builtin/credential/aws-ec2/path_tidy_roletag_blacklist.go
index eb92219046..307cfdc7fe 100644
--- a/builtin/credential/aws-ec2/path_tidy_roletag_blacklist.go
+++ b/builtin/credential/aws-ec2/path_tidy_roletag_blacklist.go
@@ -1,4 +1,4 @@
-package awsEc2
+package awsec2
 
 import (
 	"fmt"
diff --git a/vault/auth.go b/vault/auth.go
index e62b61dbcd..922580aa01 100644
--- a/vault/auth.go
+++ b/vault/auth.go
@@ -226,7 +226,7 @@ func (c *Core) loadCredentials() error {
 		for _, entry := range c.auth.Entries {
 			// The auth backend "aws-ec2" was named "aws" in the master.
 			// This is to support upgrade procedure from "aws" to "aws-ec2".
-			if entry.Path == "aws/" {
+			if entry.Type == "aws" {
 				entry.Type = "aws-ec2"
 				needPersist = true
 			}
diff --git a/vault/router.go b/vault/router.go
index 905d7e7692..64f63bc3fd 100644
--- a/vault/router.go
+++ b/vault/router.go
@@ -68,9 +68,6 @@ func (r *Router) Mount(backend logical.Backend, prefix string, mountEntry *Mount
 		rootPaths:   pathsToRadix(paths.Root),
 		loginPaths:  pathsToRadix(paths.Unauthenticated),
 	}
-	if prefix == "auth/aws/" {
-		r.root.Insert("auth/aws-ec2/", re)
-	}
 	r.root.Insert(prefix, re)
 
 	return nil

From 386abbad9e37b205d5437c7652ba6c92b5cc5cfe Mon Sep 17 00:00:00 2001
From: vishalnayak <vishalnayakv@gmail.com>
Date: Wed, 1 Jun 2016 10:36:58 -0400
Subject: [PATCH 7/7] Address review feedback

---
 builtin/credential/aws-ec2/backend.go    | 2 +-
 website/source/docs/auth/aws-ec2.html.md | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/builtin/credential/aws-ec2/backend.go b/builtin/credential/aws-ec2/backend.go
index 11f07ed1cd..af9bc86f27 100644
--- a/builtin/credential/aws-ec2/backend.go
+++ b/builtin/credential/aws-ec2/backend.go
@@ -160,7 +160,7 @@ func (b *backend) periodicFunc(req *logical.Request) error {
 }
 
 const backendHelp = `
-AWS-EC2 auth backend takes in PKCS#7 signature of an AWS EC2 instance and a client
+aws-ec2 auth backend takes in PKCS#7 signature of an AWS EC2 instance and a client
 created nonce to authenticates the EC2 instance with Vault.
 
 Authentication is backed by a preconfigured role in the backend. The role
diff --git a/website/source/docs/auth/aws-ec2.html.md b/website/source/docs/auth/aws-ec2.html.md
index b85f5a2452..34c14c34f0 100644
--- a/website/source/docs/auth/aws-ec2.html.md
+++ b/website/source/docs/auth/aws-ec2.html.md
@@ -3,12 +3,12 @@ layout: "docs"
 page_title: "Auth Backend: AWS-EC2"
 sidebar_current: "docs-auth-aws-ec2"
 description: |-
-  The AWS-EC2 backend allows automated authentication of AWS EC2 instances.
+  The aws-ec2 backend allows automated authentication of AWS EC2 instances.
 ---
 
 # Auth Backend: aws-ec2
 
-The AWS-EC2 auth backend provides a secure introduction mechanism for AWS EC2
+The aws-ec2 auth backend provides a secure introduction mechanism for AWS EC2
 instances, allowing automated retrieval of a Vault token. Unlike most Vault
 authentication backends, this backend does not require first-deploying, or
 provisioning security-sensitive credentials (tokens, username/password, client