This post provides a tour of HCP Boundary and HCP Vault through the eyes of Terraform. The goal is to set up just-in-time access to AWS EC2 instances for on-call engineers. When an alarm is triggered in AWS due to high CPU utilization on an EC2 instance a Lambda function is invoked to configure access in Boundary for on-call engineers. When the alarm is cleared the access is removed. Vault is used for credential injection, so that on-call engineers are able to access EC2 instances without requiring access to any static credentials.