AWS. I thought about using the AWS EC2 auth provider to grant a temporary lease that is fed into consul template so that template can pull down additional information.
But it's all in my head and I haven't gotten around to planning this out. It looks like once the initial trust is granted then hooking up consul template and chef is pretty straight forward. At least, that's what I got from Seth Vargo's post on using Chef and Vault.
