Add AWS EC2 instances into your tailscale network (tailnet). Provides easy SSH access to your instances. Afterwards, delete EC2 instance and associated resources with a single command.
go install github.com/svennjegac/tailscale.node-provider/[email protected]
- Generate
Reusable
&Ephemeral
Tailscale Auth key. (https://login.tailscale.com/admin/settings/keys)
- Generate AWS access key and secret. Give admin permissions to keys. It is possible to restrict access, but I did not take time yet to define proper IAM policy document. (https://aws.amazon.com/premiumsupport/knowledge-center/create-access-key/)
- Add
autoApprovers
to your Tailscale ACL configuration. (Normally, when you advertise EC2 instance as exit node, you will need to manually approve it through UI. This ACL rule automates approving step)
- You will be prompted to enter credentials when invoking commands which communicate with AWS / Tailscale. (We will get to that in the next section)
Add AWS EC2 instance into your tailnet.
- Run
tscalectl up -i -e
(interactive
&exit-node
flags turned ON). - Enter credentials which were created in the
Prerequsites
section. (AWS creds + Tailscale auth key) - Interactive flag will prompt you to provide region, instanceType and instance AMI. Enter the number which indicates chosen region. (And do the same for instanceType and AMI).
- Afterwards, CLI will proceed with VPN node provisioning.
- Once done, CLI will inform you that your node is ready for use.
- You will be able to see and use your tailscale nodes.
Add AWS EC2 instance into your tailnet. Skip prompts for user input.
- Run
tscalectl up -r=eu-north-1 -t=t3.small -a=ami-0440e5026412ff23f
(Add-e flag if you want to make it exit node
) If you want, you can omit one or more flags(r/t/a)
, and add-i
flag. You will be prompted only for parameters you didn't specify, e.g. AMI. - Without any prompts, CLI will proceed and it will add EC2 VPN node.