terraform-aws-lightsail-tailscale-exit-node

Terraform module for deploying a Tailscale exit node on AWS Lightsail.

Warning

This module requires a tag defined in Tailscale Access Controls.

Warning

This module requires an OAuth client with at least the following scopes: devices:core=write, keys:auth-keys=write.

Usage

Single exit node

terraform {
  required_version = "~> 1.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = var.lightsail_region
}

module "exit_node" {
  source = "github.com/bendwyer/terraform-aws-lightsail-tailscale-exit-node"

  lightsail_instance_name = "vpn-${var.lightsail_region}"
}

Multiple exit nodes

terraform {
  required_version = "~> 1.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = var.lightsail_region
}

provider "aws" {
  alias  = "jp"
  region = "ap-northeast-1"
}

provider "aws" {
  alias  = "us"
  region = "us-east-1"
}

module "de_exit_node" {
  source = "github.com/bendwyer/terraform-aws-lightsail-tailscale-exit-node"

  lightsail_instance_name = "vpn-${var.lightsail_region}"
}

module "jp_exit_node" {
  source = "github.com/bendwyer/terraform-aws-lightsail-tailscale-exit-node"

  providers = {
    aws = aws.jp
  }

  lightsail_instance_name        = "vpn-ap-northeast-1"
  lightsail_region               = "ap-northeast-1"
  lightsail_region_friendly_name = "tokyo"
}

module "us_exit_node" {
  source = "github.com/bendwyer/terraform-aws-lightsail-tailscale-exit-node"

  providers = {
    aws = aws.us
  }

  lightsail_instance_name        = "vpn-us-east-1"
  lightsail_region               = "us-east-1"
  lightsail_region_friendly_name = "ohio"
}

ACL with multiple exit nodes

terraform {
  required_version = "~> 1.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
    tailscale = {
      source  = "tailscale/tailscale"
      version = "~> 0.0"
    }
  }
}

provider "aws" {
  region = var.lightsail_region
}

provider "aws" {
  alias  = "jp"
  region = "ap-northeast-1"
}

provider "aws" {
  alias  = "us"
  region = "us-east-1"
}

provider "tailscale" {}

resource "tailscale_acl" "this" {
  acl = templatefile("${path.root}/acl.json.tftpl", {
    tailscale_exit_node_tag = var.tailscale_exit_node_tag
  })
  reset_acl_on_destroy = true
}

module "de_exit_node" {
  source = "github.com/bendwyer/terraform-aws-lightsail-tailscale-exit-node"

  lightsail_instance_name = "vpn-${var.lightsail_region}"
}

module "jp_exit_node" {
  source = "github.com/bendwyer/terraform-aws-lightsail-tailscale-exit-node"

  providers = {
    aws = aws.jp
  }
  lightsail_instance_name        = "vpn-ap-northeast-1"
  lightsail_region               = "ap-northeast-1"
  lightsail_region_friendly_name = "tokyo"
}

module "us_exit_node" {
  source = "github.com/bendwyer/terraform-aws-lightsail-tailscale-exit-node"

  providers = {
    aws = aws.us
  }

  lightsail_instance_name        = "vpn-us-east-1"
  lightsail_region               = "us-east-1"
  lightsail_region_friendly_name = "ohio"
}

Requirements

Name	Version
terraform	>=1.10.0
aws	>=5.37.0

Providers

Name	Version
aws	>=5.37.0

Resources

Name	Type
aws_lightsail_instance.this	resource
aws_lightsail_instance_public_ports.this	resource

Inputs

Name	Description	Type	Default	Required
lightsail_instance_name	Display name for instance in Lightsail dashboard.	`string`	n/a	yes
tailscale_hostname	Display name for instance in Tailscale dashboard	`string`	n/a	yes
tailscale_oauth_client_id	Tailscale OAuth client ID.	`string`	n/a	yes
tailscale_oauth_client_secret	Tailscale OAuth client secret.	`string`	n/a	yes
lightsail_availability_zone	AWS Lightsail availability zone for AWS Lightsail region.	`string`	`"a"`	no
lightsail_bundle_id	AWS Lightsail bundle ID. Determines type of instance to deploy.	`string`	`"nano_3_0"`	no
lightsail_region	AWS Lightsail region to deploy to.	`string`	`"eu-central-1"`	no
lightsail_region_friendly_name	Friendly name for AWS Lightsail region to deploy to.	`string`	`"frankfurt"`	no
lightsail_tags	A map of key-value pairs used to create AWS Lightsail instance tags. By default no tags will be created.	`map(string)`	`null`	no
tailscale_exit_node_tag	Tailscale exit node tag to associate with machine(s). Tag must be be prefixed with 'tag:'	`string`	`"tag:exit"`	no

Outputs

Name	Description
public_ip_address	AWS Lightsail instance public IP address.

Name		Name	Last commit message	Last commit date
Latest commit History 35 Commits
.devcontainer		.devcontainer
.github		.github
examples		examples
tests		tests
.gitignore		.gitignore
.terraform-docs.yml		.terraform-docs.yml
LICENSE		LICENSE
README.md		README.md
main.tf		main.tf
outputs.tf		outputs.tf
userdata.sh.tftpl		userdata.sh.tftpl
variables.tf		variables.tf
versions.tf		versions.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

terraform-aws-lightsail-tailscale-exit-node

Usage

Single exit node

Multiple exit nodes

ACL with multiple exit nodes

Requirements

Providers

Resources

Inputs

Outputs

About

Uh oh!

Releases 7

Packages

Uh oh!

Contributors 2

Uh oh!

Languages

License

bendwyer/terraform-aws-lightsail-tailscale-exit-node

Folders and files

Latest commit

History

Repository files navigation

terraform-aws-lightsail-tailscale-exit-node

Usage

Single exit node

Multiple exit nodes

ACL with multiple exit nodes

Requirements

Providers

Resources

Inputs

Outputs

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 7

Packages 0

Uh oh!

Contributors 2

Uh oh!

Languages

Packages