Deploys a AWS Bastion Host preconfigured for Tailscale access.

Related tags

Learning resource bastion aws cdk tailscale
Overview

cdk-tailscale-bastion

GitHub Workflow Status npm

This packages creates an AWS Bastion configured for Tailscale. This covers steps 1,2 & 4 of the Tailscale RDS guide.

You may find this package useful if you need high performance access to internal resources (ie RDS) without the overhead & limitations of Session Manager.

Installation

npm i cdk-tailscale-bastion -D

Instructions

The Tailscale Auth key should be passed in via parameter store or secrets manager and NOT hardcoded in your application.

import { TailscaleBastion } from 'cdk-tailscale-bastion';

// Secrets Manager
const secret = Secret.fromSecretNameV2(stack, 'ApiSecrets', 'tailscale').secretValueFromJson('AUTH_KEY');
// Systems Manager Parameter Store
const altSecret = SecretValue.ssmSecure('/tsauth');

new TailscaleBastion(stack, 'Sample-Bastion', {
  vpc,
  tailScaleAuthKey: secret,
});

Whatever resource you intend to reach should permit connections from the bastion on the relevant port, naturally.

Tailscale Auth Key

I recommend generating an Ephemeral key that includes the bastion as a tag for ease of teardown and tracking:

Tailscale Configuration

Once deployed, unless you have auto approval enabled, you'll need to manually enable the subnet routes in the tailscale console.

You'll also need to setup the nameserver. The bastion construct conveniently outputs the settings you require for Tailscale's DNS configuration:

Given your configuration is correct, a direct connection to your internal resources should now be possible.

You might also like...

A solid create-remix app, that applies best practices into a clean, batteries included template. SQLite version. Deploys to Fly.io

A solid create-remix app, that applies best practices into a clean, batteries included template. SQLite version. Deploys to Fly.io

Remix Barebones Stack npx create-remix --template dev-xo/barebones-stack A solid create-remix app, that follows community guidelines and applies best

Dec 30, 2022

An Open Source Remix template that integrates Stripe Subscriptions, Social Authentication, Testing and a few more features. PostgreSQL version. Deploys to Fly.io

An Open Source Remix template that integrates Stripe Subscriptions, Social Authentication, Testing and a few more features. PostgreSQL version. Deploys to Fly.io

Live Demo · Twitter An open source Remix Stack that integrates Stripe Subscriptions, Social Authentication, Testing and a few more features. PostgreSQ

Dec 7, 2022

An Open Source Remix template that integrates Stripe Subscriptions, Social Authentication, Testing and a few more features. SQLite version. Deploys to Fly.io

An Open Source Remix template that integrates Stripe Subscriptions, Social Authentication, Testing and a few more features. SQLite version. Deploys to Fly.io

Live Demo · Twitter An Open Source Remix template that integrates Stripe Subscriptions, Social Authentication, Testing and a few more features. SQLite

Dec 31, 2022

A testing focused Remix Stack, that integrates E2E & Unit testing with Playwright, Vitest, MSW and Testing Library. Driven by Prisma ORM. Deploys to Fly.io

A testing focused Remix Stack, that integrates E2E & Unit testing with Playwright, Vitest, MSW and Testing Library. Driven by Prisma ORM. Deploys to Fly.io

Live Demo · Twitter A testing focused Remix Stack, that integrates E2E & Unit testing with Playwright, Vitest, MSW and Testing Library. Driven by Pris

Oct 31, 2022

A serverless AWS expense tracker API. AWS Lambda functions, API gateway, and Dynamodb are among the ingredients.

AWS-Serverless-API A serverless AWS expense tracker API. AWS Lambda functions API gateway Dynamodb Endpoints Create a new expense: Method: POST Body f

Jul 16, 2022

Everynode allows you to run any version of Node.js in AWS Lambda, in any commercial AWS region

Everynode allows you to run any version of Node.js in AWS Lambda, in any commercial AWS region

Run Any Node.js Version in AWS Lambda Everynode allows you to run any version of Node.js in AWS Lambda, in any commercial AWS region. We add support f

Dec 15, 2022

Deploy an Architect project from GitHub Actions with keys gathered from aws-actions/configure-aws-credentials

Deploy an Architect project from GitHub Actions with keys gathered from a specific AWS IAM Role federated by an IAM OIDCProvider. CloudFormation to cr

Apr 6, 2022

A monorepo that uses the AWS Cloud Development Kit to deploy and configure nanomdm on AWS lambda.

NanoMDM on AWS This repo builds and configures a nanomdm server to run on AWS lambda. It uses the Cloud Development Kit and tries to follow best pract

May 26, 2022

a stack-separated way to bringing together common AWS services useful in a fullstack application that uses AWS Amplify libraries

Fullstack CDK Helpers This project helps developers create common AWS services that are useful in creating fullstack applications. Backend services ar

Nov 26, 2022
Comments
  • Create support for incoming routes

    Create support for incoming routes

    It would be great to be able to accept routes from the tailscale network from other subnet routers.

    Two things need to be added:

    1. The tailscale daemon needs to accept incoming routes
    2. the VPC route table should be changed to route certain networks through this bastion
    opened by hoegertn 1
Releases(v1.5.0)
Owner
JT
Career .NET & Vue.js Developer
JT
GitHub
Under the Sea is an official AWS workshop delivered by AWS SAs and AWS Partners to help customers and partners to learn about AIOps with serverless architectures on AWS.

Under the Sea - AIOps with Serverless Workshop Under the Sea is an exciting MMORPG developed by the famous entrepreneur behind Wild Rydes, the most po

AWS Samples 4 Nov 16, 2022
A robust, secure, and easily deployable image resizing service that resizes, optimizes, and caches images on "the edge," on the fly, built on AWS Serverless technologies. Served by CloudFront via an Origin Access Identity. Executed on Lambda@Edge. Backed by S3. Protected by AWS WAF. Provisioned via CloudFormation. Deployed by the AWS SAM CLI.

Image Flex A robust, secure, and easily deployable image resizing service that resizes, optimizes, and caches images on "the edge," on the fly, built

Horace Nelson 89 Dec 20, 2022
Learn Web 2.0 and Web 3.0 Development using Next.js, Typescript, AWS CDK, AWS Serverless, Ethereum and AWS Aurora Serverless

Learn Web 2.0 Cloud and Web 3.0 Development in Baby Steps In this course repo we will learn Web 2.0 cloud development using the latest state of the ar

Panacloud Multi-Cloud Internet-Scale Modern Global Apps 89 Jan 3, 2023
MerLoc is a live AWS Lambda function development and debugging tool. MerLoc allows you to run AWS Lambda functions on your local while they are still part of a flow in the AWS cloud remote.

MerLoc MerLoc is a live AWS Lambda function development and debugging tool. MerLoc allows you to run AWS Lambda functions on your local while they are

Thundra 165 Dec 21, 2022
AWS Lambda & Serverless - Developer Guide with Hands-on Labs. Develop thousands line of aws lambda functions interact to aws serverless services with real-world hands-on labs

AWS Lambda & Serverless - Developer Guide with Hands-on Labs UDEMY COURSE WITH DISCOUNTED - Step by Step Development of this Repository -> https://www

awsrun 35 Dec 17, 2022
Grupprojekt för kurserna 'Javascript med Ramverk' och 'Agil Utveckling'

JavaScript-med-Ramverk-Laboration-3 Grupprojektet för kurserna Javascript med Ramverk och Agil Utveckling. Utvecklingsguide För information om hur utv

Svante Jonsson IT-Högskolan 3 May 18, 2022
Hemsida för personer i Sverige som kan och vill erbjuda boende till människor på flykt

Getting Started with Create React App This project was bootstrapped with Create React App. Available Scripts In the project directory, you can run: np

null 4 May 3, 2022
Kurs-repo för kursen Webbserver och Databaser

Webbserver och databaser This repository is meant for CME students to access exercises and codealongs that happen throughout the course. I hope you wi

null 14 Jan 3, 2023
A Tauri + Next.js (SSG) template, with TailwindCSS, opinionated linting, and GitHub Actions preconfigured

Tauri + Next.js Template This is a Tauri project template using Next.js, bootstrapped by combining create-next-app and create tauri-app. This template

Kevin Xiao 58 Dec 30, 2022
NoExGen is a node.js express application generator with modern folder structure, namespace/project mapping and much more! It contains preconfigured Settings and Routing files, ready to be used in any project.

Installation $ npm install -g noexgen Quick Start You can use Node Package Execution to create your node-express application as shown below: Create th

Souvik Sen 7 Oct 8, 2022