Skip to content

Commit 429c5ef

Browse files
clstokesclstokes
committed
aws-ec2-instance
1 parent 7eaa53f commit 429c5ef

File tree

1 file changed

+68
-23
lines changed
  • terraform/aws/aws-ec2-instance

1 file changed

+68
-23
lines changed

terraform/aws/aws-ec2-instance/main.tf

+68-23
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,40 @@
11
locals {
22
name = "example-${basename(path.cwd)}"
33

4-
tags = {
4+
aws_tags = {
55
Name = local.name
66
}
7+
8+
tailscale_acl_tags = [
9+
"tag:example-infra",
10+
"tag:example-exitnode",
11+
"tag:example-subnetrouter",
12+
"tag:example-appconnector",
13+
]
14+
tailscale_set_preferences = [
15+
"--auto-update",
16+
"--ssh",
17+
"--advertise-connector",
18+
"--advertise-exit-node",
19+
"--advertise-routes=${join(",", [
20+
local.vpc_cidr_block,
21+
])}",
22+
]
23+
24+
// Modify these to use your own VPC
25+
vpc_cidr_block = module.vpc.vpc_cidr_block
26+
vpc_id = module.vpc.vpc_id
27+
subnet_id = module.vpc.public_subnets[0]
28+
security_group_ids = [aws_security_group.tailscale.id]
29+
instance_type = "t4g.micro"
730
}
831

32+
// Remove this to use your own VPC.
933
module "vpc" {
1034
source = "../internal-modules/aws-vpc"
1135

1236
name = local.name
13-
tags = local.tags
37+
tags = local.aws_tags
1438

1539
cidr = "10.0.80.0/22"
1640

@@ -23,37 +47,58 @@ resource "tailscale_tailnet_key" "main" {
2347
preauthorized = true
2448
reusable = true
2549
recreate_if_invalid = "always"
26-
tags = [
27-
"tag:example-infra",
28-
"tag:example-exitnode",
29-
"tag:example-subnetrouter",
30-
"tag:example-appconnector",
31-
]
50+
tags = local.tailscale_acl_tags
3251
}
3352

3453
module "tailscale_aws_ec2" {
3554
source = "../internal-modules/aws-ec2-instance"
3655

3756
instance_type = "t4g.micro"
38-
instance_tags = local.tags
57+
instance_tags = local.aws_tags
3958

40-
subnet_id = module.vpc.public_subnets[0]
41-
vpc_security_group_ids = [
42-
module.vpc.tailscale_security_group_id,
43-
]
59+
subnet_id = local.subnet_id
60+
vpc_security_group_ids = local.security_group_ids
4461

4562
# Variables for Tailscale resources
46-
tailscale_hostname = local.name
47-
tailscale_auth_key = tailscale_tailnet_key.main.key
48-
tailscale_set_preferences = [
49-
"--auto-update",
50-
"--ssh",
51-
"--advertise-connector",
52-
"--advertise-exit-node",
53-
"--advertise-routes=${join(",", [module.vpc.vpc_cidr_block])}",
54-
]
63+
tailscale_hostname = local.name
64+
tailscale_auth_key = tailscale_tailnet_key.main.key
65+
tailscale_set_preferences = local.tailscale_set_preferences
5566

5667
depends_on = [
57-
module.vpc.natgw_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets
68+
module.vpc.natgw_ids, # remove if using your own VPC otherwise ensure provisioned NAT gateway is available
5869
]
5970
}
71+
72+
resource "aws_security_group" "tailscale" {
73+
vpc_id = local.vpc_id
74+
name = local.name
75+
}
76+
77+
resource "aws_security_group_rule" "tailscale_ingress" {
78+
security_group_id = aws_security_group.tailscale.id
79+
type = "ingress"
80+
from_port = 41641
81+
to_port = 41641
82+
protocol = "udp"
83+
cidr_blocks = ["0.0.0.0/0"]
84+
ipv6_cidr_blocks = ["::/0"]
85+
}
86+
87+
resource "aws_security_group_rule" "egress" {
88+
security_group_id = aws_security_group.tailscale.id
89+
type = "egress"
90+
from_port = 0
91+
to_port = 0
92+
protocol = "-1"
93+
cidr_blocks = ["0.0.0.0/0"]
94+
ipv6_cidr_blocks = ["::/0"]
95+
}
96+
97+
resource "aws_security_group_rule" "internal_vpc_ingress_ipv4" {
98+
security_group_id = aws_security_group.tailscale.id
99+
type = "ingress"
100+
from_port = 0
101+
to_port = 0
102+
protocol = "-1"
103+
cidr_blocks = [local.vpc_cidr_block]
104+
}

0 commit comments

Comments
 (0)