terraform module for a tailscle host
Configure your tailscal provider with the following env vars:
TAILSCALE_OAUTH_CLIENT_ID
TAILSCALE_OAUTH_CLIENT_SECRET
add the following to your provider block:
provider "tailscale" {}Ensure the tags passed in to input_tags are valid for the oauth client you created.
This module is currently only tested to run in a public subnet.
| Name | Version |
|---|---|
| terraform | >=1.5.6 |
| aws | >= 5.20 |
| tailscale | 0.15.0 |
| Name | Version |
|---|---|
| aws | 5.40.0 |
| tailscale | 0.15.0 |
| Name | Source | Version |
|---|---|---|
| ebs_kms_key | terraform-aws-modules/kms/aws | 2.2.1 |
| Name | Type |
|---|---|
| aws_instance.bastion_host_ec2 | resource |
| aws_security_group.allow_bastion_ssh_sg | resource |
| tailscale_tailnet_key.bastion_key | resource |
| aws_ami.amazon2 | data source |
| aws_caller_identity.current | data source |
| aws_iam_session_context.current | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| accept_dns | For EC2 instances it is generally best to let Amazon handle the DNS configuration, not have Tailscale override it | bool |
false |
no |
| advertised_routes | List of advertised routes for the bastion host | list(string) |
n/a | yes |
| name | Stack name to use in resource creation | string |
n/a | yes |
| subnet_id | Subnet in which to dpeloy the ec2 instance | string |
n/a | yes |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
| vpc_id | VPC ID | string |
n/a | yes |
| Name | Description |
|---|---|
| incoming_security_group_id | Security group ID for bastion sg |
| instance_id | n/a |