Skip to content

Commit

Permalink
aws-ec2-instance-dual-stack-ipv4-ipv6
Browse files Browse the repository at this point in the history
  • Loading branch information
@clstokes
clstokes committed Sep 16, 2024
1 parent 138e87b commit ebed1ad
Showing 1 changed file with 70 additions and 28 deletions.
98 changes: 70 additions & 28 deletions terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,40 @@
locals {
name = "example-${basename(path.cwd)}"

tags = {
aws_tags = {
Name = local.name
}

tailscale_acl_tags = [
"tag:example-infra",
"tag:example-exitnode",
"tag:example-subnetrouter",
"tag:example-appconnector",
]
tailscale_set_preferences = [
"--auto-update",
"--ssh",
"--advertise-connector",
"--advertise-exit-node",
"--advertise-routes=${join(",", [
local.vpc_cidr_block,
])}",
]

// Modify these to use your own VPC
vpc_cidr_block = module.vpc.vpc_cidr_block
vpc_id = module.vpc.vpc_id
subnet_id = module.vpc.public_subnets[0]
security_group_ids = [aws_security_group.tailscale.id]
instance_type = "t4g.micro"
}

// Remove this to use your own VPC.
module "vpc" {
source = "../internal-modules/aws-vpc"

name = local.name
tags = local.tags
tags = local.aws_tags

cidr = "10.0.80.0/22"

Expand All @@ -25,41 +49,59 @@ resource "tailscale_tailnet_key" "main" {
preauthorized = true
reusable = true
recreate_if_invalid = "always"
tags = [
"tag:example-infra",
"tag:example-exitnode",
"tag:example-subnetrouter",
"tag:example-appconnector",
]
tags = local.tailscale_acl_tags
}

module "tailscale_aws_ec2" {
source = "../internal-modules/aws-ec2-instance"

instance_type = "t4g.micro"
instance_tags = local.tags
instance_type = local.instance_type
instance_tags = local.aws_tags

subnet_id = module.vpc.private_subnets[0]
vpc_security_group_ids = [
module.vpc.tailscale_security_group_id,
]
ipv6_address_count = 1
subnet_id = local.subnet_id
vpc_security_group_ids = local.security_group_ids
ipv6_address_count = 1

# Variables for Tailscale resources
tailscale_hostname = local.name
tailscale_auth_key = tailscale_tailnet_key.main.key
tailscale_set_preferences = [
"--auto-update",
"--ssh",
"--advertise-connector",
"--advertise-exit-node",
"--advertise-routes=${join(",", [
module.vpc.vpc_cidr_block,
module.vpc.vpc_ipv6_cidr_block,
])}",
]
tailscale_hostname = local.name
tailscale_auth_key = tailscale_tailnet_key.main.key
tailscale_set_preferences = local.tailscale_set_preferences

depends_on = [
module.vpc.natgw_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets
module.vpc.natgw_ids, # remove if using your own VPC otherwise ensure provisioned NAT gateway is available
]
}

resource "aws_security_group" "tailscale" {
vpc_id = local.vpc_id
name = local.name
}

resource "aws_security_group_rule" "tailscale_ingress" {
security_group_id = aws_security_group.tailscale.id
type = "ingress"
from_port = 41641
to_port = 41641
protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}

resource "aws_security_group_rule" "egress" {
security_group_id = aws_security_group.tailscale.id
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}

resource "aws_security_group_rule" "internal_vpc_ingress_ipv4" {
security_group_id = aws_security_group.tailscale.id
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = [local.vpc_cidr_block]
}

0 comments on commit ebed1ad

Please sign in to comment.