import { TailscaleBastion } from 'cdk-tailscale-bastion'
new TailscaleBastion(scope: Construct, id: string, props: TailscaleBastionProps)
Name | Type | Description |
---|---|---|
scope |
constructs.Construct |
No description. |
id |
string |
No description. |
props |
TailscaleBastionProps |
No description. |
- Type: constructs.Construct
- Type: string
- Type: TailscaleBastionProps
Name | Description |
---|---|
toString |
Returns a string representation of this construct. |
public toString(): string
Returns a string representation of this construct.
Name | Description |
---|---|
isConstruct |
Checks if x is a construct. |
import { TailscaleBastion } from 'cdk-tailscale-bastion'
TailscaleBastion.isConstruct(x: any)
Checks if x
is a construct.
Use this method instead of instanceof
to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs
library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct
in each copy of the constructs
library
is seen as a different class, and an instance of one class will not test as
instanceof
the other class. npm install
will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof
will behave
unpredictably. It is safest to avoid using instanceof
, and using
this type-testing method instead.
- Type: any
Any object.
Name | Type | Description |
---|---|---|
node |
constructs.Node |
The tree node. |
bastion |
aws-cdk-lib.aws_ec2.BastionHostLinux |
No description. |
public readonly node: Node;
- Type: constructs.Node
The tree node.
public readonly bastion: BastionHostLinux;
- Type: aws-cdk-lib.aws_ec2.BastionHostLinux
import { SecretsManagerAuthKey } from 'cdk-tailscale-bastion'
const secretsManagerAuthKey: SecretsManagerAuthKey = { ... }
Name | Type | Description |
---|---|---|
key |
string |
The key of the auth key value located within the provided secret. |
secret |
aws-cdk-lib.aws_secretsmanager.ISecret |
Secret manager location where the tailscale auth key is stored. |
public readonly key: string;
- Type: string
The key of the auth key value located within the provided secret.
public readonly secret: ISecret;
- Type: aws-cdk-lib.aws_secretsmanager.ISecret
Secret manager location where the tailscale auth key is stored.
Must be in the standard key/value JSON format.
import { TailscaleBastionProps } from 'cdk-tailscale-bastion'
const tailscaleBastionProps: TailscaleBastionProps = { ... }
Name | Type | Description |
---|---|---|
tailscaleCredentials |
TailscaleCredentials |
Credential settings for the tailscale auth key. |
vpc |
aws-cdk-lib.aws_ec2.IVpc |
VPC to launch the instance in. |
additionalInit |
aws-cdk-lib.aws_ec2.InitElement[] |
Additional cloudformation init actions to perform during startup. |
advertiseRoute |
string |
Advertise a custom route instead of using the VPC CIDR, used for Tailscale 4via6 support. |
availabilityZone |
string |
In which AZ to place the instance within the VPC. |
cachedInContext |
boolean |
Setting this to true will result in the Amazon Linux AMI being cached in cdk.context.json and prevent the instance being replaced when the image is updated. Enable this if you'd like to use non-reusable Tailscale keys, or you'd prefer the instance to remain stable. Keep in mind that the AMI will grow old over time and is it your responsibility to evict it from the context. |
cpuType |
aws-cdk-lib.aws_ec2.AmazonLinuxCpuType |
CPU Type of the instance. |
incomingRoutes |
string[] |
List of incoming routes from Tailscale network. |
instanceName |
string |
The name of the instance. |
instanceType |
aws-cdk-lib.aws_ec2.InstanceType |
Type of instance to launch. |
securityGroup |
aws-cdk-lib.aws_ec2.ISecurityGroup |
Security Group to assign to this instance. |
subnetSelection |
aws-cdk-lib.aws_ec2.SubnetSelection |
Select the subnets to run the bastion host in. |
public readonly tailscaleCredentials: TailscaleCredentials;
- Type: TailscaleCredentials
Credential settings for the tailscale auth key.
One type must be used. Ephemeral keys are recommended.
public readonly vpc: IVpc;
- Type: aws-cdk-lib.aws_ec2.IVpc
VPC to launch the instance in.
public readonly additionalInit: InitElement[];
- Type: aws-cdk-lib.aws_ec2.InitElement[]
Additional cloudformation init actions to perform during startup.
public readonly advertiseRoute: string;
- Type: string
Advertise a custom route instead of using the VPC CIDR, used for Tailscale 4via6 support.
public readonly availabilityZone: string;
- Type: string
- Default: Random zone.
In which AZ to place the instance within the VPC.
public readonly cachedInContext: boolean;
- Type: boolean
- Default: false
Setting this to true will result in the Amazon Linux AMI being cached in cdk.context.json
and prevent the instance being replaced when the image is updated. Enable this if you'd like to use non-reusable Tailscale keys, or you'd prefer the instance to remain stable. Keep in mind that the AMI will grow old over time and is it your responsibility to evict it from the context.
public readonly cpuType: AmazonLinuxCpuType;
- Type: aws-cdk-lib.aws_ec2.AmazonLinuxCpuType
- Default: AmazonLinuxCpuType.X86_64
CPU Type of the instance.
public readonly incomingRoutes: string[];
- Type: string[]
- Default: none
List of incoming routes from Tailscale network.
VPC route table will get these targets added.
public readonly instanceName: string;
- Type: string
- Default: 'BastionHostTailscale'
The name of the instance.
public readonly instanceType: InstanceType;
- Type: aws-cdk-lib.aws_ec2.InstanceType
- Default: 't3.nano'
Type of instance to launch.
public readonly securityGroup: ISecurityGroup;
- Type: aws-cdk-lib.aws_ec2.ISecurityGroup
- Default: create new security group with no inbound and all outbound traffic allowed
Security Group to assign to this instance.
public readonly subnetSelection: SubnetSelection;
- Type: aws-cdk-lib.aws_ec2.SubnetSelection
- Default: PUBLIC subnets of the supplied VPC
Select the subnets to run the bastion host in.
PUBLIC subnets are used by default to allow for a direct Tailscale connection. DERP nodes will be used in a private subnet.
import { TailscaleCredentials } from 'cdk-tailscale-bastion'
const tailscaleCredentials: TailscaleCredentials = { ... }
Name | Type | Description |
---|---|---|
secretsManager |
SecretsManagerAuthKey |
Fetches the Auth Key from secrets manager. |
unsafeString |
string |
Provides an auth key as a plaintext string. |
public readonly secretsManager: SecretsManagerAuthKey;
- Type: SecretsManagerAuthKey
Fetches the Auth Key from secrets manager.
This value will be fetched during bastion startup.
public readonly unsafeString: string;
- Type: string
Provides an auth key as a plaintext string.
This option will expose the auth key in your CDK template and should only be used with non-reusable keys. Potentially useful for DevOps runbooks and temporary instances.
The cachedInContext
configuration option might be relevant to you if you use this parameter.