Skip to content

Latest commit

 

History

History
415 lines (255 loc) · 15 KB

API.md

File metadata and controls

415 lines (255 loc) · 15 KB

API Reference

Constructs

TailscaleBastion

Initializers

import { TailscaleBastion } from 'cdk-tailscale-bastion'

new TailscaleBastion(scope: Construct, id: string, props: TailscaleBastionProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props TailscaleBastionProps No description.

scopeRequired
  • Type: constructs.Construct

idRequired
  • Type: string

propsRequired

Methods

Name Description
toString Returns a string representation of this construct.

toString
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.

isConstruct
import { TailscaleBastion } from 'cdk-tailscale-bastion'

TailscaleBastion.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: any

Any object.


Properties

Name Type Description
node constructs.Node The tree node.
bastion aws-cdk-lib.aws_ec2.BastionHostLinux No description.

nodeRequired
public readonly node: Node;
  • Type: constructs.Node

The tree node.


bastionRequired
public readonly bastion: BastionHostLinux;
  • Type: aws-cdk-lib.aws_ec2.BastionHostLinux

Structs

SecretsManagerAuthKey

Initializer

import { SecretsManagerAuthKey } from 'cdk-tailscale-bastion'

const secretsManagerAuthKey: SecretsManagerAuthKey = { ... }

Properties

Name Type Description
key string The key of the auth key value located within the provided secret.
secret aws-cdk-lib.aws_secretsmanager.ISecret Secret manager location where the tailscale auth key is stored.

keyRequired
public readonly key: string;
  • Type: string

The key of the auth key value located within the provided secret.


secretRequired
public readonly secret: ISecret;
  • Type: aws-cdk-lib.aws_secretsmanager.ISecret

Secret manager location where the tailscale auth key is stored.

Must be in the standard key/value JSON format.


TailscaleBastionProps

Initializer

import { TailscaleBastionProps } from 'cdk-tailscale-bastion'

const tailscaleBastionProps: TailscaleBastionProps = { ... }

Properties

Name Type Description
tailscaleCredentials TailscaleCredentials Credential settings for the tailscale auth key.
vpc aws-cdk-lib.aws_ec2.IVpc VPC to launch the instance in.
additionalInit aws-cdk-lib.aws_ec2.InitElement[] Additional cloudformation init actions to perform during startup.
advertiseRoute string Advertise a custom route instead of using the VPC CIDR, used for Tailscale 4via6 support.
availabilityZone string In which AZ to place the instance within the VPC.
cachedInContext boolean Setting this to true will result in the Amazon Linux AMI being cached in cdk.context.json and prevent the instance being replaced when the image is updated. Enable this if you'd like to use non-reusable Tailscale keys, or you'd prefer the instance to remain stable. Keep in mind that the AMI will grow old over time and is it your responsibility to evict it from the context.
cpuType aws-cdk-lib.aws_ec2.AmazonLinuxCpuType CPU Type of the instance.
incomingRoutes string[] List of incoming routes from Tailscale network.
instanceName string The name of the instance.
instanceType aws-cdk-lib.aws_ec2.InstanceType Type of instance to launch.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup Security Group to assign to this instance.
subnetSelection aws-cdk-lib.aws_ec2.SubnetSelection Select the subnets to run the bastion host in.

tailscaleCredentialsRequired
public readonly tailscaleCredentials: TailscaleCredentials;

Credential settings for the tailscale auth key.

One type must be used. Ephemeral keys are recommended.


vpcRequired
public readonly vpc: IVpc;
  • Type: aws-cdk-lib.aws_ec2.IVpc

VPC to launch the instance in.


additionalInitOptional
public readonly additionalInit: InitElement[];
  • Type: aws-cdk-lib.aws_ec2.InitElement[]

Additional cloudformation init actions to perform during startup.


advertiseRouteOptional
public readonly advertiseRoute: string;
  • Type: string

Advertise a custom route instead of using the VPC CIDR, used for Tailscale 4via6 support.


availabilityZoneOptional
public readonly availabilityZone: string;
  • Type: string
  • Default: Random zone.

In which AZ to place the instance within the VPC.


cachedInContextOptional
public readonly cachedInContext: boolean;
  • Type: boolean
  • Default: false

Setting this to true will result in the Amazon Linux AMI being cached in cdk.context.json and prevent the instance being replaced when the image is updated. Enable this if you'd like to use non-reusable Tailscale keys, or you'd prefer the instance to remain stable. Keep in mind that the AMI will grow old over time and is it your responsibility to evict it from the context.


cpuTypeOptional
public readonly cpuType: AmazonLinuxCpuType;
  • Type: aws-cdk-lib.aws_ec2.AmazonLinuxCpuType
  • Default: AmazonLinuxCpuType.X86_64

CPU Type of the instance.


incomingRoutesOptional
public readonly incomingRoutes: string[];
  • Type: string[]
  • Default: none

List of incoming routes from Tailscale network.

VPC route table will get these targets added.


instanceNameOptional
public readonly instanceName: string;
  • Type: string
  • Default: 'BastionHostTailscale'

The name of the instance.


instanceTypeOptional
public readonly instanceType: InstanceType;
  • Type: aws-cdk-lib.aws_ec2.InstanceType
  • Default: 't3.nano'

Type of instance to launch.


securityGroupOptional
public readonly securityGroup: ISecurityGroup;
  • Type: aws-cdk-lib.aws_ec2.ISecurityGroup
  • Default: create new security group with no inbound and all outbound traffic allowed

Security Group to assign to this instance.


subnetSelectionOptional
public readonly subnetSelection: SubnetSelection;
  • Type: aws-cdk-lib.aws_ec2.SubnetSelection
  • Default: PUBLIC subnets of the supplied VPC

Select the subnets to run the bastion host in.

PUBLIC subnets are used by default to allow for a direct Tailscale connection. DERP nodes will be used in a private subnet.


TailscaleCredentials

Initializer

import { TailscaleCredentials } from 'cdk-tailscale-bastion'

const tailscaleCredentials: TailscaleCredentials = { ... }

Properties

Name Type Description
secretsManager SecretsManagerAuthKey Fetches the Auth Key from secrets manager.
unsafeString string Provides an auth key as a plaintext string.

secretsManagerOptional
public readonly secretsManager: SecretsManagerAuthKey;

Fetches the Auth Key from secrets manager.

This value will be fetched during bastion startup.


unsafeStringOptional
public readonly unsafeString: string;
  • Type: string

Provides an auth key as a plaintext string.

This option will expose the auth key in your CDK template and should only be used with non-reusable keys. Potentially useful for DevOps runbooks and temporary instances.

The cachedInContext configuration option might be relevant to you if you use this parameter.