/connecti

A command line tool to quickly create a connection to cloud infrastructure

Primary LanguageGoMIT LicenseMIT

connecti

connecti is a command line tool to quickly connect you to cloud infrastructure via Tailscale

About

If you're provisioning cloud infrastructure correctly, you'll provision sensitive services in private subnets. This means they're often not routable from your machine or your CI/CD infrastructure, which means automating processes and using infrastructure as code tools can be difficult.

Tailscale is a VPN service that allows you to quickly connect to remote infrastructure without the need to punch holes inside your security posture. It supports quickly spinning up nodes that will advertise routes as well, making it ideal for "ephemeral" VPN infrastructure.

connecti uses Pulumi's Automation API to take the pain out of provisioning the infrastructure needed to provision the VPN. It declaratively creates Tailscale API keys, stores them in the cloud provider's secret store, and then creates a small compute node for which to advertise routes for you.

**This is not intended to be used as a production tool!*Its main purpose is for you to quickly debug things or provision infrastructure during automated processes.

Installing

OS X

Homebrew

connecti is installed into a homebrew tap. You can install it via:

brew install jaxxstorm/tap/connecti

Manually

Coming Soon

Windows

Scoop

If you're a scoop user, you can install scoop by adding the bucket:

scoop bucket add jaxxstorm https://github.com/jaxxstorm/scoop-bucket.git

then installing directly from the bucket

scoop install connecti

Manually

Coming Soon

Usage

Prerequisites

Tailscale

connecti uses Tailscale to create tunneled connections. You need to have Tailscale installed and have created a TailNet.

You can follow the getting started docs here

You'll also need an API key. You can get a Tailscale API key from here

Pulumi

connecti uses Pulumi's automation API. You'll need to ensure you have the Pulumi CLI installed and be logged into a state backend.

Installation docs for your operating system can be found here

Once you've installed the Pulumi CLI, you'll need to choose a valid backend. The easiest backend to use is the Pulumi Service backend. Just run the login command, and create an account:

pulumi login

Individual accounts are free forever.

If you don't wish to use the Pulumi service, there are other options.

The second easiest backend to use is the Local Backend

pulumi login --local

Cloud Provider

Before using connecti - you'll need to make sure you have valid cloud provider credentials for the account you wish to use. The mechanism you'll use to provision credentials will be different depending on your cloud provider and authentication mechanism. See the provider-specific documentation below.

You'll need then to sign up to Tailscale and create a "Tailnet". Information on how to do this will depend on your operating system. Tailscale offers a generous free tier for individuals.

Once you've created your Tailnet, you'll need to make a note of the name from here.

Finally, you'll also need a Tailscale API key, to allow you to create resources in Tailscale. You can provision an API key from here

Provisioning

Provisioning your infrastructure will depend on the cloud provider you're using. At the time of writing, connecti supports the following cloud providers:

Cloud Provider Usage Documentation
AWS Docs
Azure Docs
Kubernetes Docs

Configuration

connecti has a configuration file that you can specify when you run the program using the --config flag or you can store it in the default location ${HOME}/.connecti.yaml.

The configuration file allows you to store common configurations so you don't have to specify them as command line flags:

tailnet: "my-tailnet"
aws:region: "us-west-2"
azure:location: "WestUS2"

You can also specify configuration values as environment variables. The full list of configuration values and environment variables is as follows:

Environment Variables Configuration Example
TAILSCALE_API_KEY apiKey tskey-
TAILSCALE_TAILNET tailnet my-cool-tailnet
AWS_REGION aws:region us-west-2
ARM_LOCATION azure:region WestUS2

Caveats

Coming soon