This project provides an AWS CloudFormation template that deploys Headscale on an EC2 instance in a standalone VPC in your AWS account. This uses IPv6 for the endpoint, and contains two Lambda functions for working with IPv6 properties where CloudFormation does not support them natively.
- IPv6LambdaFunction: Retrieves and stores the IPv6 CIDR block of the VPC tagged with 'headscale' into an SSM parameter.
- EndpointAddressLambda: Extracts the IPv6 address of the newly created EC2 instance and makes it available for further operations.
- A VPC (
HeadscaleVpc) is configured with both IPv4 and IPv6 CIDR blocks. - An Internet Gateway and Route Tables ensure connectivity.
- Public Subnet with IPv6 support and association with the Route Table.
- Security Group (
HeadscaleSecurityGroup) allows SSH traffic from your IP address (SSHSourceparameter) and HTTPS traffic from ::/0 (any IPv6 address).
! This is under active development. You will currently need to update values in UserData before this will work for you. Headscale data is not currently retained when the EC2 instance is terminated !
Example AWS CLI command to deploy stack. Modify parameter values:
aws cloudformation create-stack --stack-name headscale --template-body file://cloudformation.yaml --capabilities CAPABILITY_NAMED_IAM --parameters ParameterKey=PublicKeyParameter,ParameterValue="ssh-ed25519 SSH-PUBLIC-KEY user@computer" ParameterKey=SSHSource,ParameterValue="0000:111:0000:3:0000:0000:0000:0000/64" ParameterKey=HostedZoneId,ParameterValue=XXXXXXXXXXXXXXXXXXXX ParameterKey=HostedZoneDomain,ParameterValue=mycooldomain.com
- Regularly update the Headscale application and underlying OS for security patches.
- Review CloudFormation Events and Logs if the stack fails to create or update.
- For issues with Headscale itself, refer to the application's documentation and logs for troubleshooting tips.