Install Tailscale on an AWS VM
You can install the Tailscale client on an AWS EC2 VM to connect it to your Tailscale network (known as a tailnet) and configure common features such as subnet routers, exit nodes, and app connectors.
Install manually
-
(Optional) Go to the Keys page of the admin console and select Generate auth key to create an authentication key. This allows you to add the VM to the tailnet automatically without needing to manually authenticate using your credentials.
-
SSH into your EC2 VM.
-
Install Tailscale using the following command:
curl -fsSL https://tailscale.com/install.sh | sh
-
Start the Tailscale client using one of the following commands:
- If you want to use an auth key, use the command
sudo tailscale up --auth-key=foo
wherefoo
is they auth key string that you generated in the first step. - If you do not want to use an auth key, use the command
sudo tailscale up
, copy and paste the provided URL into your web browser, then authenticate to your tailnet with your credentials.
- If you want to use an auth key, use the command
-
In the Machines page of the admin console, verify that the VM is connected to the tailnet. If the VM you added is a server, you may want to consider disabling key expiry to prevent the need to periodically re-authenticate.
Install automatically
You can use our AWS installation wizard to deploy Tailscale on an AWS VM using an AWS CloudFormation template. To do this, you will need access to an account with AWS CloudFormation console and permission to create a new stack. You can use this to launch a user-owned node, or a tagged node. We recommend using tagged nodes for shared infrastructure. For more information, see Group devices with tags.
- Go to the Machines page of the admin console. In the Add devices to your network section, select Add AWS VM.
- (Recommended) To make this a tagged node, toggle Tags to on, select Add tags, then choose the tag you want to use for the AWS VM.
- (Optional) Toggle Ephemeral to on if you want the AWS VM to be removed from your tailnet when it goes offline.
- (Optional) Toggle Use as exit node to on if you want to route tailnet traffic through your AWS VM. For more information, see Advertise an exit node.
- Select Continue to AWS. You will be redirected to the AWS CloudFormation console. If you are already authenticated, the Quick create stack page will display.
- From the CloudFormation console.
- In the Stack name field, enter a name. This serves as a description of the stack you are creating.
- (Optional) In the ExtraArgs field, specify functionality such as Tailscale SSH (
--ssh
) and a subnet router (--advertise-routes=192.0.1.0/24
), if applicable. Each functionality should be separated by a space. - (Optional) In the Hostname field, enter a name for the VM that will display in the Machines page of the admin console.
- (Optional) In the ImageId field, change if you want to use another image ID for the VM. For more information about image IDs, see Find an AMI that meets the requirements for your EC2 instance.
- (Optional) In the InstanceType field, change the VM size if you want to use a different Amazon EC2 instance.
- (Optional) In the VpcId field, enter an Amazon Virtual Private Cloud (VPC) and subnet ID if you want the VM to be provisioned in a specific VPC.
- Select Create stack to start provisioning.
- Go to the Machines page of the admin console and verify that the VM is added. It may take up to 5 minutes for a provisioned VM to join your tailnet.
Next steps
If you have not done so already, you can add the following tailnet functionality to your AWS VM.
- SSH into your VM using Tailscale SSH.
- Advertise an exit node to route traffic in your tailnet.
- Use an existing exit node in your tailnet.
- Configure a subnet router to relay access in your network, including resources where Tailscale cannot be installed.
- Configure an app connector to route application-specific traffic from the tailnet through a selected device that serves as an app connector.