Kill the Tags: Programmatic ACL Generation for Just-in-Time Autonomous Fleet Access

Kill the Tags: Programmatic ACL Generation for Just-in-Time Autonomous Fleet Access

Kill the Tags: Programmatic ACL Generation for Just-in-Time Autonomous Fleet Access

In this talk, we share how we generate ACL rules on demand with our ACL Syncer. We will walk through the architecture of this AWS Lambda-based service, which evaluates real-time security approvals and fleet composition every minute to push dynamically generated rules directly to the Tailscale API.

This architecture allows us to bypass tag limitations, grant access only to the exact devices needed, and maintain ultimate flexibility in our JIT access model.