On-Demand VPN on AWS EC2 with Tailscale

First off, let me preface this post by saying: Tailscale is awesome. It's just so simple to set up.

For those not aware of what Tailscale is, I'll just summarise with the help of ChatGPT:

Tailscale is a modern, zero-config VPN built for security-conscious teams and individuals who want to have secure access to remote resources. Unlike other traditional VPN solutions, Tailscale makes it easy to securely access resources on remote networks without the need for static IPs, port forwarding, or elaborate firewall rules. Using Tailscale, users can easily create a secure and private network on top of the internet and access resources on it from anywhere in the world.

Anyway, I primarily use Tailscale as a cheap, on-demand, and quick VPN solution for getting around geoblocks and hiding/obscuring traffic from ISP. This is accomplished by using Terraform to provision all the necessary resources on AWS, and a cloud-init script to non-interactively set up Tailscale on the deployed EC2 instance.

The result is a fairly performant VPN in a region of your choice, that can be created and destroyed within < 2 minutes. It's great for anyone who are light, occasional VPN users who don't need to pay monthly for unlimited bandwidth and gazilion locations around the globe. You pay for exactly what you use.

Link: amirasyraf/tailscale-ec2-vpn

Simply run terraform apply to provision the VPN, it will automatically appear in your Tailscale client as an exit node within 2 minutes. And once you're done, run terraform destroy to remove everything.

This definitely could be made cheaper by swapping the CSP (cloud service provider) to smaller ones like Linode or DigitalOcean, considering bandwidth on AWS is especially expensive. EC2 is usually more expensive compared to even other major CSPs like GCP and Azure (I think). Definitely something I'll add in the future.