Today we’re delighted to announce the Tailscale + Indent integration. Tailscale is a popular mesh Virtual Private Network (VPN) that uses the WireGuard® protocol to provide end to end encryption for your network connections.
Using Tailscale, you can connect from your laptop to your enterprise server, even behind firewalls, without additional networking configuration. We're excited to partner with Tailscale so that members of your team can easily request, and reviewers can easily approve, time-bounded access to these resources without ever leaving Slack.
In fact, Tailscale was designed for non-technical users to be able to easily create secure VPNs. Tailscale allows you to manage remote access to your servers, computers and cloud instances, in addition to authenticating SSH connections using WireGuard®.
With the Tailscale + Indent integration, you can:
Try the interactive demo below and request access as me:
As an organization matures, engineers often go from the convenience of default admin permissions in cloud providers like AWS or GCP to needing to request permissions to prevent unapproved updates to sensitive systems.
Additionally, while engineers can use Tailscale to easily access an ephemeral EC2 or database instance, that access can unnecessarily persist on production environments. Indent is able to help solve both of these problems by eliminating the friction that comes with access control so teams can continue to move quickly.
Using Tailscale with Indent helps change those incentives. Together they enable you to have a frictionless connection flow and add additional controls and automation to ensure compliance policies are adhered to and to create an additional layer of protection. For instance, you can ratchet up the controls for production vs staging to require that requests are approved by senior engineering staff or leadership.
Let’s take an example situation where our production database seems to be responding slowly to certain queries. In order to debug what’s going on, we need to open a connection to the database and view the query logs. Before we get started, we’ll need to:
Once we've configured Tailscale and Indent, we can request access via the Slack
/access command to the group
group:prod-database that grants network connectivity for the EC2 instance with database access. Now we can use Tailscale SSH to access the RDS:
$ ssh [email protected]-db-server$ mysqlsh --uri=[email protected]-2.0129ab.us-west-2.rds.compute.internal:3306MySQL database-2.0129ab.us-west-2.rds.compute.internal:3306 ssl JS > \sqlSwitching to SQL mode... Commands end with ;MySQL database-2.0129ab.us-west-2.rds.compute.internal:3306 ssl SQL > show databases;+--------------------+| Database |+--------------------+| demo || information_schema || mysql || performance_schema || sys |+--------------------+5 rows in set (0.0297 sec)
Now we can run the troublesome query, view the logs and perform any necessary changes while securely connected to the database. Once the access grant expires, the SSH connection will be automatically terminated and we’ll get a link to quickly request again in Slack.
Using an on-call provider like PagerDuty or OpsGenie as a source of truth, you can set up a bot to check a user’s on-call status and auditable access control evidence. Setting up on-call auto approvals facilitates fast access during incidents while maintaining compliance best practices.
Follow this guide: indent.com/docs/policies/auto-approvals
Create Indent space (and choose Slack or email for notifications)
Go to indent.com/catalog/tailscale to install the integration
Start granting temporary access!