Skip to main content

Tailscale + Indent Webhook

This guide explains how to deploy an Indent webhook to the cloud for managing access to Tailscale Groups for a single Tailnet. This webhook can be run as an AWS Lambda.

Take a look at the direct code examples that run in these webhooks:

This page assumes that you or someone on your team has already completed the Quickstart. If you haven't already, we would recommend you check it out - it should take 5 minutes. By the end you should have a working Space you can integrate with this webhook.

Prerequisites

Overview

We're going to pull Tailscale Groups into Indent (optionally, you can import groups manually) then set up automated change management. This webhook can only be deployed as an AWS Lambda.

Step 0: Configure your cloud provider#

Let's get all the AWS-specific items ready before getting started:

Step 1: Deploy the pull update webhook#

  1. Sign into your Indent Space.
  2. Navigate to your Webhooks.
  3. Click +New and start configuring a new Webhook.
    • Select Pull update, in the Kind of Webhook dropdown.
    • Under Supported Kind of Resource select Tailscale Group or type tailscale.v1.Group.
    • Turn off testing mode.
    • Click Create Webhook > at the bottom. You'll come back to this page in the next step to get the Signing Secret.

Download the example:

curl https://codeload.github.com/indentapis/examples/tar.gz/main | tar -xz --strip=3 examples-main/webhooks/pull/terraform-aws-tailscale-pull-webhook
cd terraform-aws-tailscale-pull-webhook

Follow the instructions in the GitHub README to complete the deployment process.

  1. After you finish deploying your webhook, enter the HTTP endpoint from AWS Lambda as the Webhook URL field in your new Webhook.
  2. Save the Webhook
  3. Go to your Resources and click the dropdown arrow next to New
  4. Select Pull Update and a modal window appears with a list of resources you can pull
  5. Choose the slider for Tailscale Groups then press Start Pulling Updates

The webhook will update your Resources with all the Tailscale Groups for your Tailnet. Now when you search "tailscale" on the Resources page search bar, you will see all your Tailscale Groups as available Resources. Next, you'll automate group membership changes when access is granted or revoked.

Step 3: Deploy the change webhook#

Download the example:

curl https://codeload.github.com/indentapis/examples/tar.gz/main |tar -xz --strip=3 examples-main/webhooks/change/terraform-aws-tailscale-webhook
cd terraform-aws-tailscale-webhook

Follow the instructions in the GitHub README to complete the deployment process, then save the new webhook in your Indent configuration.

Step 4: Configure your Indent policies#

  1. Click Apps in the Indent Dashboard and click on your communication app.

  2. Open Access Request Rules and add tailscale.v1.Group to the "Kinds of Resources," your app can manage.

    • Alternatively, you can add individual Groups based on Resource ID in this section.
  3. Configure the approvers for granting access to your Tailscale Groups.

Step 5: Make a test request#

  1. Go to Request Access.
  2. Select your Tailscale Group from the dropdown and enter a reason for access.
  3. Once the access is approved, check the group's page to confirm membership.

Congrats! You’ve just configured requesting and managing Tailscale Group access with Indent.


Import groups manually#

  1. Sign into your Indent Space.
  2. Go to your Resources.
  3. Click +New to create a new Resource:
    • Under Resource Kind, type in "tailscale.v1.Group"
    • Enter the name of your Tailscale Group
    • Under Resource ID enter the group name as "group:name"