Setting up an EC2 Instance as an Inlets Exit Node
Inlets is a fairly new project that allows you to setup reverse proxy, websocket tunnels, or other endpoints to the public internet, it is similar to ngrok. The video overview from Alex Ellis shows how simple it makes setting up the environment.
Also, there are scripts in the Inlets repository to provision DigitalOcean droplets. Let’s setup an AWS EC2 instance, though AWS is more expensive than DO, it’s obviously a popular platform. The steps below are required to setup an AWS VPC and related networking before launching our instance.
In this blog post we’ll set up an exit node using the AWS CLI, then make it simpler with Terraform.
Using the AWS CLI
Here is an example of the commands that would need to be run from the AWS CLI if you wanted to use that method for starting up the EC2 instance. (Note: Do not copy all these commands directly, many of them reference objects in my AWS account such as VPC IDs, SG IDs etc. and which were removed after this blog post was written.)
That’s a lot of typing to setup an AWS instance before deploying the inlets project. Lets see if we can do this with less effort using Terraform.
The terraform equivalent to setup an EC2 instance with all the plumbing is quite a bit more concise. You can view the Terraform I wrote in this repository.
Note: We don’t create an AWS keypair in Terraform, I consider that bad form.
In order to avoid any security concerns we expect that you use a keypair
previously generated or uploaded to your AWS account. You can use the
aws ec2 create-key-pair command above as an example if you want
to use the CLI.
- An AWS account
- An AWS Keypair
Prepare to run terraform
These steps include:
- Install terraform
- Clone the inlets-aws-terraform
git clone https://github.com/mbacchi/inlets-aws-terraform)
- Export environment variables for your AWS_PROFILE and AWS_REGION. This looks
export AWS_PROFILE=PROFILE_NAME && export AWS_REGION=us-east-2
- Don’t forget to change the
PROFILE_NAMEin the export command above!
- Change the
key_nameon line 64 of
main.tfto the name of your own keypair!
Create the terraform plan
Create the token and run the
terraform plan command with the single command line:
This will output a file to be used in the next step, named something like:
Note: You might not have
sha256sum on your system, it can be replaced
Apply the terraform plan
Apply the plan that you created in the previous step after reviewing the plan output.
The terraform output that you see in the last few lines provides the Inlets token required by the client to authenticate with the server, and the public IP address of the EC2 instance. Use this info in the below steps.
Connecting to Inlets
Now that you have deployed the AWS infrastructure using Terraform, we will run an application locally and serve it on the public internet from the Inlets exit node.
This is documented in the Inlets README, but basically on your client machine you need an application such as a webserver running. For example my jekyll blog:
In another terminal session I can start the Inlets client:
In a web browser, I can open the url
184.108.40.206:8090 and see my
application that was running locally only.
Remove the Terraformed infrastructure
When you want to remove this infrastructure, run
terraform destroy from the
inlets-aws-terraform directory where you ran
terraform apply etc.