ipn/store/aws, cmd/tailscaled: add AWS SSM ipn.StateStore implementation

From https://github.com/tailscale/tailscale/pull/1919 with edits by bradfitz@. This change introduces a new storage provider for the state file. It allows users to leverage AWS SSM parameter store natively within tailscaled, like: $ tailscaled --state=arn:aws:ssm:eu-west-1:123456789:parameter/foo Known limitations: - it is not currently possible to specific a custom KMS key ID RELNOTE=tailscaled on Linux supports using AWS SSM for state Edits-By: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Maxime VISONNEAU <maxime.visonneau@gmail.com>
2025-10-24 09:39:39 +00:00 · 2021-10-12 09:51:52 -07:00
parent 1b20d1ce54
commit 4528f448d6
9 changed files with 475 additions and 1 deletions
--- a/ipn/ipnserver/server.go
+++ b/ipn/ipnserver/server.go
@@ -35,6 +35,7 @@ import (
 	"tailscale.com/ipn"
 	"tailscale.com/ipn/ipnlocal"
 	"tailscale.com/ipn/localapi"
+	"tailscale.com/ipn/store/aws"
 	"tailscale.com/log/filelogger"
 	"tailscale.com/logtail/backoff"
 	"tailscale.com/net/netstat"
@@ -638,6 +639,7 @@ func Run(ctx context.Context, logf logger.Logf, logid string, getEngine func() (
 	var store ipn.StateStore
 	if opts.StatePath != "" {
 		const kubePrefix = "kube:"
+		const arnPrefix = "arn:"
 		path := opts.StatePath
 		switch {
 		case strings.HasPrefix(path, kubePrefix):
@@ -646,6 +648,11 @@ func Run(ctx context.Context, logf logger.Logf, logid string, getEngine func() (
 			if err != nil {
 				return fmt.Errorf("ipn.NewKubeStore(%q): %v", secretName, err)
 			}
+		case strings.HasPrefix(path, arnPrefix):
+			store, err = aws.NewStore(path)
+			if err != nil {
+				return fmt.Errorf("aws.NewStore(%q): %v", path, err)
+			}
 		default:
 			if runtime.GOOS == "windows" {
 				path = tryWindowsAppDataMigration(logf, path)