Installation on AWS
TunnelHound provides pre-built AMIs to quickly deploy a TunnelHound instance on Amazon Web Services.
To launch a TunnelHound instance, find your AWS region from the list below, and click the ‘Launch AMI’ link.
| AWS Region | AMI Id | Launch link |
|---|---|---|
us-west-2 | ami-02cd846884dba9f8f | Launch AMI.. |
eu-north-1 | ami-0760d8a2c15d3f26f | Launch AMI.. |
ap-south-1 | ami-0a2a9475e3c0097c2 | Launch AMI.. |
eu-west-3 | ami-0154c42f3be122ae5 | Launch AMI.. |
eu-west-2 | ami-00306ba00eebb0238 | Launch AMI.. |
eu-west-1 | ami-0de1ac824a6b5bb10 | Launch AMI.. |
ap-northeast-2 | ami-0357a37c559ccedf9 | Launch AMI.. |
ap-northeast-1 | ami-09dc6c076880ea75b | Launch AMI.. |
sa-east-1 | ami-073df703b485afef4 | Launch AMI.. |
ca-central-1 | ami-0a88eeecb963f89ad | Launch AMI.. |
ap-southeast-1 | ami-042bb876c234708bf | Launch AMI.. |
ap-southeast-2 | ami-0d9e1c8d9d45e8dd3 | Launch AMI.. |
eu-central-1 | ami-0afc2055c862f30e8 | Launch AMI.. |
us-east-1 | ami-0258998fbfcc95d5e | Launch AMI.. |
us-east-2 | ami-02a7ded32dfabf261 | Launch AMI.. |
us-west-1 | ami-04521255b14949709 | Launch AMI.. |
Instance sizing
Amazon will want you to first select an instance size. You can change this later on, but it’s best to pick a realistic machine for your needs. See the section on system requirements to determine the best size for your use case.
IAM roles
If you’d like, TunnelHound can manage some aspects of your AWS system for you. For example, TunnelHound can use the instance IAM role to automatically open ports on the security group for your WireGuard VPN instances. If you want to enable this functionality, make sure to use an IAM role with the provided policy document.
Encryption
Because TunnelHound stores the VPN peer’s WireGuard private keys and other sensitive information, it’s highly recommended to enable EBS disk-level encryption to protect data at rest. The TunnelHound Amazon AMIs assume that the appliance is set up with EBS encryption and that the appliance is free to store sensitive data on disk.
Launching your instance
Finally, AWS will ask you to choose an SSH keypair to administer the instance. While not strictly required, it’s best to assign one anyway. This will help you log in to the machine in case something goes wrong. Also, it’ll help us serve your support requests faster.
That’s it! Once you’ve changed any other parameters you may want, click the launch instance button.
Logging in for the first time
Once your instance is reported as having started in the AWS console, make note of either the Public IP or the Public hostname. Navigate to either one in your browser, being sure to use https://, not http://.
You can now continue on with the initial setup instructions.