Installing the Tines Tunnel on AWS Fargate | Docs

💡Note

Step 1. Prepare the tines-tunnel Docker image for upload to AWS ECR

Again, to make things a little easier, we copy the image from Docker Hub into an ECR repository:

aws ecr create-repository --repository-name tines-tunnel

# Replace this with the address of the registry output in the previous command:
REGISTRY=306378194054.dkr.ecr.eu-west-1.amazonaws.com

aws ecr get-login-password --region eu-west-1 | \
  docker login --username AWS --password-stdin $REGISTRY

TUNNEL_IMAGE=tines-tunnel:latest

docker pull tines/$TUNNEL_IMAGE
docker tag tines/$TUNNEL_IMAGE $REGISTRY/$TUNNEL_IMAGE
docker push $REGISTRY/$TUNNEL_IMAGE

Step 2. Create and upload the .env file to S3

# Replace this with your own unique bucket name:
ENV_FILE_S3_BUCKET=tines-tunnel-env

# Replace this with the name of AWS region you're running Tines in:
AWS_REGION=eu-west-1

aws s3api create-bucket \
  --bucket $ENV_FILE_S3_BUCKET \
  --region $AWS_REGION \
  --create-bucket-configuration "LocationConstraint=$AWS_REGION"

aws s3api put-public-access-block \
  --bucket $ENV_FILE_S3_BUCKET \
  --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"

cat << EOF > tines-tunnel.env

# Copy this variable from https://<your-tenant>.tines.com/admin/tunnel
# Make sure to remove any quote characters from the value
TINES_TUNNEL_SECRET=...

EOF

aws s3 cp tines-tunnel.env s3://$ENV_FILE_S3_BUCKET/tines-tunnel.env

Step 3. Create the IAM roles for running the containers

# This only needs to be create once for an AWS account - if you're already using ECS, you can skip this command:
aws iam create-service-linked-role \
  --aws-service-name ecs.amazonaws.com

aws iam create-role \
  --role-name tinesTunnelTaskExecutionRole \
  --assume-role-policy-document '{ "Version": "2012-10-17", "Statement": [{ "Sid": "", "Effect": "Allow", "Principal": { "Service": "ecs-tasks.amazonaws.com" }, "Action": "sts:AssumeRole" }]}'

aws iam attach-role-policy \
  --role-name tinesTunnelTaskExecutionRole \
  --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy

# Replace this with the name of the bucket you created in step B2:
ENV_FILE_S3_BUCKET="tines-tunnel-env"

aws iam put-role-policy \
  --role-name tinesTunnelTaskExecutionRole \
  --policy-name TinesEnvAccess \
  --policy-document '{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["s3:GetObject"], "Resource": ["arn:aws:s3:::'$ENV_FILE_S3_BUCKET'/tines-tunnel.env"]}, { "Effect": "Allow", "Action": ["s3:GetBucketLocation"], "Resource": ["arn:aws:s3:::'$ENV_FILE_S3_BUCKET'"]}]}'

Step 4. Prepare a security group

aws ec2 create-security-group \
  --group-name tines-tunnel \
  --description "tines-tunnel container security group for the Tines Tunnel application"

Step 5. Create the ECS task definitions and cluster

aws logs create-log-group --log-group-name tines-tunnel

# Replace this with the ARN of the role you created in step B3:
EXECUTION_ROLE_ARN=arn:aws:iam::306378194054:role/tinesTunnelTaskExecutionRole

# Replace this with the address of the registry created in step B1:
REGISTRY=306378194054.dkr.ecr.eu-west-1.amazonaws.com

# Replace this with the name of the image you added to the registry in step B1:
IMAGE=tines-tunnel:latest

# Replace this with the name of the bucket you created in step B2:
ENV_FILE_S3_BUCKET=tines-tunnel-env

# Replace this with the name of AWS region you're running Tines in:
AWS_REGION=eu-west-1

aws ecs register-task-definition \
  --family "tines-tunnel" \
  --memory 2048 \
  --network-mode awsvpc \
  --cpu 1024 \
  --execution-role-arn $EXECUTION_ROLE_ARN \
  --container-definitions '[{"name": "tines-tunnel", "image": "'$REGISTRY'/'$IMAGE'", "environmentFiles": [{"value": "arn:aws:s3:::'$ENV_FILE_S3_BUCKET'/tines-tunnel.env", "type": "s3"}], "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "tines-tunnel", "awslogs-region": "'$AWS_REGION'", "awslogs-stream-prefix": "tines" }}}]'

aws ecs create-cluster --cluster-name tines-tunnel

Step 6. Start the service

# Replace these with the IDs of two subnets from your VPC:
SUBNET_IDS=subnet-606e7706,subnet-bd5bb2f6

# Replace this with the ID of the tines-tunnel security group created above:
SECURITY_GROUP_ID=sg-01eb5f237d80b8458

aws ecs create-service \
  --cluster tines-tunnel \
  --service-name tines-tunnel \
  --task-definition tines-tunnel:1 \
  --desired-count 1 \
  --launch-type "FARGATE" \
  --network-configuration "awsvpcConfiguration={subnets=[$SUBNET_IDS],securityGroups=[$SECURITY_GROUP_ID],assignPublicIp=ENABLED}"

Meet the product

Cases

Workbench

AI in Tines

Build apps

What’s new?

By product

Professional services

Partners

Tines Blog →

Case studies

Library

University

Tines Explained ↗

Customer center

About

Careers

Contact

Slack Community ↗

Newsroom

💡Note

Step 1. Prepare the tines-tunnel Docker image​ for upload to AWS ECR​

Step 2. Create and upload the .env file to S3​

Step 3. Create the IAM roles for running the containers​ ​

Step 4. Prepare a security group​

Step 5. Create the ECS task definitions and cluster​​

Step 6. Start the service​ ​

Tines Explained ^↗

Slack Community ^↗

Step 1. Prepare the tines-tunnel Docker image for upload to AWS ECR

Step 2. Create and upload the .env file to S3

Step 3. Create the IAM roles for running the containers

Step 4. Prepare a security group

Step 5. Create the ECS task definitions and cluster

Step 6. Start the service