Skip to content
A cute hedgehog picking up a building block Stackattack

twingateConnector

View Source

Twingate connectors provide secure zero-trust network access to private resources in AWS. Stackattack deploys Twingate connectors as ECS services to create encrypted tunnels between your Twingate network and AWS VPC.

import * as saws from "@stackattack/aws";


const ctx = saws.context();
const vpc = saws.vpc(ctx);
const cluster = saws.cluster(ctx, { network: vpc.network("private") });
const connector = saws.twingateConnector(ctx, {
  network: vpc.network("private"),
  cluster,
  twingateNetwork: "your-network-name",
  twingateAccessToken: "your-access-token",
  twingateRefreshToken: "your-refresh-token"
});

Usage

Section titled “Usage”

After deploying your Twingate connector, you should see your network available in the Twingate admin console.

You will be able to access the resources from your VPC from your local machine after installing and configuring the client.

Section titled “Related Components”

Twingate connectors work with other Stackattack components:

  • vpc - Provides the private network where the connector runs
  • cluster - Provides compute capacity for the connector service
  • service - Base service component that runs the Twingate container

Costs

Section titled “Costs”

Twingate connector costs are usage-based and include:

  • ECS Task: ~$15-30/month for a single connector (2GB RAM, 1 vCPU)
  • Data Transfer: Standard AWS data transfer rates apply for traffic through the connector
  • Twingate Licensing: Separate subscription cost based on your Twingate plan

The connector runs continuously to maintain the secure tunnel, so costs are predictable monthly charges rather than per-connection billing.

twingateConnector

Section titled “twingateConnector”

Creates a Twingate connector service that provides secure zero-trust network access.

The connector runs as an ECS service and creates an encrypted tunnel between your Twingate network and AWS VPC, allowing secure access to private resources.

function twingateConnector(ctx: Context, args: TwingateConnectorArgs): ServiceOutput

Parameters

Section titled “Parameters”
  • ctx (Context) - The Stackattack context for resource configuration
  • args (TwingateConnectorArgs) - Configuration options for the Twingate connector

Returns

Section titled “Returns”
  • (ServiceOutput) - Creates a Twingate connector service that provides secure zero-trust network access.

The connector runs as an ECS service and creates an encrypted tunnel between your Twingate network and AWS VPC, allowing secure access to private resources.

Interfaces

Section titled “Interfaces”

TwingateConnectorArgs

Section titled “TwingateConnectorArgs”

Configuration options for creating a Twingate connector.

Properties

Section titled “Properties”
  • cluster (Input<ClusterResourcesInput>) - The ECS cluster that will host the Twingate connector service
  • connectionLogs? (boolean) - Enable detailed connection logging and analytics (default: false)
  • customDnsServer? (Input<string>) - Optional custom DNS server IP address for the connector to use
  • network (NetworkInput) - The VPC network where the Twingate connector will run
  • noPrefix? (boolean) - Skip adding ‘twingate’ prefix to resource names (default: false)
  • twingateAccessToken (Input<string>) - Twingate service account access token for connector authentication
  • twingateNetwork (Input<string>) - Your Twingate network name (found in Twingate Admin Console)
  • twingateRefreshToken (Input<string>) - Twingate service account refresh token for token renewal