Cloud Provisioning
Shardlyn automates node provisioning across multiple cloud providers using Terraform. Provision new nodes directly from the dashboard without leaving the platform.
Supported Providers
| Provider | Regions | Instance Types |
|---|---|---|
| AWS EC2 | All AWS regions | t3, m5, c5, r5 families |
| GCP Compute Engine | All GCP regions | e2, n2, c2 families |
| Hetzner Cloud | Falkenstein, Nuremberg, Helsinki, Ashburn, Hillsboro | CX, CPX, CCX series |
| Oracle Cloud (OCI) | All OCI regions | VM.Standard.E4, VM.Standard.A1 (ARM) |
Provisioning Flow
Create Request → Plan → Review → Apply → Wait → Node Registered- Create Request: Specify provider, region, and instance type
- Plan: Shardlyn generates a Terraform plan showing resources to create
- Review: Examine the plan output and estimated costs
- Apply: Execute Terraform to create infrastructure
- Wait: The server boots and the Shardlyn agent starts automatically
- Registered: The node appears as healthy in your dashboard
Advanced Agent Options
When using the Terraform modules directly, you can tune the installed agent with:
tunnel_enabled: enables the reverse tunnel used by terminal and SFTP accessshardlyn_prefer_ipv4: prefers IPv4 for control plane traffic on networks with unstable IPv6shardlyn_host_files_enabled: enables host filesystem browsing through the agentshardlyn_host_files_allow_paths: limits which host paths are exposed when host files are enabled
The cloud-init templates already enable the SSH SFTP subsystem, so terminal and SFTP access work once the tunnel is enabled.
Setting Up Credentials
Before provisioning, add your cloud provider credentials in Settings > Credentials.
AWS
- Create an IAM user in the AWS Console with EC2 permissions
- Generate an Access Key ID and Secret Access Key
- In Shardlyn, go to Settings > Credentials > Add Credential
- Select AWS as provider
- Enter the Access Key ID and Secret Access Key
Minimum IAM permissions required:
ec2:*(instances, security groups, key pairs)vpc:*(if creating new VPCs)
GCP
- Create a service account in the GCP Console
- Grant the Compute Admin role
- Generate a JSON key file
- In Shardlyn, go to Settings > Credentials > Add Credential
- Select GCP as provider
- Enter your Project ID, region, zone, and paste the service account JSON
Hetzner Cloud
- Generate an API token in the Hetzner Cloud Console under Security > API Tokens
- In Shardlyn, go to Settings > Credentials > Add Credential
- Select Hetzner as provider
- Enter your API token
Oracle Cloud (OCI)
- In the OCI Console, go to User Settings > API Keys
- Generate or upload an API key pair
- Note your Tenancy OCID, User OCID, and key fingerprint
- In Shardlyn, go to Settings > Credentials > Add Credential
- Select OCI as provider
- Enter the Tenancy OCID, User OCID, fingerprint, and private key (PEM format)
Creating a Provisioned Node
From the Dashboard
- Navigate to the Nodes page
- Click Provision Server
- Select your cloud provider
- Choose a region and instance type
- Configure options:
- Node name: A descriptive name for the server
- SSH key: Select an existing key or generate a new one
- Data volume: Size of the attached storage volume (default: 50 GB)
- Firewall: Automatically configured to allow your workload/template ports
- Click Create to generate the plan
- Review the plan output and estimated cost
- Click Apply to provision
From the API
bash
# Create a provision request
curl -X POST https://api.shardlyn.com/v1/provision \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"provider": "hetzner",
"region": "fsn1",
"instance_type": "cx31",
"name": "workload-node-1"
}'
# Review the plan
curl -X POST https://api.shardlyn.com/v1/provision/{id}/plan \
-H "Authorization: Bearer $TOKEN"
# Apply the plan
curl -X POST https://api.shardlyn.com/v1/provision/{id}/apply \
-H "Authorization: Bearer $TOKEN"Provider-Specific Details
The sizing tables below use latency-sensitive game server workloads as reference examples. For web apps, APIs, databases, and internal tooling, size based on your runtime profile and storage/network needs.
AWS EC2
What Shardlyn creates:
- EC2 instance with your chosen type
- VPC and subnet (or uses existing)
- Security group with workload port rules
- EBS root volume (30 GB default) + optional data volume (50 GB default)
- Optional Elastic IP
Recommended instance types for latency-sensitive game servers (examples):
| Game Type | Instance | vCPU | RAM | Cost/month |
|---|---|---|---|---|
| Small (1-10 players) | t3.small | 2 | 2 GB | ~$15 |
| Medium (10-50 players) | t3.medium | 2 | 4 GB | ~$30 |
| Large (50+ players) | c5.xlarge | 4 | 8 GB | ~$120 |
GCP Compute Engine
What Shardlyn creates:
- Compute instance with your chosen machine type
- VPC network and subnet (or uses existing)
- Firewall rules for workload port access
- Boot disk (30 GB default) + optional persistent data disk (50 GB default)
Recommended machine types (game server examples):
| Game Type | Machine | vCPU | RAM | Cost/month |
|---|---|---|---|---|
| Small | e2-small | 2 | 2 GB | ~$12 |
| Medium | e2-medium | 2 | 4 GB | ~$25 |
| Large | n2-standard-4 | 4 | 16 GB | ~$100 |
Hetzner Cloud
What Shardlyn creates:
- Cloud server with your chosen type
- Optional private network
- Firewall with workload port rules
- Optional persistent volume (ext4 or xfs, 50 GB default)
Recommended server types (game server examples):
| Game Type | Server | vCPU | RAM | Cost/month |
|---|---|---|---|---|
| Small | CX22 | 2 | 4 GB | ~$4 |
| Medium | CX32 | 4 | 8 GB | ~$8 |
| Large | CX42 | 8 | 16 GB | ~$16 |
Locations: fsn1 (Falkenstein), nbg1 (Nuremberg), hel1 (Helsinki), ash (Ashburn), hil (Hillsboro)
Oracle Cloud (OCI)
What Shardlyn creates:
- Compute instance (supports flex shapes with configurable OCPU/memory)
- VCN and subnet (or uses existing)
- Security list with workload port rules
- Boot volume (50 GB default) + optional block storage volume (100 GB default)
Recommended shapes (game server examples):
| Game Type | Shape | OCPUs | RAM | Cost/month |
|---|---|---|---|---|
| Small | VM.Standard.E4.Flex | 1 | 4 GB | ~$10 |
| Medium | VM.Standard.E4.Flex | 2 | 8 GB | ~$25 |
| ARM (budget) | VM.Standard.A1.Flex | 2 | 8 GB | ~$15 |
OCI Free Tier
Oracle Cloud offers a generous Always Free tier that includes ARM-based instances (4 OCPUs, 24 GB RAM). This can be a cost-effective option for game servers and lightweight workloads.
Provision Request States
| State | Description |
|---|---|
| pending | Request created, awaiting plan generation |
| planned | Plan generated, ready for review |
| applying | Terraform is executing |
| applied | Infrastructure created, waiting for agent registration |
| failed | Error during provisioning |
| destroying | Teardown in progress |
Destroying Provisioned Nodes
When you no longer need a provisioned server:
- Stop and remove all instances running on the node
- Navigate to the Nodes page
- Click Delete on the provisioned node
- Confirm the deletion — Shardlyn runs
terraform destroyto remove all cloud resources
Security Best Practices
- Use the credential store: Never hardcode cloud credentials
- Rotate credentials regularly: Update them in Settings > Credentials
- Limit permissions: Use provider-specific IAM with only the permissions Shardlyn needs
- Review audit logs: Check provisioning history for unexpected activity
- Restrict SSH access: Configure
ssh_cidr_blocksto limit who can SSH into provisioned servers
Next Steps
- Connecting Nodes — Manual node registration and agent setup
- DNS Management — Assign custom domains to workloads and provisioned nodes
- Billing & Subscriptions — Plan limits and provider availability
- Security — Manage cloud credentials and SSH certificates