Creating a Bastion

Create a bastion to provide restricted access to target resources that don't have public endpoints.

Before you begin, ensure that you have the following information about the target resource, such as an instance or database) that you intend to use this bastion to host sessions for:

The VCN (virtual cloud network) that the target was created in
Tip

If you haven't created a VCN, consider using a Virtual Networking Quickstart wizard.
A private subnet in the VCN
- The name of the subnet that the target resource was created in
- Another subnet that has access to the target resource's subnet if the target's subnet allows ingress network traffic from the selected subnet
The IPv4 addresses from which you plan to connect to sessions hosted by the bastion

The VCN must include a service gateway and a route rule for the service gateway. See Access to Oracle Services: Service Gateway.

Note

A bastion is associated with a single VCN. You can't create a bastion in one VCN and then use it to access target resources in a different VCN.

1. On the Bastions list page, select Create bastion. If you need help finding the list page, see Listing Bastions.
2. Enter a name for the bastion.
  
  Avoid entering any confidential information in this field. Only alphanumeric characters are supported.
3. Under Configure networking, select the target VCN of the target resource that you intend to connect to by using sessions hosted on this bastion.
  
  If needed, change the compartment to find the VCN.
4. Select the target subnet. The subnet must either be the same as the target resource's subnet or it must be a subnet from which the target resource's subnet accepts network traffic.
  
  If needed, change the compartment to find the subnet.
5. (Optional) Select Enable FQDN Support and SOCKS5 to extend the local port forwarding session type to accept domain names as a target resource identifier, or to enable the bastion to use the dynamic port forwarding (SOCKS5) session type.
6. Under CIDR block allowlist, add one or more address ranges in CIDR notation that you want to allow to connect to sessions hosted by this bastion.
  
  For example, 203.0.113.0/24.
  
  Enter a CIDR block into the input field, and then either select the value or press Enter to add the value to the list. The maximum allowed number of CIDR blocks is 20.
  
  A more limited address range offers better security.
7. (Optional) Change the maximum amount of time that any session on this bastion can remain active.
  
  Select Show advanced options.
  
  Select the Management tab.
  
  Enter a value for Maximum session time-to-live.
  
  Provide a value of at least 30 minutes that doesn't exceed 180 minutes (3 hours).
8. (Optional) Assign tags to the bastion.
  
  Select Show advanced options.
  
  Select Tagging.
  
  If you have permissions to create a resource, you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags.
  
  You can also assign tags to a resource after creating it.
9. When you're finished, select one of the following options:
  
  To create the bastion, select Create bastion.
  
  To save the resource definition as a Terraform configuration, select Save as Stack.
  
  For more information about saving stacks from resource definitions, see Creating a Stack from a Resource Creation Page.
After you create a bastion, you can create a session. For options, see Managing Sessions.
Use the oci bastion bastion create command and required parameters to create a bastion:
Command
oci bastion bastion create --bastion-type Standard --compartment-id <compartment_ocid> --target-subnet-id <target_subnet_ocid> [OPTIONS]
For a complete list of flags and variable options for CLI commands, see the Command Line Reference.
Run the CreateBastion operation to create a bastion.

Oracle Cloud Infrastructure Documentation Try Free Tier

Creating a Bastion

Oracle Cloud Infrastructure Documentation
Try Free Tier