Creating a Bastion
Create a bastion to provide restricted access to target resources that don't have public endpoints.
Before you begin, ensure that you have the following information about the target resource, such as an instance or database) that you intend to use this bastion to host sessions for:
- The VCN (virtual cloud network) that the target was created in
- A private subnet in the VCN
- The name of the subnet that the target resource was created in
- Another subnet that has access to the target resource's subnet if the target's subnet allows ingress network traffic from the selected subnet
- The IPv4 addresses from which you plan to connect to sessions hosted by the bastion
The VCN must include a service gateway and a route rule for the service gateway. See Access to Oracle Services: Service Gateway.
A bastion is associated with a single VCN. You can't create a bastion in one VCN and then use it to access target resources in a different VCN.
After you create a bastion, you can create a session. For options, see Managing Sessions.
Use the oci bastion bastion create command and required parameters to create a bastion:
oci bastion bastion create --bastion-type Standard --compartment-id <compartment_ocid> --target-subnet-id <target_subnet_ocid> [OPTIONS]
For a complete list of flags and variable options for CLI commands, see the Command Line Reference.
Run the CreateBastion operation to create a bastion.