Bastion Creation Failed

Fix problems that can occur when you attempt to create a bastion.

Missing IAM Policies for Networking

To create a bastion, you need the following permissions:

Manage bastions, sessions, and networks
Read compute instances
Read compute instance agent (Oracle Cloud Agent) plugins
Inspect work requests

For example, if you don't have permission to manage networks, then you can't select a VCN (virtual cloud network) or subnet when creating a bastion using the Console.

Example policy:

Allow group SecurityAdmins to manage bastion in tenancy
Allow group SecurityAdmins to manage bastion-session in tenancy
Allow group SecurityAdmins to manage virtual-network-family in tenancy
Allow group SecurityAdmins to read instances in tenancy
Allow group SecurityAdmins to inspect work-requests in tenancy

See Bastion IAM Policies for detailed policy information and more examples.

Reached Your Service Limit

Your tenancy has a limit on the number of bastions that you can create. If you attempt to create a bastion after your tenancy has reached this service limit, then you see an error message similar to the following:

You have already reached max quota for number of bastions that can be created under the tenancy.

Either request a quota increase from your administrator, or delete unused bastions. To learn more, see Service Limits.

Oracle Cloud Infrastructure Documentation

Bastion Creation Failed

Missing IAM Policies for Networking

Reached Your Service Limit