Bastion Creation Failed
Fix problems that can occur when you attempt to create a bastion.
Missing IAM Policies for Networking
To create a bastion, you need the following permissions:
- Manage bastions, sessions, and networks
- Read compute instances
- Read compute instance agent (Oracle Cloud Agent) plugins
- Inspect work requests
For example, if you don't have permission to manage networks, then you can't select a VCN (virtual cloud network) or subnet when creating a bastion using the Console.
Example policy:See Bastion IAM Policies for detailed policy information and more examples.
Allow group SecurityAdmins to manage bastion in tenancy
Allow group SecurityAdmins to manage bastion-session in tenancy
Allow group SecurityAdmins to manage virtual-network-family in tenancy
Allow group SecurityAdmins to read instances in tenancy
Allow group SecurityAdmins to inspect work-requests in tenancy
Reached Your Service Limit
Your tenancy has a limit on the number of bastions that you can create. If you attempt to create a bastion after your tenancy has reached this service limit, then you see an error message similar to the following:
You have already reached max quota for number of bastions that can be created under the tenancy.
Either request a quota increase from your administrator, or delete unused bastions. To learn more, see Service Limits.