The Terraform OCI Bastion for Oracle Cloud Infrastructure (OCI) provides a Terraform module that reuses an existing VCN and adds a bastion host to it.
It creates the following resources:
- A bastion network security group to allow SSH access from defined CIDR blocks
- An empty subnet security list retained for subnet attachment compatibility
- A public subnet
- A compute instance
For public bastions, provide ig_route_id. For private bastions, leave ig_route_id unset and provide bastion_route_table_id for the subnet route table. Custom images are supported only with bastion_await_cloudinit = false.
The module outputs bastion_ip, which returns the public IP for public bastions and the private IP for private bastions, and bastion_nsg_id, which returns the bastion NSG OCID.
This module is primarily meant to be reusable to provide an entry point into your infrastructure on OCI. You can further use it as part of higher level Terraform modules
- Oracle Cloud Infrastructure Documentation
- Terraform OCI Provider Documentation
- Erik Berg on Networks, Subnets and CIDR
- Lisa Hagemann on Terraform cidrsubnet Deconstructed
View the CHANGELOG.
Code derived and adapted from Terraform OCI Examples and Hashicorp's Terraform 0.12 examples
Folks who contributed with explanations, code, feedback, ideas, testing etc.
Learn how to contribute.
Copyright (c) 2019, 2020 Oracle and/or its associates. All rights reserved.
Licensed under the Universal Permissive License 1.0 as shown at https://oss.oracle.com/licenses/upl.