Bastion host and remote access to your private hosts in OCI

Last time I have written a post about NAT Gateway, a new feature in OCI, which enables access to the public Internet resources from the private subnets. Today I would like to enhance this topology a little bit by adding bastion host. The truth is you need to access your private machine from outside, right? Before going into Terraform automation, let’s examine a topology diagram:

Bastion+NAT_Gateway

As you can see in the picture above we have a VCN network structure, which has been split into two subnets. One of the subnets is public, which means machines located there will have public IP addresses. On the other hand, we have private subnet which is separated from the outside world. Of course, there is a way to initiate the traffic to the Internet via NAT Gateway, but there is no way to connect to the machines in private subnet from that Internet. Really? Of course, we can setup bastion host and enable the traffic with proper route tables and security lists. All of that has been documented here.

Ok, but let’s say we would like to automate the process of the provisioning, right? Here is my small github repo which has all necessary Terraform files. They include the NAT Gateway config, which was discussed here, in my previous blog post.

Now you can cook it for yourself 🙂 Bon Appetit! 🙂

Your MasterChef Martin 🙂

 

One thought on “Bastion host and remote access to your private hosts in OCI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s