Bastion host and remote access to your private hosts in OCI

Last time I have written a post about NAT Gateway, a new feature in OCI, which enables access to the public Internet resources from the private subnets. Today I would like to enhance this topology a little bit by adding bastion host. The truth is you need to access your private machine from outside, right? Before going into Terraform automation, let’s examine a topology diagram:


As you can see in the picture above we have a VCN network structure, which has been split into two subnets. One of the subnets is public, which means machines located there will have public IP addresses. On the other hand, we have private subnet which is separated from the outside world. Of course, there is a way to initiate the traffic to the Internet via NAT Gateway, but there is no way to connect to the machines in private subnet from that Internet. Really? Of course, we can setup bastion host and enable the traffic with proper route tables and security lists. All of that has been documented here.

Ok, but let’s say we would like to automate the process of the provisioning, right? Here is my small github repo which has all necessary Terraform files. They include the NAT Gateway config, which was discussed here, in my previous blog post.

Now you can cook it for yourself 🙂 Bon Appetit! 🙂

Your MasterChef Martin 🙂


One thought on “Bastion host and remote access to your private hosts in OCI

Leave a Reply