Oracle Cloud Infrastructure (OCI) Bastion provides secure and seamless RDP & SSH access to your private cloud resources within the OCI environment. The service enables you to avoid exposing your cloud resources to the public internet. It acts as a “jump host” so you can securely access your cloud resources without exposing them to external traffic, therefore adding an extra layer of security.

Features

• Secure Access: Only allows SSH or RDP traffic from the internet to reach cloud resources, blocking all other types of traffic.
• Temporary Sessions: Allows for limited-time SSH sessions, which expire after a set period.
• Auditing and Logging: Captures all the session activity, allowing for robust auditing and compliance.

How it Works

1. Create a Bastion: First, you have to create a Bastion in the VCN (Virtual Cloud Network) where the target resources reside.
2. Set Up Policies: Implement security rules that specify which CIDR blocks can use the bastion.
3. Session Creation: Authorized users can create SSH or RDP sessions in the bastion.
4. Access Target Resources: Use the bastion to initiate SSH or RDP sessions to the target resources in the VCN.

Use Cases

• Secure administrative access to Oracle Databases, Web servers, Application servers, etc.
• Compliance requirements where the auditing of all SSH and RDP sessions is necessary.

Cost

OCI Bastion service is generally billed per-hour based on usage. Check Oracle’s official pricing page for detailed information.

I hope this provides you with a comprehensive overview of Oracle Cloud Infrastructure Bastion. Please make sure to read the official Oracle documentation for the most accurate and up-to-date information.