Managing Bastions

Describes how to create and manage bastions.

For information about creating and managing sessions, see Managing Sessions in Bastion.

You can perform the following bastion management tasks:

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don't have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  to work in.

To use all Bastion features, you must have the following permissions:

  • Manage bastions, sessions, and networks
  • Read compute instances
  • Read compute instance agent (Oracle Cloud Agent) plugins
  • Inspect work requests
Example policy:
Allow group SecurityAdmins to manage bastion-family in tenancy
Allow group SecurityAdmins to manage virtual-network-family in tenancy
Allow group SecurityAdmins to read instance-family in tenancy
Allow group SecurityAdmins to read instance-agent-plugins in tenancy
Allow group SecurityAdmins to inspect work-requests in tenancy
See Bastion IAM Policies for detailed policy information and more examples.

If you're new to policies, see Getting Started with Policies and Common Policies.