oci-bastion

Status: static-validated, live-test pending. This module ships under live-test quarantine — it passes tofu fmt, tofu validate and tflint, but a real apply → verify → destroy has not yet run (no OCI cloud sandbox available). Promotion to a full live-tested artifact follows when a sandbox exists.

The OCI Bastion service as a drop-in replacement for jump hosts: a zero-footprint, fully-managed broker for session-scoped SSH / port-forward access into private subnets — no public IP, no VM to patch, no standing SSH exposure. Works with Terraform and OpenTofu (>= 1.6), OCI provider >= 8.0, < 9.0. The Bastion service is free on all accounts.

Secure defaults:

No connect-from-anywhere. client_cidr_block_allow_list is required and must be non-empty (an empty list lets OCI default to 0.0.0.0/0). A literal 0.0.0.0/0 is rejected unless you set allow_internet_clients = true.
Short-lived sessions. max_session_ttl_in_seconds defaults to 30 minutes and is capped at OCI's 3-hour ceiling. Each session's session_ttl_in_seconds must be ≤ the bastion's max_session_ttl_in_seconds (OCI rejects any longer-lived session); the module enforces this at plan time.
Key material is segregated. SSH public keys live in a separate sensitive map (session_public_keys) so session metadata stays plannable and the key never becomes a for_each key.
MANAGED_SSH / PORT_FORWARDING invariants (os_username, target_resource_id) are enforced with preconditions, so a malformed session fails at plan time.

Requirements

Terraform or OpenTofu >= 1.6
Provider oracle/oci >= 8.0, < 9.0

Verification

Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status.

License

Commercial — LicenseRef-IaCBazaar-Commercial.

Bastion Service

Verification

Conformance

Provenance

Functional

Documentation

oci-bastion

Requirements

Verification

License

Usage code & full reference unlock after purchase