steampipe plugin install oci

Table: oci_bastion_bastion - Query OCI Bastion Service Bastions using SQL

The OCI Bastion Service provides secure, controlled access to target resources that reside in private networks. It acts as a 'jump host' for administrators to securely access their cloud resources. This service is especially useful for resources that do not have public endpoints.

Table Usage Guide

The oci_bastion_bastion table provides insights into Bastions within the OCI Bastion Service. As a system administrator, you can explore details of each Bastion through this table, including its configuration, status, and associated metadata. Use this table to understand the setup of your Bastions, verify their configurations, and ensure they are providing secure access as expected.

Examples

Basic info

Explore the configuration of your bastion host in Oracle Cloud Infrastructure, including its type, status, and associated network details. This can help you manage your cloud security by understanding the maximum sessions allowed, session lifespan, and the state of each bastion host.

select
id,
name,
bastion_type,
dns_proxy_status,
client_cidr_block_allow_list,
max_session_ttl_in_seconds,
max_sessions_allowed,
private_endpoint_ip_address,
static_jump_host_ip_address,
phone_book_entry,
target_vcn_id,
target_subnet_id,
lifecycle_state as state
from
oci_bastion_bastion;
select
id,
name,
bastion_type,
dns_proxy_status,
client_cidr_block_allow_list,
max_session_ttl_in_seconds,
max_sessions_allowed,
private_endpoint_ip_address,
static_jump_host_ip_address,
phone_book_entry,
target_vcn_id,
target_subnet_id,
lifecycle_state as state
from
oci_bastion_bastion;

Show Bastions that allow access from the Internet (0.0.0.0/0)

Identify Bastions that permit internet access, providing insights into potential security vulnerabilities within your network infrastructure.

select
id,
name,
bastion_type,
client_cidr_block_allow_list,
private_endpoint_ip_address
from
oci_bastion_bastion
where
(client_cidr_block_allow_list) :: jsonb ? '0.0.0.0/0';
Error: SQLite does not support CIDR operations.

List bastions which are not active

Explore which bastions are not currently active. This can be useful in identifying potential security risks or in optimizing resource usage by decommissioning inactive bastions.

select
name,
id,
time_created,
lifecycle_state as state
from
oci_bastion_bastion
where
lifecycle_state <> 'ACTIVE';
select
name,
id,
time_created,
lifecycle_state as state
from
oci_bastion_bastion
where
lifecycle_state <> 'ACTIVE';

Schema for oci_bastion_bastion

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
bastion_typetextThe type of bastion.
client_cidr_block_allow_listjsonbA list of address ranges in CIDR notation that you want to allow to connect to sessions hosted by this bastion.
compartment_idtext=The OCID of the compartment in Tenant in which the resource is located.
defined_tagsjsonbDefined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources.
dns_proxy_statustextThe current DNS proxy status of the bastion.
freeform_tagsjsonbFree-form tags for resource. This tags can be applied by any user with permissions on the resource.
idtext=The OCID of the bastion.
lifecycle_statetext=The current state of the bastion.
max_session_ttl_in_secondsbigintThe maximum amount of time that any session on the bastion can remain active.
max_sessions_allowedbigintThe maximum number of active sessions allowed on the bastion.
nametext=The display name of the bastion.
phone_book_entrytextThe phonebook entry of the customer's team, which can't be changed after creation. Not applicable to standard bastions.
private_endpoint_ip_addressinetThe private IP address of the created private endpoint.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
static_jump_host_ip_addressesjsonbA list of IP addresses of the hosts that the bastion has access to. Not applicable to standard bastions.
tagsjsonbA map of tags for the resource.
target_subnet_idtextThe unique identifier (OCID) of the subnet that the bastion connects to.
target_vcn_idtextThe unique identifier (OCID) of the virtual cloud network (VCN) that the bastion connects to.
tenant_idtext=, !=, ~~, ~~*, !~~, !~~*The OCID of the Tenant in which the resource is located.
tenant_nametextThe name of the Tenant in which the resource is located.
time_createdtimestamp with time zoneTime when the bastion was created.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oci

You can pass the configuration to the command with the --config argument:

steampipe_export_oci --config '<your_config>' oci_bastion_bastion