oci_adm_knowledge_baseoci_adm_vulnerability_auditoci_ai_anomaly_detection_ai_private_endpointoci_ai_anomaly_detection_data_assetoci_ai_anomaly_detection_modeloci_ai_anomaly_detection_projectoci_analytics_instanceoci_apigateway_apioci_application_migration_migrationoci_application_migration_sourceoci_artifacts_container_imageoci_artifacts_container_image_signatureoci_artifacts_container_repositoryoci_artifacts_generic_artifactoci_artifacts_repositoryoci_autoscaling_auto_scaling_configurationoci_autoscaling_auto_scaling_policyoci_bastion_bastionoci_bastion_sessionoci_bds_bds_instanceoci_budget_alert_ruleoci_budget_budgetoci_certificates_authority_bundleoci_certificates_management_associationoci_certificates_management_ca_bundleoci_certificates_management_certificateoci_certificates_management_certificate_authorityoci_certificates_management_certificate_authority_versionoci_certificates_management_certificate_versionoci_cloud_guard_configurationoci_cloud_guard_detector_recipeoci_cloud_guard_managed_listoci_cloud_guard_responder_recipeoci_cloud_guard_targetoci_container_instances_containeroci_container_instances_container_instanceoci_containerengine_clusteroci_core_block_volume_replicaoci_core_boot_volumeoci_core_boot_volume_attachmentoci_core_boot_volume_backupoci_core_boot_volume_metric_read_opsoci_core_boot_volume_metric_read_ops_dailyoci_core_boot_volume_metric_read_ops_hourlyoci_core_boot_volume_metric_write_opsoci_core_boot_volume_metric_write_ops_dailyoci_core_boot_volume_metric_write_ops_hourlyoci_core_boot_volume_replicaoci_core_cluster_networkoci_core_dhcp_optionsoci_core_drgoci_core_imageoci_core_image_customoci_core_instanceoci_core_instance_configurationoci_core_instance_metric_cpu_utilizationoci_core_instance_metric_cpu_utilization_dailyoci_core_instance_metric_cpu_utilization_hourlyoci_core_internet_gatewayoci_core_load_balanceroci_core_local_peering_gatewayoci_core_nat_gatewayoci_core_network_load_balanceroci_core_network_security_groupoci_core_public_ipoci_core_public_ip_pooloci_core_route_tableoci_core_security_listoci_core_service_gatewayoci_core_subnetoci_core_vcnoci_core_vnic_attachmentoci_core_volumeoci_core_volume_attachmentoci_core_volume_backupoci_core_volume_backup_policyoci_core_volume_default_backup_policyoci_core_volume_groupoci_database_autonomous_databaseoci_database_autonomous_db_metric_cpu_utilizationoci_database_autonomous_db_metric_cpu_utilization_dailyoci_database_autonomous_db_metric_cpu_utilization_hourlyoci_database_autonomous_db_metric_storage_utilizationoci_database_autonomous_db_metric_storage_utilization_dailyoci_database_autonomous_db_metric_storage_utilization_hourlyoci_database_cloud_vm_clusteroci_database_dboci_database_db_homeoci_database_db_systemoci_database_exadata_infrastructureoci_database_pluggable_databaseoci_database_software_imageoci_devops_projectoci_devops_repositoryoci_dns_rrsetoci_dns_tsig_keyoci_dns_zoneoci_events_ruleoci_file_storage_file_systemoci_file_storage_mount_targetoci_file_storage_snapshotoci_functions_applicationoci_functions_functionoci_identity_api_keyoci_identity_auth_tokenoci_identity_authentication_policyoci_identity_availability_domainoci_identity_compartmentoci_identity_customer_secret_keyoci_identity_db_credentialoci_identity_domainoci_identity_dynamic_groupoci_identity_groupoci_identity_network_sourceoci_identity_policyoci_identity_tag_defaultoci_identity_tag_namespaceoci_identity_tenancyoci_identity_useroci_kms_keyoci_kms_key_versionoci_kms_vaultoci_logging_logoci_logging_log_groupoci_logging_searchoci_mysql_backupoci_mysql_channeloci_mysql_configurationoci_mysql_configuration_customoci_mysql_db_systemoci_mysql_db_system_metric_connectionsoci_mysql_db_system_metric_connections_dailyoci_mysql_db_system_metric_connections_hourlyoci_mysql_db_system_metric_cpu_utilizationoci_mysql_db_system_metric_cpu_utilization_dailyoci_mysql_db_system_metric_cpu_utilization_hourlyoci_mysql_db_system_metric_memory_utilizationoci_mysql_db_system_metric_memory_utilization_dailyoci_mysql_heat_wave_clusteroci_network_firewall_firewalloci_network_firewall_policyoci_nosql_tableoci_nosql_table_metric_read_throttle_countoci_nosql_table_metric_read_throttle_count_dailyoci_nosql_table_metric_read_throttle_count_hourlyoci_nosql_table_metric_storage_utilizationoci_nosql_table_metric_storage_utilization_dailyoci_nosql_table_metric_storage_utilization_hourlyoci_nosql_table_metric_write_throttle_countoci_nosql_table_metric_write_throttle_count_dailyoci_nosql_table_metric_write_throttle_count_hourlyoci_objectstorage_bucketoci_objectstorage_objectoci_ons_notification_topicoci_ons_subscriptionoci_queue_queueoci_regionoci_resource_searchoci_resourcemanager_stackoci_streaming_streamoci_vault_secret
Table: oci_bastion_bastion - Query OCI Bastion Service Bastions using SQL
The OCI Bastion Service provides secure, controlled access to target resources that reside in private networks. It acts as a 'jump host' for administrators to securely access their cloud resources. This service is especially useful for resources that do not have public endpoints.
Table Usage Guide
The oci_bastion_bastion table provides insights into Bastions within the OCI Bastion Service. As a system administrator, you can explore details of each Bastion through this table, including its configuration, status, and associated metadata. Use this table to understand the setup of your Bastions, verify their configurations, and ensure they are providing secure access as expected.
Examples
Basic info
Explore the configuration of your bastion host in Oracle Cloud Infrastructure, including its type, status, and associated network details. This can help you manage your cloud security by understanding the maximum sessions allowed, session lifespan, and the state of each bastion host.
select id, name, bastion_type, dns_proxy_status, client_cidr_block_allow_list, max_session_ttl_in_seconds, max_sessions_allowed, private_endpoint_ip_address, static_jump_host_ip_address, phone_book_entry, target_vcn_id, target_subnet_id, lifecycle_state as statefrom oci_bastion_bastion;select id, name, bastion_type, dns_proxy_status, client_cidr_block_allow_list, max_session_ttl_in_seconds, max_sessions_allowed, private_endpoint_ip_address, static_jump_host_ip_address, phone_book_entry, target_vcn_id, target_subnet_id, lifecycle_state as statefrom oci_bastion_bastion;Show Bastions that allow access from the Internet (0.0.0.0/0)
Identify Bastions that permit internet access, providing insights into potential security vulnerabilities within your network infrastructure.
select id, name, bastion_type, client_cidr_block_allow_list, private_endpoint_ip_addressfrom oci_bastion_bastionwhere (client_cidr_block_allow_list) :: jsonb ? '0.0.0.0/0';Error: SQLite does not support CIDR operations.List bastions which are not active
Explore which bastions are not currently active. This can be useful in identifying potential security risks or in optimizing resource usage by decommissioning inactive bastions.
select name, id, time_created, lifecycle_state as statefrom oci_bastion_bastionwhere lifecycle_state <> 'ACTIVE';select name, id, time_created, lifecycle_state as statefrom oci_bastion_bastionwhere lifecycle_state <> 'ACTIVE';Schema for oci_bastion_bastion
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| bastion_type | text | The type of bastion. | |
| client_cidr_block_allow_list | jsonb | A list of address ranges in CIDR notation that you want to allow to connect to sessions hosted by this bastion. | |
| compartment_id | text | = | The OCID of the compartment in Tenant in which the resource is located. |
| defined_tags | jsonb | Defined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources. | |
| dns_proxy_status | text | The current DNS proxy status of the bastion. | |
| freeform_tags | jsonb | Free-form tags for resource. This tags can be applied by any user with permissions on the resource. | |
| id | text | = | The OCID of the bastion. |
| lifecycle_state | text | = | The current state of the bastion. |
| max_session_ttl_in_seconds | bigint | The maximum amount of time that any session on the bastion can remain active. | |
| max_sessions_allowed | bigint | The maximum number of active sessions allowed on the bastion. | |
| name | text | = | The display name of the bastion. |
| phone_book_entry | text | The phonebook entry of the customer's team, which can't be changed after creation. Not applicable to standard bastions. | |
| private_endpoint_ip_address | inet | The private IP address of the created private endpoint. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| static_jump_host_ip_addresses | jsonb | A list of IP addresses of the hosts that the bastion has access to. Not applicable to standard bastions. | |
| tags | jsonb | A map of tags for the resource. | |
| target_subnet_id | text | The unique identifier (OCID) of the subnet that the bastion connects to. | |
| target_vcn_id | text | The unique identifier (OCID) of the virtual cloud network (VCN) that the bastion connects to. | |
| tenant_id | text | =, !=, ~~, ~~*, !~~, !~~* | The OCID of the Tenant in which the resource is located. |
| tenant_name | text | The name of the Tenant in which the resource is located. | |
| time_created | timestamp with time zone | Time when the bastion was created. | |
| title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ociYou can pass the configuration to the command with the --config argument:
steampipe_export_oci --config '<your_config>' oci_bastion_bastion