Table: oci_bastion_session - Query OCI Bastion Sessions using SQL
Oracle Cloud Infrastructure (OCI) Bastion Service provides secure, controlled access to target resources located inside private networks. It is a managed SSH session service that provides a secure way to access hosts located inside your virtual cloud network (VCN). The OCI Bastion Service is designed to provide a secure and scalable method for users to access their infrastructure without exposing it to the public internet.
Table Usage Guide
The oci_bastion_session
table provides insights into Bastion Sessions within OCI. As a Security or System Administrator, explore session-specific details through this table, including session type, target resource details, and session status. Utilize it to monitor and manage the secure access to your infrastructure, ensuring the sessions are properly managed and no unauthorized access is happening.
Examples
Basic info
Explore the details of active sessions in your cloud bastion service. This query helps you understand the configuration of each session, including session duration and associated user, providing a comprehensive view for better management and security oversight.
select s.id, s.bastion_id, s.display_name, s.bastion_name, s.target_resource_details, s.key_details, s.session_ttl_in_seconds, s.bastion_user_name, s.ssh_metadata, s.key_type, s.lifecycle_state as statefrom oci_bastion_session s inner join oci_bastion_bastion b on b.id = s.bastion_id;
select s.id, s.bastion_id, s.display_name, s.bastion_name, s.target_resource_details, s.key_details, s.session_ttl_in_seconds, s.bastion_user_name, s.ssh_metadata, s.key_type, s.lifecycle_state as statefrom oci_bastion_session s inner join oci_bastion_bastion b on b.id = s.bastion_id;
Show port forwarding bastion sessions
Explore the details of your active port forwarding sessions through bastion. This is particularly useful for maintaining secure connections and managing SSH access to your resources.
select id, bastion_id, display_name, bastion_name, target_resource_details, key_details, session_ttl_in_seconds, bastion_user_name, ssh_metadata, key_type, lifecycle_state as statefrom oci_bastion_sessionwhere bastion_id = 'ocid' and target_resource_details -> 'sessionType' = '"MANAGED_SSH"';
select id, bastion_id, display_name, bastion_name, target_resource_details, key_details, session_ttl_in_seconds, bastion_user_name, ssh_metadata, key_type, lifecycle_state as statefrom oci_bastion_sessionwhere bastion_id = 'ocid' and json_extract(target_resource_details, '$.sessionType') = 'MANAGED_SSH';
List bastion sessions which are not active
Identify inactive sessions within your bastion setup to manage resources and maintain optimal system performance. This is particularly useful for troubleshooting and ensuring the efficient use of resources.
select display_name, id, bastion_name, bastion_id, time_created, lifecycle_state as statefrom oci_bastion_sessionwhere lifecycle_state <> 'ACTIVE';
select display_name, id, bastion_name, bastion_id, time_created, lifecycle_state as statefrom oci_bastion_sessionwhere lifecycle_state <> 'ACTIVE';
Schema for oci_bastion_session
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
bastion_id | text | = | The unique identifier (OCID) of the bastion that is hosting this session. |
bastion_name | text | The name of the bastion that is hosting this session. | |
bastion_public_host_key_info | text | The public key of the bastion host. You can use this to verify that you're connecting to the correct bastion. | |
bastion_user_name | text | The username that the session uses to connect to the target resource. | |
display_name | text | = | The name of the session. |
id | text | = | The unique identifier (OCID) of the session. |
key_details | jsonb | Public key details for a bastion session. | |
key_type | jsonb | The type of the key used to connect to the session. PUB is a standard public key in OpenSSH format. | |
lifecycle_state | text | = | The current state of the session. |
session_ttl_in_seconds | bigint | The amount of time the session can remain active. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
ssh_metadata | jsonb | The connection message for the session. | |
target_resource_details | jsonb | Details about a bastion session's target resource. | |
tenant_id | text | =, !=, ~~, ~~*, !~~, !~~* | The OCID of the Tenant in which the resource is located. |
tenant_name | text | The name of the Tenant in which the resource is located. | |
time_created | timestamp with time zone | Time that bastion was created. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oci
You can pass the configuration to the command with the --config
argument:
steampipe_export_oci --config '<your_config>' oci_bastion_session