Created specific directory for oracle cloud

examples/terraform/oracle cloud free tier bastion/main.tf

@@ -1,45 +0,0 @@
-terraform {
-  required_version = "1.2.9"
-
-  required_providers {
-    oci = {
-      source  = "oracle/oci"
-      version = "4.107.0"
-    }
-  }
-}
-
-####################
-# Networking
-####################
-
-# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_vcn
-resource "oci_core_vcn" "bastion" {
-  compartment_id = var.compartment_id
-  cidr_blocks    = var.vcn_cidr_blocks
-}
-
-# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_subnet
-resource "oci_core_subnet" "bastion" {
-  compartment_id = var.compartment_id
-  vcn_id         = oci_core_vcn.bastion.id
-  cidr_block     = var.subnet_cidr_block
-}
-
-####################
-# Bastion
-####################
-
-data "http" "local_ip_address" { url = "https://ifconfig.co" }
-locals { local_ip_cidr = "${chomp(data.http.local_ip_address.response_body)}/32" }
-
-# See:
-# - https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/bastion_bastion
-# - https://docs.oracle.com/en-us/iaas/api/#/en/bastion/20210331/Bastion/CreateBastion
-resource "oci_bastion_bastion" "bastion" {
-  compartment_id   = var.compartment_id
-  target_subnet_id = oci_core_subnet.bastion.id
-
-  bastion_type                 = "STANDARD" # locked
-  client_cidr_block_allow_list = [local.local_ip_cidr]
-}

examples/terraform/oracle cloud free tier bastion/variables.tf

@@ -1,22 +0,0 @@
-####################
-# Oracle Cloud Account
-####################
-
-variable "compartment_id" {
-  type = string
-}
-
-####################
-# Networking
-####################
-
-variable "vcn_cidr_blocks" {
-  type = list(string)
-  default = [
-    "10.0.0.0/16"
-  ]
-}
-variable "subnet_cidr_block" {
-  type    = string
-  default = "10.0.0.0/24"
-}

examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/README.md

@@ -0,0 +1,63 @@
+# Oracle Bastion
+
+Simple example to create a Bastion in Oracle Cloud.
+
+1. [Requirements](#requirements)
+2. [SSH configuration](#ssh-configuration)
+3. [Further readings](#further-readings)
+4. [Sources](#sources)
+
+## Requirements
+
+1. VCN
+1. **Private** Subnet
+1. **RSA** SSH key
+
+For a Subnet to be considered Private, it needs to have associated a Route Table with a default route pointing to a NAT Gateway.
+
+> **Note:** NAT Gateways are not included in Oracle's free tier.
+
+The default route table created using Terraform does not contain this route, nor it is possible to create the single route in it at the time of writing.<br />
+A solution to this is to create a new Route Table **with** the default route above and attach it to the Subnet. See the code for details.
+
+![requirements]
+
+## SSH configuration
+
+```ssh_config
+Host  bastion
+  Hostname                  host.bastion.eu-amsterdam-1.oci.oraclecloud.com
+  HostkeyAlgorithms         +ssh-rsa
+  PubkeyAcceptedAlgorithms  +ssh-rsa
+  LocalForward              8022 10.0.0.230:22
+  User                      ocid1.bastionsession.oc1.eu-amsterdam-1.amaaaaaazsnap6iazqwiktq2b7i736d5cgc2vnswuypa3iey754rlj4yyrvq
+
+Host  instance
+  Hostname  localhost
+  User      opc
+  Port      8022
+
+Host  bastion instance
+  IdentityFile           ~/.ssh/id_rsa
+  IdentitiesOnly         yes
+  StrictHostKeyChecking  no
+  UserKnownHostsFile     /dev/null
+```
+
+## Further readings
+
+## Sources
+
+- [Ridiculously powerful free server in the cloud]
+- [Always free resources] in Oracle Cloud
+- [Oracle Cloud Infrastructure Provider documentation]
+- [oracle-terraform-modules/terraform-oci-compute-instance]
+
+<!-- internal references -->
+[requirements]: design/requirements.png
+
+<!-- external references -->
+[always free resources]: https://docs.oracle.com/en-us/iaas/Content/FreeTier/freetier_topic-Always_Free_Resources.htm
+[oracle cloud infrastructure provider documentation]: https://registry.terraform.io/providers/oracle/oci/latest/docs
+[ridiculously powerful free server in the cloud]: https://medium.com/codex/ridiculously-powerful-free-server-in-the-cloud-dd4da8524a9c
+[oracle-terraform-modules/terraform-oci-compute-instance]: https://github.com/oracle-terraform-modules/terraform-oci-compute-instance

examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/design/requirements.py

@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+
+from diagrams import Cluster, Diagram
+from diagrams.oci.compute import VM
+from diagrams.oci.connectivity import NATGateway
+from diagrams.oci.network import RouteTable, Vcn
+from diagrams.onprem.client import User
+from diagrams.onprem.network import Internet
+
+with Diagram("Requirements", show=False):
+
+    i = Internet("Internet")
+    vcn = Vcn("VCN")
+    u = User("User")
+
+    with Cluster("Private Subnet"):
+
+        b = VM("Bastion")
+        ng = NATGateway("NAT Gateway")
+        rt = RouteTable("Route Table")
+        vm = VM("Instance")
+
+    vcn >> [ng, rt] >> b >> vm
+    u >> i >> b

examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/main.tf

@@ -0,0 +1,107 @@
+terraform {
+  required_version = "1.2.9"
+
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = "4.107.0"
+    }
+  }
+}
+
+####################
+# Networking
+####################
+
+# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_vcn
+resource "oci_core_vcn" "vcn" {
+  compartment_id = var.compartment_id
+  cidr_blocks    = var.vcn_cidr_blocks
+}
+
+# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_subnet
+resource "oci_core_subnet" "subnet" {
+  compartment_id = var.compartment_id
+  vcn_id         = oci_core_vcn.vcn.id
+  cidr_block     = var.subnet_cidr_block
+}
+
+# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_nat_gateway
+resource "oci_core_nat_gateway" "nat_gateway" {
+  compartment_id = var.compartment_id
+  vcn_id         = oci_core_vcn.vcn.id
+}
+
+# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_route_table
+resource "oci_core_route_table" "route_table" {
+  compartment_id = var.compartment_id
+  vcn_id         = oci_core_vcn.vcn.id
+
+  route_rules {
+    destination       = "0.0.0.0/0"
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_nat_gateway.nat_gateway.id
+  }
+}
+
+####################
+# Bastion
+####################
+
+data "http" "local_ip_address" { url = "https://ifconfig.co" }
+locals { local_ip_cidr = "${chomp(data.http.local_ip_address.response_body)}/32" }
+
+# See:
+# - https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/bastion_bastion
+# - https://docs.oracle.com/en-us/iaas/api/#/en/bastion/20210331/Bastion/CreateBastion
+resource "oci_bastion_bastion" "bastion" {
+  compartment_id   = var.compartment_id
+  target_subnet_id = oci_core_subnet.subnet.id
+
+  bastion_type                 = "STANDARD" # locked
+  client_cidr_block_allow_list = [local.local_ip_cidr]
+}
+
+resource "oci_bastion_session" "ssh_port_forwarding" {
+  bastion_id = oci_bastion_bastion.bastion.id
+
+  key_details {
+    public_key_content = var.ssh_public_key
+  }
+
+  target_resource_details {
+    session_type         = "PORT_FORWARDING"
+    target_resource_id   = oci_core_instance.instance.id
+    target_resource_port = 22
+  }
+}
+
+####################
+# Instance
+####################
+
+# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_instance
+resource "oci_core_instance" "instance" {
+  compartment_id      = var.compartment_id
+  availability_domain = var.availability_domain
+  shape               = var.shape
+
+  create_vnic_details {
+    subnet_id = oci_core_subnet.subnet.id
+  }
+
+  metadata = {
+    ssh_authorized_keys = var.ssh_authorized_keys
+  }
+
+  shape_config {
+    memory_in_gbs = var.memory_in_gbs
+    ocpus         = var.ocpus
+  }
+
+  source_details {
+    boot_volume_size_in_gbs = var.boot_volume_size_in_gbs
+    source_id               = var.source_id
+    source_type             = var.source_type
+  }
+}

examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/variables.tf

@@ -0,0 +1,67 @@
+####################
+# Oracle Cloud Account
+####################
+
+variable "availability_domain" {
+  type = string
+}
+variable "compartment_id" {
+  type = string
+}
+
+####################
+# Networking
+####################
+
+variable "vcn_cidr_blocks" {
+  type = list(string)
+  default = [
+    "10.0.0.0/16"
+  ]
+}
+variable "subnet_cidr_block" {
+  type    = string
+  default = "10.0.0.0/24"
+}
+
+####################
+# Bastion
+####################
+
+variable "ssh_public_key" {
+  type = string
+}
+
+####################
+# Instance
+####################
+
+variable "shape" {
+  type    = string
+  default = "VM.Standard.A1.Flex"
+}
+
+variable "memory_in_gbs" {
+  type    = number
+  default = 24
+}
+variable "ocpus" {
+  type    = number
+  default = 4
+}
+
+variable "boot_volume_size_in_gbs" {
+  type    = number
+  default = 50
+}
+variable "source_id" {
+  type = string
+}
+variable "source_type" {
+  type    = string
+  default = "image"
+}
+
+variable "ssh_authorized_keys" {
+  type = string
+}