Allowlist Your IP Address to Security Connect to an OCI Compute Instance

Chris Bensen
Oracle Developers
Published in
3 min readFeb 4, 2022

By Chris Bensen

If you prefer you can read this blog post on GitHub here.

First, some definitions:

A bastion host is the only computer that is a proxy for a secure network.

VPN is a security technology for users to connect to a network securely.

Every time I setup a VM in the cloud with a public IP address, all the security bells go off in my head, as they should. Setting up a bastion or VPN can be such a pain, and seems like overkill. Seriously, who has time for that when you’re building a weekend hack? So, here’s a very simple way to allowlist your public IP address so your computer is the only one that can interact with the VM.

Step 1 — Get an Oracle Free Tier

This requires an Oracle Cloud account. You can get one for free called the Free Tier Account. I’m going to demonstrate how to do this with Oracle Free Tier because, well, it’s free! Free for you, forever and ever. Seriously, it’s a good deal to get a couple hundred gigs of storage in the cloud and some free processors.

Step 2 — Create a Compute Instance

Oracle cloud calls a VM “Compute” so, create one of those using these steps which will give you an “instance”: Create Compute Instance

Step 3 — Get Your Router’s IP Address

From my blog post How do I find my router’s public IP Address from the command line?, open up a local Terminal and run the following command to get your router’s IP address and copy it:

dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com

It will be referred to as <PersonalIPAddress>

Step 4 — Set Up the Security List to Allowlist Your IP Address

Now that you have an instance and your public IP address, follow these steps to allowlist only your computer to access the instance via SSH (port 22).

1. Click the link next to “Subnet” field, this will bring you to the list of Virtual Cloud Networks:

2. Click the VCN:

3. Click on the “Default Security List”:

4. Under “Ingress Rules” you can see SSH (port 22) already has a rule. Click the three dots on the right and choose edit:

NOTE: You can add your own rule by clicking the “Add Ingress Rules” button, but you don’t need to do this since it’s already created.

5. Fill in the “Source CIDR” with your personal IP Address from step 3 above, with a “/32” at the end to limit it to a single machine:

<PersonalIPAddress>/32

For example: 1.2.3.4/32

6. Click “Save Changes.” You’re done.

Step 5 — Test

From a local Terminal, run the following:

NOTE: INSTANCE_IP came from step 2 when creating a Compute:

ssh -i ~/.ssh/oci_id_rsa opc@${INSTANCE_IP}

Note — Free Tier users may experience changes to services included with their account.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Oracle Developers
Oracle Developers

Published in Oracle Developers

Aggregation of articles from Oracle engineers, Groundbreaker Ambassadors, Oracle ACEs, and Java Champions on all things Oracle technology. The views expressed are those of the authors and not necessarily of Oracle.

Chris Bensen
Chris Bensen

Written by Chris Bensen

I make stuff. Creator of the Worlds Largest Raspberry Pi Cluster and Lego Computer.

No responses yet

Write a response