Explore switching to bastion service
hyder opened this issue · 1 comments
hyder commented
The bastion service is now GA: https://blogs.oracle.com/cloudsecurity/post/secure-access-with-oci-bastion
Explore the bastion module to the bastion service:
- Document changes in policy required
- What happens when the session expires and a timeout happens or there's a subsequent run of terraform apply?
- Provide configuration option to use bastion service or use a compute instead. Use conditional module?
- Impact on downstream projects such as OKE especially when they use null_resource
hyder commented
This can be done in downstream modules. We'll keep using bastion host for IaC purposes