Oracle Developers
Published in

Oracle Developers

Allowlist Your IP Address to Security Connect to an OCI Compute Instance

By Chris Bensen

If you prefer you can read this blog post on GitHub here.

First, some definitions:

A bastion host is the only computer that is a proxy for a secure network.

VPN is a security technology for users to connect to a network securely.

Every time I setup a VM in the cloud with a public IP address, all the security bells go off in my head, as they should. Setting up a bastion or VPN can be such a pain, and seems like overkill. Seriously, who has time for that when you’re building a weekend hack? So, here’s a very simple way to allowlist your public IP address so your computer is the only one that can interact with the VM.

Step 1 — Get an Oracle Free Tier

This requires an Oracle Cloud account. You can get one for free called the Free Tier Account. I’m going to demonstrate how to do this with Oracle Free Tier because, well, it’s free! Free for you, forever and ever. Seriously, it’s a good deal to get a couple hundred gigs of storage in the cloud and some free processors.

Step 2 — Create a Compute Instance

Oracle cloud calls a VM “Compute” so, create one of those using these steps which will give you an “instance”: Create Compute Instance

Step 3 — Get Your Router’s IP Address

From my blog post How do I find my router’s public IP Address from the command line?, open up a local Terminal and run the following command to get your router’s IP address and copy it:

dig -4 TXT +short

It will be referred to as <PersonalIPAddress>

Step 4 — Set Up the Security List to Allowlist Your IP Address

Now that you have an instance and your public IP address, follow these steps to allowlist only your computer to access the instance via SSH (port 22).

1. Click the link next to “Subnet” field, this will bring you to the list of Virtual Cloud Networks:

2. Click the VCN:

3. Click on the “Default Security List”:

4. Under “Ingress Rules” you can see SSH (port 22) already has a rule. Click the three dots on the right and choose edit:

NOTE: You can add your own rule by clicking the “Add Ingress Rules” button, but you don’t need to do this since it’s already created.

5. Fill in the “Source CIDR” with your personal IP Address from step 3 above, with a “/32” at the end to limit it to a single machine:


For example:

6. Click “Save Changes.” You’re done.

Step 5 — Test

From a local Terminal, run the following:

NOTE: INSTANCE_IP came from step 2 when creating a Compute:

ssh -i ~/.ssh/oci_id_rsa opc@${INSTANCE_IP}

Note — Free Tier users may experience changes to services included with their account.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store