Recipe for creating a secure connection between sqlDeveloper in our local machine and an Oracle Cloud Infra DB System created in a private subnet of a Virtual Cloud Network network not opened to internet
Steps
- Create a Virtual cloud network (VCN) with, at least 2 subnets, one public and the other private
- Create a bastion host VM in the public subnet
- Create an internet gateway in the VCN
- Create a route for the public subnet so that the traffic to 0.0.0.0/0 goes through the internet gateway (no other routes are needed, routing between both subnets is enabled by default in the VCN)
- Create a new DB System in the private subnet and grab the private IP of the database system node
- Create a compute VM with public IP exposed
- In your remote client machine open a ssh tunnel this way:
ssh -i privatekeyfile -N -L localhost:1521:dbnodeprivateip:1521 opc@jumpboxpublicip
- Grab the database connection details
- Create a connection in sqlDeveloper
- Test the connection
Hope it helps! 🙂
Hi Jav,Whenever I need to access OCI DB in private subnet through sql developer I need to create the tunneling right ?
SSH tunneling command you mentioned (ssh -i privatekeyfile -N -L localhost:1521:dbnodeprivateip:1521 opc@jumpboxpublicip ) where do I need to execute that ?Do I need to run this bastion compute VM (Bastion Jumpbox)?
LikeLike
Hi Jav,Whenever I need to access OCI DB in private subnet through sql developer I need to create the tunneling right ?
SSH tunneling command you mentioned (ssh -i privatekeyfile -N -L localhost:1521:dbnodeprivateip:1521 opc@jumpboxpublicip ) where do I need to execute that ?Do I need to run this bastion compute VM (Bastion Jumpbox)?
LikeLike
Hi, I’ve updated the post with more instructions. You need to create a VCN with one public and one private subnets, then create the dbsystem in the private and a bastion vm machine in the public.
LikeLike