Connect to Oracle Cloud Infrastructure GoldenGate using a private IP
Overview
OCI GoldenGate is only accessible using a private endpoint from within the OCI network, or through a bastion host that secures access to OCI resources. While this quickstart example uses OCI Bastion, it is possible for you to use your own bastion. This quickstart includes both options, so you can choose the one that works best for you.
Description of the illustration qs-bastion.png
Before you begin
You must have the following in order to proceed:
- A free trial or paid Oracle Cloud Infrastructure account
- Access to OCI GoldenGate
- An OCI GoldenGate deployment in a private subnet and without a public endpoint
- For OCI Bastion:
- Access to the service
- Access to OCI Bastion or your own bastion on OCI Compute
- For your own bastion on OCI Compute:
- Access to OCI Compute
- Public and private subnets configured in each availability
domain
Note:
Oracle recommends creating a separate public subnet solely for bastion hosts to ensure that the appropriate security list is assigned to the correct host.
Option A: Use OCI Bastion
Note:
For US Government Cloud with FedRAMP Authorization, you must use Option B. The OCI Bastion service is not currently available in these regions.- Create a bastion. Ensure that
you:
- Use the same VCN as the target OCI GoldenGate deployment and
subnet.
Note:
The subnet can be the same as the OCI GoldenGate deployment or one that has access to the OCI GoldenGate subnet. - Include the IP addresses of the machines used to connect to OCI Bastion in the CIDR Block Allowlist.
- Use the same VCN as the target OCI GoldenGate deployment and
subnet.
- Create a SSH port forwarding
session.
- For IP Address, enter the OCI GoldenGate deployment's private IP. You can find the private IP on the deployment's Details page.
- For Port, enter
443
. - Under Add SSH Key, provide the public key file of the SSH key pair to use for the session.
- After the session is created, from the session's Actions (three dots) menu, select Copy SSH Command.
- Paste the command into a text editor, and then replace the
<privateKey>
and<localPort>
placeholders with the path to the private key and port 443. - Run the command using the command line interface to create the tunnel.
- Open a web browser and go to
https://localhost
.
Note:
- Ensure that you add an Ingress rule for the Bastion host in Private Subnet's security list. Learn more.
- If you encounter the following error message,
{"error":"invalid_redirect_uri","error_description":"Client xxdeploymentgoldengateusphoenix1ocioraclecloudcom_APPID requested an invalid redirect URL: https://localhost/services/adminsrvr/v2/authorization. ECID: cvSDu0r7B20000000"}
then you must add an entry in your client machine hosts file to map 127.0.0.1 to your deployment FQDN. For example:
127.0.0.1 xx.deployment.goldengate.us-phoenix-1.oci.oraclecloud.com
Connect to Oracle Cloud Infrastructure GoldenGate using a private IP
Copyright © 2022, Oracle and/or its affiliates.
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.