Bastion Access For Minecraft

In the previous post, I did some work in managing Security Lists to protect the Minecraft Server. To read about that, head (here). Another method of connecting to the Minecraft Server is through a Bastion Host. As part of Oracle Cloud Infrastructure, it is free to create a session through the Bastion Service (service limits do apply). Here’s a brief encounter of getting this up and going.

The Client connects to a Session on a Bastion using an SSH Client or SSH Tunnel. The two Sessions connect to an instance and a database in a Private Subnet. The VCN that contains the Private Subnet has a Service Gateway.
From Bastion Overview (here)

Here’s a standard architecture view of the Bastion Service. You can read more about it in the documentation (here). It’s relatively simple and to create this connection there are some steps to take.

  1. Create a set of SSH Keys – Check out the details (here).
  2. Create a Bastion Instance – Check out the details (here).
  3. Create a Bastion Session – Check out the details (here).
  4. Connect a session – Check out the details (here). If you want to do this with Putty, check out this blog by @callanhp (here).

This got a little tedious every time that I wanted to connect up to Minecraft. So, I scripted it. You can find the git repository (here) where I have two scripts – one to create a Bastion Instance and a Bastion Session and create a SSH tunnel to the Minecraft Server; one to delete a Bastion Instance. I do have a couple of pre-requisites.

  1. You’ve installed the OCI Command Line Interface which you can install with the instruction (here).
  2. You’ve installed jq (a lightweight command line JSON processor) which can be installed from (here).
  3. You’ve created a configuration to connect you your tenancy which you can configure with the instructions (here). I’ve also got a script that runs in the OCI Cloud Shell that can be cloned from (here).
  4. The current scripts are built for SSH and executable on Linux (I’ve tested this on Ubuntu on Windows 10).

(Updated) I’ve updated the repository to include both bash scripts and Powershell scripts variations.

If you need any help with these pre-requisites, let me know.

What the outcome is a port 25565 listening on localhost (which is the default for SSH Tunnelling) that can be connected to by your Minecraft Client. This means that 25565 (or even 22) doesn’t have to be open to the internet protecting your Minecraft Server from the outside world.

If this is the first article that you’ve seen about running your own Minecraft Server for free on the Oracle Cloud Always Free Tier, check out these other titles (here) to learn how to get it up and running with either the standard Minecraft Java Edition install or using the Bukkit Spigot version (where you can install or build your own plugins).

If you need an environment to do this, sign-up (here) for the free Oracle Cloud Trial. I’d be interested to hear your experiences and learn from others as well. Leave a comment or contact me at if you want to collaborate.


Author: Jason Lowe

I am passionate about how organisations adopt IT quickly and sustainably to achieve a specific and measurable outcome. This thinking is supported through lean IT practices in operational support and project delivery, and adopting these practices with Oracle technologies by creating sustainable platforms. I'm also interested different perspectives and drivers - from enterprise to start-ups, academia to commercial to public sector, cost-sensitive (risk) to value-driven (reward) - all of which influences decisions that organisations make. I have a passion for community and have been called "a connector" - meeting new people that are trying to solve valuable and hard problems and connecting them with others that can validate and help realise their full potential. I've supported different organisations like TADHack and Hacking Health as a global organiser. I'm is a persistent blogger on and and on LinkedIn - #CommunityMatters #ItTakesAVillage

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: