Configuring Oracle Cloud Infrastructure (OCI)
InsightCloudSec includes support for Oracle Cloud Infrastructure (OCI). While initial support for this new Cloud Service Provider will be limited, we expect to rapidly expand the supported features and services for OCI over the course of 2021.
- For a current/working list of support resources, check out the OCI Supported Services page.
- For details on supported resources across the complete InsightCloudSec platform, check out our Resources content, as well as subpages on Resource Terminology and Resource Type Categories.
- Support for OCI includes an OCI specific Insight pack; you can read more about that on the Oracle Cloud Infrastructure (OCI) Compliance Pack page.
As with all of our features, if you have questions or concerns reach out to us through the Customer Support Portal.
Getting Started with OCI
In OCI a tenant is the top level construct. It is analogous to a project in GCP or a subscription within Azure. There are several steps that must be taken within the Oracle console to enable InsightCloudSec to get access to a tenant, and this page will outlines those steps.
Additional Resources on OCI are available as follows:
Permissions
You must have administrative level privileges to execute these steps. Check out our User Entitlements Matrix for more details on InsightCloudSec permissions/entitlements.
Refer to Oracle's documentation for more details how OCI manages permissions/policies.
Connecting a Tenant
Steps to Complete in the Oracle Console
1. Login to the Oracle console.
- Note that you will have to enter in the tenant name that you want to allow InsightCloudSec to access.
2. Click on the menu icon at the top left and scroll down to "Identity > Users".
Oracle Console: Identity --> Users
3. Create a new Group (e.g., InsightCloudSec).
- Groups are required as IAM permissions are linked to groups and not individual accounts.
Oracle Console - Create Group
4. Create a new User account (e.g., InsightCloudSec) by completing the form and clicking "Create".
Oracle Console - Create User Form
5. Click on "Add API Key" to generate an API key that will be used.
- You will need to download the PEM file and copy the information in the pop up. (This information will look similar to the example shown below).
Oracle Console - Sample API Key
6. Associate the user account you have created with the group (e.g., InsightCloudSec) that you created above in Step #3.
7. Create a new policy (e.g., InsightCloudSecAccess).
8. In the Policy Builder section, select "Customized (Advanced)" and insert one of the policy documents provided below (Read-Only and Power User are both available).
- Refer to Oracle's documentation for more details how OCI manages permissions/policies.
- Note: Verify that the group name (e.g.,
group InsightCloudSec) matches whatever group name you selected in Step #3.
Read-Only Policy
Allow group InsightCloudSec to read alarms in tenancy
Allow group InsightCloudSec to read audit-events in tenancy
Allow group InsightCloudSec to read authentication-policies in tenancy
Allow group InsightCloudSec to read autonomous-data-warehouse-family in tenancy
Allow group InsightCloudSec to read autonomous-database-family in tenancy
Allow group InsightCloudSec to read buckets in tenancy
Allow group InsightCloudSec to read cloudevents-rules in tenancy
Allow group InsightCloudSec to read cloud-guard-config in tenancy
Allow group InsightCloudSec to read cloud-guard-problems in tenancy
Allow group InsightCloudSec to read cluster-family in tenancy
Allow group InsightCloudSec to read compartments in tenancy
Allow group InsightCloudSec to read database-family in tenancy
Allow group InsightCloudSec to read dedicated-vm-hosts in tenancy
Allow group InsightCloudSec to read file-systems in tenancy
Allow group InsightCloudSec to read groups in tenancy
Allow group InsightCloudSec to read instance-images in tenancy
Allow group InsightCloudSec to read instances in tenancy
Allow group InsightCloudSec to read keys in tenancy
Allow group InsightCloudSec to read metrics in tenancy
Allow group InsightCloudSec to read mysql-family in tenancy
Allow group InsightCloudSec to read nosql-tables in tenancy
Allow group InsightCloudSec to read ons-family in tenancy
Allow group InsightCloudSec to read policies in tenancy
Allow group InsightCloudSec to read secrets in tenancy
Allow group InsightCloudSec to read tag-defaults in tenancy
Allow group InsightCloudSec to read tenancies in tenancy
Allow group InsightCloudSec to read users in tenancy
Allow group InsightCloudSec to read vaults in tenancy
Allow group InsightCloudSec to use virtual-network-family in tenancy
Allow group InsightCloudSec to read volume-attachments in tenancy
Allow group InsightCloudSec to read volume-family in tenancy
Power User Policy
Allow group InsightCloudSec to read alarms in tenancy
Allow group InsightCloudSec to read audit-events in tenancy
Allow group InsightCloudSec to read authentication-policies in tenancy
Allow group InsightCloudSec to read autonomous-data-warehouse-family in tenancy
Allow group InsightCloudSec to read autonomous-database-family in tenancy
Allow group InsightCloudSec to manage buckets in tenancy
Allow group InsightCloudSec to read cloudevents-rules in tenancy
Allow group InsightCloudSec to read cloud-guard-config in tenancy
Allow group InsightCloudSec to read cloud-guard-problems in tenancy
Allow group InsightCloudSec to read cluster-family in tenancy
Allow group InsightCloudSec to read compartments in tenancy
Allow group InsightCloudSec to manage database-family in tenancy
Allow group InsightCloudSec to read dedicated-vm-hosts in tenancy
Allow group InsightCloudSec to manage file-systems in tenancy
Allow group InsightCloudSec to read groups in tenancy
Allow group InsightCloudSec to read instance-images in tenancy
Allow group InsightCloudSec to manage instances in tenancy
Allow group InsightCloudSec to read keys in tenancy
Allow group InsightCloudSec to read metrics in tenancy
Allow group InsightCloudSec to read mysql-family in tenancy
Allow group InsightCloudSec to read nosql-tables in tenancy
Allow group InsightCloudSec to read ons-family in tenancy
Allow group InsightCloudSec to read policies in tenancy
Allow group InsightCloudSec to read secrets in tenancy
Allow group InsightCloudSec to read tag-defaults in tenancy
Allow group InsightCloudSec to read tenancies in tenancy
Allow group InsightCloudSec to manage users in tenancy
Allow group InsightCloudSec to read vaults in tenancy
Allow group InsightCloudSec to manage virtual-network-family in tenancy
Allow group InsightCloudSec to read volume-attachments in tenancy
Allow group InsightCloudSec to manage volume-family in tenancy
Oracle Console - Create Policy
Steps to Complete in InsightCloudSec
1. From your InsightCloudSec platform, navigate to "Cloud --> Clouds" and select "Add a Cloud".
2. Select Oracle from the drop-down menu and complete the form.
3. You will need to provide the credentials obtained/created in Step #5 of the process in the Oracle console.
- For the "Key Content" you will want to supply the certificate information in the PEM file that you downloaded.
4. Click "Add Cloud" to complete this process when you've filled out the form.
- Refer to Cloud Account Setup for detailed instructions on this process.
- For self-hosted customers check out the Self-Hosted - Getting Started Guide for suggestions on what to do next, or for hosted/SaaS customers check out SaaS/Hosted Customers - Getting Started Guide
InsightCloudSec - Add a Cloud
Updated 6 months ago