Configuring Oracle Cloud Infrastructure (OCI)

Details on Connecting Your Oracle Cloud Infrastructure Tenants to InsightCloudSec

🚧

New Onboarding Process for Connecting Cloud Accounts

The following content is for our legacy onboarding process for connecting a cloud account. Beginning with our 23.4.11 release InsightCloudSec includes a new onboarding workflow - documentation on that workflow is available on the new Oracle Cloud Infrastructure (OCI) - Onboarding.

If you are have issues or need support related to onboarding reach out to your CSM or contact us through the Customer Support Portal with any questions.

After InsightCloudSec is successfully installed, you're ready to start harvesting resources from your target Oracle Cloud Infrastructure (OCI) accounts. This documentation provides details on configuring OCI to "talk" with InsightCloudSec securely. Review the sections below to determine the best starting point for your environment.

As with all of our features, if you have questions or concerns reach out to us through the Customer Support Portal.

Prerequisites

In OCI, a tenant is the top level construct. It is analogous to a project in GCP or a subscription within Azure. There are several steps that must be taken within the Oracle console to enable InsightCloudSec to get access to a tenant, and this page outlines those steps.

Additional Resources on OCI include:

Permissions

You must have administrative level privileges to execute these steps. Check out our User Entitlements Matrix for more details on InsightCloudSec permissions and entitlements.

Refer to Oracle's documentation for more details how OCI manages permissions/policies.

Policy Options

Read-Only Policy

The Read-Only policy contains only read permissions for the OCI resources that InsightCloudSec supports. The policy can be obtained from our public S3 bucket. Note: This policy will need to be updated any time InsightCloudSec supports a new OCI service.

Power User Policy

The Power User policy contains various read and manage permissions for the OCI resources that InsightCloudSec supports. The policy can be obtained from our public S3 bucket. Note: This policy will need to be updated any time InsightCloudSec supports a new OCI service.

1428

Oracle Console: Create Policy

Connecting a Tenant (Steps in the Oracle Console)

Creating a Group

1. Login to the Oracle console using the tenant you would like to connect to InsightCloudSec.

2. From the main navigation menu icon at the top left (hamburger menu icon), click to expand and select "Identity & Security" and then select "Domains".

588

Oracle Console: Identity & Security --> Identity --> Domains

3. Select your domain from the list.

911

Oracle Console: Domains

4. Select "Groups" from the side navigation and then select "Create group".
- Groups are required because IAM permissions are linked to groups and not individual accounts.

1004

Oracle Console: Groups

5. Give your group a name (For example: InsightCloudSec) then select "Create".

937

Oracle Console: Create Group

6. Once created, you will be redirected to the newly-created Group page (shown in the example below).

1428

Oracle Console: Domain Overview

Creating a User & Adding an API Key

1. Navigate to the main domain page in the console and select your domain.

2874

Oracle Console: Default Domain page

2. Under the Identity Domain Section, select "Users" and "Create user".

891

Oracle Console: Users --> Create User

3. Complete the required user as desired and ensure that the group you created earlier is selected, select "Create" when complete.

941

Oracle Console: Create User

4. Once created, you will be redirected to the newly-created user's page. From the new user page, select "API keys" and select "Add API key".

1421

Oracle Console: User --> API keys --> Add API key

5. Select "Download private key" button, and then select "Add".

939

Oracle Console: Add API key

6. In the Configuration file preview, copy the contents and save them in a safe location. You will need these details to connect your account.

712

Oracle Console - Sample API Key

Creating a Policy

1. From the main menu icon at the top left select "Identity & Security" and then select "Policies".

586

Oracle Console: Identity & Security --> Identity --> Policies

2. Select the "Create Policy" button.

771

Oracle Console: Policies

3. Complete the required policy details as desired, and ensure you've enabled "Show manual editor".

4. Select "Create" to submit the completed form.

Connecting a Tenant (Steps in InsightCloudSec)

1. From your InsightCloudSec platform, navigate to "Cloud --> Clouds" and select "Add a Cloud".

2. Select Oracle from the drop-down menu and complete the form.

3. You will need to provide the credentials obtained/created from the Oracle Console.

  • For the "Key Content" you will want to supply the certificate information in the PEM file that you downloaded.

4. Click "Add Cloud" to complete this process when you've filled out the form.

5934

InsightCloudSec - Add Cloud Form for OCI