Configuring Oracle Cloud Infrastructure (OCI)
Details on Connecting Your Oracle Cloud Infrastructure Tenants to InsightCloudSec
New Onboarding Process for Connecting Cloud Accounts
The following content is for our legacy onboarding process for connecting a cloud account. Beginning with our 23.4.11 release InsightCloudSec includes a new onboarding workflow - documentation on that workflow is available on the new Oracle Cloud Infrastructure (OCI) - Onboarding.
If you are have issues or need support related to onboarding reach out to your CSM or contact us through the Customer Support Portal with any questions.
After InsightCloudSec is successfully installed, you're ready to start harvesting resources from your target Oracle Cloud Infrastructure (OCI) accounts. This documentation provides details on configuring OCI to "talk" with InsightCloudSec securely. Review the sections below to determine the best starting point for your environment.
- Check out the OCI Supported Services page for a list of supported resources.
- For details on supported resources across the complete InsightCloudSec platform, check out our Resources content, as well as subpages on Resource Terminology and Resource Type Categories.
As with all of our features, if you have questions or concerns reach out to us through the Customer Support Portal.
In OCI, a tenant is the top level construct. It is analogous to a project in GCP or a subscription within Azure. There are several steps that must be taken within the Oracle console to enable InsightCloudSec to get access to a tenant, and this page outlines those steps.
Additional Resources on OCI include:
You must have administrative level privileges to execute these steps. Check out our User Entitlements Matrix for more details on InsightCloudSec permissions and entitlements.
Refer to Oracle's documentation for more details how OCI manages permissions/policies.
The Read-Only policy contains only read permissions for the OCI resources that InsightCloudSec supports. The policy can be obtained from our public S3 bucket. Note: This policy will need to be updated any time InsightCloudSec supports a new OCI service.
Power User Policy
The Power User policy contains various read and manage permissions for the OCI resources that InsightCloudSec supports. The policy can be obtained from our public S3 bucket. Note: This policy will need to be updated any time InsightCloudSec supports a new OCI service.
Connecting a Tenant (Steps in the Oracle Console)
Creating a Group
1. Login to the Oracle console using the tenant you would like to connect to InsightCloudSec.
2. From the main navigation menu icon at the top left (hamburger menu icon), click to expand and select "Identity & Security" and then select "Domains".
3. Select your domain from the list.
4. Select "Groups" from the side navigation and then select "Create group".
- Groups are required because IAM permissions are linked to groups and not individual accounts.
5. Give your group a name (For example: InsightCloudSec) then select "Create".
6. Once created, you will be redirected to the newly-created Group page (shown in the example below).
Creating a User & Adding an API Key
1. Navigate to the main domain page in the console and select your domain.
2. Under the Identity Domain Section, select "Users" and "Create user".
3. Complete the required user as desired and ensure that the group you created earlier is selected, select "Create" when complete.
4. Once created, you will be redirected to the newly-created user's page. From the new user page, select "API keys" and select "Add API key".
5. Select "Download private key" button, and then select "Add".
6. In the Configuration file preview, copy the contents and save them in a safe location. You will need these details to connect your account.
Creating a Policy
1. From the main menu icon at the top left select "Identity & Security" and then select "Policies".
2. Select the "Create Policy" button.
3. Complete the required policy details as desired, and ensure you've enabled "Show manual editor".
- In the "Policy Builder" section, provide one of the policy documents referenced earlier (either the Read-Only Policy or the Power User Policy).
4. Select "Create" to submit the completed form.
Connecting a Tenant (Steps in InsightCloudSec)
1. From your InsightCloudSec platform, navigate to "Cloud --> Clouds" and select "Add a Cloud".
2. Select Oracle from the drop-down menu and complete the form.
3. You will need to provide the credentials obtained/created from the Oracle Console.
- For the "Key Content" you will want to supply the certificate information in the PEM file that you downloaded.
4. Click "Add Cloud" to complete this process when you've filled out the form.
- Refer to Cloud Account Setup for detailed instructions on this process.
- For self-hosted customers check out the Self-Hosted - Getting Started Guide for suggestions on what to do next, or for hosted/SaaS customers check out SaaS/Hosted Customers - Getting Started Guide
Updated about 2 months ago