Official documentation: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
Once the credential has been generated, we need the following parameters:
– user: ex: ocid1.user.oc1……
– tenancy: ex: ocid1.tenancy.oc1…..
– region: Sao Paulo, Ausburn, etc
– pem: text file with key, starts with “—–BEGIN RSA PRIVATE KEY—–“
– fingerprint: fingerprint of the key
For IAM: https://console.sa-saopaulo-1.oraclecloud.com/identity/policies
define tenancy usage-report as ocid1.tenancy.oc1..aaaaaaaaned4fkpkisbwjlr56u7cj63lf3wffbilvqknstgtvzub7vhqkggq
Allow group xxxx to read all-resources in tenancy
endorse group xxxx to read objects in tenancy usage-report
(to process the costs it is necessary to maintain the tenancy code above as it is from Oracle itself)
Specific permissions for automations #
Power on/off/upgrade/downgrade instances:
Allow group ReadOnly to manage instance-family in tenancy where any {request.permission='INSTANCE_POWER_ACTIONS', request.permission='INSTANCE_UPDATE'}
Backup:
Allow group ReadOnly to manage volume-family in tenancy where any {request.permission='VOLUME_BACKUP_CREATE', request.permission='VOLUME_WRITE', request.permission='VOLUME_UPDATE', request.permission='VOLUME_BACKUP_DELETE', request.permission='BOOT_VOLUME_BACKUP_CREATE', request.permission='BOOT_VOLUME_BACKUP_DELETE', request.permission='VOLUME_GROUP_BACKUP_CREATE', request.permission='VOLUME_GROUP_BACKUP_DELETE'}
MySQL – Turn on/off:
Allow group ReadOnly to manage mysql-family in tenancy where any {request.permission='MYSQL_INSTANCE_USE', request.permission='MYSQL_BACKUP_CREATE', request.permission='MYSQL_BACKUP_DELETE'}
DbSystems – on/off:
Allow group ReadOnly to manage database-family in tenancy where any {request.permission='DB_NODE_POWER_ACTIONS', request.permission='DB_BACKUP_DELETE', request.permission='DB_BACKUP_CREATE'}
Manage Tags:
Allow group ReadOnly to use tag-namespaces in tenancy