Cloud8

Search
Close this search box.

Credential for OCI (Oracle Cloud)

Official documentation:   https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm

Once the credential has been generated, we need the following parameters:

– user: ex: ocid1.user.oc1……
– tenancy: ex: ocid1.tenancy.oc1…..
– region: Sao Paulo, Ausburn, etc
– pem: text file with key, starts with “—–BEGIN RSA PRIVATE KEY—–“
– fingerprint: fingerprint of the key

For IAM:  https://console.sa-saopaulo-1.oraclecloud.com/identity/policies

define tenancy usage-report as ocid1.tenancy.oc1..aaaaaaaaned4fkpkisbwjlr56u7cj63lf3wffbilvqknstgtvzub7vhqkggq
Allow group xxxx to read all-resources in tenancy
endorse group xxxx to read objects in tenancy usage-report

(to process the costs it is necessary to maintain the tenancy code above  as it is from Oracle itself)

Specific permissions for automations #

Power on/off/upgrade/downgrade instances:

Allow group ReadOnly to manage instance-family in tenancy where any {request.permission='INSTANCE_POWER_ACTIONS', request.permission='INSTANCE_UPDATE'}

Backup:

Allow group ReadOnly to manage volume-family in tenancy where any {request.permission='VOLUME_BACKUP_CREATE', request.permission='VOLUME_WRITE', request.permission='VOLUME_UPDATE', request.permission='VOLUME_BACKUP_DELETE', request.permission='BOOT_VOLUME_BACKUP_CREATE', request.permission='BOOT_VOLUME_BACKUP_DELETE', request.permission='VOLUME_GROUP_BACKUP_CREATE', request.permission='VOLUME_GROUP_BACKUP_DELETE'}

MySQL – Turn on/off:

Allow group ReadOnly to manage mysql-family in tenancy where any {request.permission='MYSQL_INSTANCE_USE', request.permission='MYSQL_BACKUP_CREATE', request.permission='MYSQL_BACKUP_DELETE'}

DbSystems – on/off:

Allow group ReadOnly to manage database-family in tenancy where any {request.permission='DB_NODE_POWER_ACTIONS', request.permission='DB_BACKUP_DELETE', request.permission='DB_BACKUP_CREATE'}

Manage Tags:

Allow group ReadOnly to use tag-namespaces in tenancy