IAM (Infrastructure Identity and Access Management), as the name suggests it is used to control an access to cloud resources. Which real user should have access to which compartment , network or tenancy and which type of access they should have is decided by configuring IAM.
There are different components which helps you configure IAM policies in your oracle cloud infrastructure.
Resources : Each cloud objects we have seen in previous posts , either it be instance, route table, VCN(virtual cloud instance) or compute instances are cloud resources and are manageable by IAM policies.
User : To access the resources of your company’s Oracle Cloud Infrastructure each user or we can say an employee of your company should have IAM credential which is created by cloud administrator. A cloud administrator needs to create a user with username and initial password, which needs to be deliver securely with user.After receiving IAM credential a user can access cloud resources such as compute , network , route tables , according to the privileges given by administrator.
Note : This users are real users which have IAM credentials. End users of your applications are not IAM users.
Group : Group holds users which needs similar type of access to similar type of resources. You can write policies to define which resources can be accessed by users of particular group. Every group has unique oracle cloud id assigned to it and group name must be unique within your tenancy in oracle cloud infrastructure.You can add or remove users from the group .
For example : You can create a separate group for users who wants to access network compartment where they can access route tables , security rules and you can create another group where users can create compute instances in application compartment.
Dynamic Group : It is a special provision of oracle where you can group compute instances which will act as principal actors and according to the policy you define how they can work. Mainly dynamic groups are created to manage what the instances in the group can access through API’s.
It is dynamic group as instances can be added or terminated. Instead of adding all instances one by one you can even write matching rule to add the instances in dynamic group.
For example : You can add all instances of specific compartment into the dynamic group.
Indeed ,it is an interesting topic we will deep dive into it in coming post.
Network Sources : Specific group of IP addresses which are allowed to access resources in your tenancy. IP addressess would be from the VCNs assigned list or it can be public IP addresses. Once you define network source in IAM , you can define IAM policies to restrict access to oracle cloud resources.
Compartment : We can say compartment is separator or organizer which separates resources according to the usage . Your all other resources resides in a compartment. You can always create a separate compartment for different project. And while creating a resource in oracle cloud you can define a compartment. A root compartment gets created when you set up a tenancy.
Policy : List of rules which defines who can access which resources. This will have one oracle cloud identifier assigned to it.
Home Region : As it’s name implies , the region where your IAM resources reside. It can be available globally across all regions but the changes should be made in home region only.
Federation : A relationship that an administrator configures between an identity provider and a service provider.Oracle Cloud Infrastructure tenancies are federated with Oracle Identity Cloud Service by default
Thank you for giving your valuable time to read the above information.
If you want to be updated with all our articles send us the Invitation or Follow us:
Telegram Channel: https://t.me/helporacle
Skant Gupta’s LinkedIn: www.linkedin.com/in/skantali/
Joel Perez’s LinkedIn: Joel Perez’s Profile
LinkedIn Group: Oracle Cloud DBAAS
Facebook Page: OracleHelp