Advantages and Steps to Enabling the Security Zone Feature in OCI

Use Only Configurations Approved by Oracle

Resources in a security zone must use only configurations and templates approved by Oracle.

Enabling Security Zone

Required IAM Policy

To work with Security Zones, an administrator must grant you access to an IAM policy.

For example, the following IAM policy allows users in the group SecurityAdmins to manage security zones in the entire tenancy.

Allow group Security Admins to manage security-zone in tenancy

Creating a Security Zone

Create a security zone by using the Console.

All security zones are assigned the Maximum Security Recipe.

• Open the navigation menu and click Identity & Security. Under Security Zones, click Overview.
• Click Create Security Zone.
• Enter a name and description for the security zone.

Oracle Cloud creates a compartment with the same name and assigns it to this security zone.

• For Create in Compartment, navigate to the compartment that you want to create the new compartment in.
• Click Create Security Zone.

Viewing the Policies for a Security Zone

Identify the recipe for an existing security zone, and then view its policies.

Open the navigation menu and click Identity & Security. Under Security Zones, click Overview.

Click the name of the security zone.

Click the recipe for the security zone. Creating a Security Zone.

Create a security zone by using the Console.

Identify the recipe for an existing security zone, and then view its policies.

Deleting a Security Zone

Delete a security zone by using the Console.

To delete a security zone, you delete the compartment that's associated with the security zone.

Before you can delete a compartment, it must be empty of all resources. Ensure that all the compartment's resources have been moved, deleted, or terminated, including any policies attached to the compartment.

Locate the compartment whose name is the same as the security zone.

Click the Actions icon (three dots) for this compartment, and then click Delete Compartment.

At the prompt, click OK.

Conclusion

In this blog, you have been introduced to the Security Zone feature that is available in the Oracle Cloud. We created the necessary IAM groups and policies to work with it.

When you create and update resources in a security zone, Oracle Cloud Infrastructure validates these operations against the list of policies defined in the security zone recipe. If any security zone policy is violated, then the operation is denied.

To learn more or for a demo of the Security Zone Feature in OCI, schedule a meeting with an Astute team member.

References