(Oracle Cloud Infrastructure) Identity and Access Management(IAM) Policy Management

Details of API Security policy to use SpaceONE plugin

IAM Policy

SpaceONE highly recommends to set appropriate permissions to access your cloud resources for each purpose.

Please, Set service account, To Create API for each use case

• General Collector

General Collector

Collector requires appropriate authorities to collect cloud resources. We strongly recommend to limit collector's service account its permission to read only access.

Otherwise, you can add more restrictions per resources or actions. One of the useful example is to restrict its rights within region.

STEP 1. Log in Oracle Cloud Infrastructure Console > Identity

Go to Identity > Users and Click CREATE USER

STEP 2. Set IAM User details

Click IAM Userand Enter User name and Description

STEP 3. Set API Keys to IAM User

Go to Identity > Users > User > Details > API Keys. Click Add API Key and add or Generate API Key.

STEP 4. Create Group for IAM User

Go to Identity > Groups and Click Create Group Button. Enter Name and Description.

STEP 5. Add IAM User to Group

Go to Group that you made and Click Add User to Group Button and add IAM User.

STEP 6. Set Policies to Group

Go to Identity > Policies and Click Create Policy Button.

Enter Name and Description and Policies by manually.

Entering statements directly in the text box, ensure that you follow the Policy Syntax rules.

When using General Collector, the following two policies are required:

Allow group {group_name} to inspect compartments in tenancy
Allow group {group_name} to inspect tenancies in tenancy