Use the link above to run this extension by adding the updated configuration
| NAME | OCVS Foundation set-up |
| OBJECTIVE | Provision Identity and Network |
| TARGET RESOURCES | - Security: Compartments, Groups, Policies - Network: Spoke VCNs, Route tables, Security Lists |
| PREREQUISITES | The One-OE Blueprint deployed as a foundation. |
| CONFIGURATION FILES | - identity.auto.tfvars.json - network.auto.tfvars.json |
| DEPLOYMENT | Use Oracle Resource Manager (ORM) or Terraform CLI. |
For configuring and running the OneOE Landing Zone OCVS extension Identity Layer use the following JSON file: identity.auto.tfvars.json You can customize this configuration to fit your exact OCI IAM topology.
This configuration file covers three categories of resources described in the next sections.
This configuration file requires changes to reference the OCIDs of the OneOE Landing Zone resources which were deployed in OneOE LZ set-up. Search for the values indicated below and replace with the correct OCIDs:
| Resource | OCID Text to Replace | Description |
|---|---|---|
| Prod Platform Compartment | <OCID-COMPARTMENT-PROD-PLATFORM> | The prod platform compartment OCID |
The diagram below identifies the compartments in the scope of this operation.
The OCVS extension provisions 3 compartments. Parent OCVS platform compartment is created as an example in the platform compartment inside the production environment. The other 2 compartments LB and SDDC are created as nested children in the OCVS comparmetn.
OneOE Landing Zones defines multiple instances of platform compartment. Platform comparment is created for each environement, and one shared platform for resources spanning multiple environments.
Using this extension requires choosing the right platform for the use cases. Extension can be modified to provision multiple instances of the delpoyment. For customizations see the full compartment resource documentation.
As part of the deployment the following groups are created in the Default Identity Domain:
| Group | Description |
|---|---|
| grp-p-platform-ocvs-admins | Members of the group are able to administer OCVS and accompained services |
For customizations see the full group resoruce documentation
As part of the deploymnet the following policies are created:
| Policy | Description | Manage resources | Use resources | Inspect resources |
|---|---|---|---|---|
| pcy-p-platform-ocvs-admins | Grants group pcy-p-platform-ocvs-admins perminssions. | OCVS, Compute instances, VCN | NSG, Subnets, VNICs, IPs, VLANs | Security Lists |
Policies contain compartment paths. The paths can change based on the modification in the previous Compartments section. The paths need to be updated following the OCI Policies and Compartment hierarchy.
For customizations see the full policy resource documentation
For configuring and running the OneOE LZ OCVS extension Network layer use the following JSON file: network.auto.tfvars.json
This configuration file will require changes to the resources to reference the OCIDs of the OneOE Landing Zone. Search for the values indicated below and replace with the correct OCIDs:
| Resource | OCID Text to Replace | Description |
|---|---|---|
| Prod Network Compartment | <OCID-COMPARTMENT-PROD-NETWORK> | The OCID of the Prod Network Compartment deployed in One-OE LZ |
| Hub DRG | <OCID-DRG-HUB> | The OCID of the DRG in Hub deployed in step One-OE |
| Hub DRG Route Table | <OCID-DRG-HUB-ROUTE-TABLE> | The OCID of Route table in DRG |
This configuration covers the following networking diagram.
For customization of the pre-defined setup please refer to the Networking documentation for documentation and examples.
The network layer covers the following resources:
- Spoke VCN - one Spoke VCN for OCVS platform
- Subnets - one Subnet for Load Balancers
- Gateway - Service Gateway to access OCI services
- Security List - Security list for Load Balancers allowing all ingress/egress
- Route Tables - One for Service Gateway, and a default route for routing all trafic through the central hub
- DRG Attachment - Connect spoke with the central Hub
Use the link above to deploy using Oracle Resource Manager (ORM) or use Terraform CLI
You can now proceed with Step 2.
Copyright (c) 2025 Oracle and/or its affiliates.
Licensed under the Universal Permissive License (UPL), Version 1.0.
See LICENSE for more details.