This topic describes compartment quotas for Oracle Cloud Infrastructure.
Compartment quotas give tenant and compartment administrators better control over how resources are consumed in Oracle Cloud Infrastructure, enabling administrators to easily allocate resources to compartments using the Console. Along with compartment budgets, compartment quotas create a powerful toolset to manage your spending in Oracle Cloud Infrastructure tenancies.
You can start using compartment quotas from any compartment detail page in the Console.
About Compartment Quotas
Compartment quotas are similar to Service Limits; the biggest difference is that service limits are set by Oracle, and compartment quotas are set by administrators, using policies that allow them to allocate resources with a high level of flexibility.
Compartment quotas are set using policy statements written in a simple declarative language that is similar to the IAM policy language.
There are three types of quota policy statements:
set - sets the maximum number of a cloud resource that can be used for a compartment
unset - resets quotas back to the default service limits
zero - removes access to a cloud resource for a compartment
The quota policy statements look like this:
The language components for a quota policy statement are:
The action keyword, which corresponds to the type of quota being defined. This can be set, unset, or zero.
The name of the service family; for example: compute.
The quota or quotas keyword
The name of the quota, which varies by service family. For example, a valid quota in the compute family is vm-standard2-16-count.
You can also use wildcards to specify a range of names. For example, "/vm-*/" matches all Compute shapes that start with the letters "vm".
For set statements, the value of the quota.
The compartment that the quota covers.
An optional condition. For example where request.region = 'us-phoenix-1'. Currently supported conditionals are request.region and request.ad.
Authentication and Authorization
Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).
An administrator in your organization needs to set up groups , compartments , and policies that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, launch instances, create buckets, download objects, etc. For more information, see Getting Started with Policies. For specific details about writing policies for each of the different services, see Policy Reference.
If you’re a regular user (not an administrator) who needs to use the Oracle Cloud Infrastructure resources that your company owns, contact your administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you should be using.
Compartment quotas can be set on the root compartment. An administrator (who must be able to manage quotas on the root compartment) can set quotas on their own compartments and any child compartments. Quotas set on a parent compartment override quotas set on child compartments. This way, an administrator of a parent compartment can create a quota on a child compartment that cannot be overridden by the child.
Quotas can have different scopes, and work at the availability domain, the region, or globally.
There are a few important things to understand about scope when working with compartment quotas:
When setting a quota at the availability domain (AD) level, the quota is allocated to each AD. So, for example, setting a quota of 2 X7 VMs on a compartment actually sets a limit of 2 VMs per AD. To target a specific AD, use the request.ad parameter in the where clause.
Regional quotas apply to each region. For example, if a quota of 10 functions is set on a compartment, 10 functions will be allocated per region. To target a specific region, use the request.region parameter in the where clause.
Usage for sub-compartments counts towards usage for the main compartment.
Number of Always FreeAutonomous Databases. Tenancies can have a total of two Always FreeAutonomous Databases, and these resources must be provisioned in the home region. For each database, you can choose the workload type (Autonomous Transaction Processing or Autonomous Data Warehouse).
Amount of storage (in TB) for Autonomous Data Warehouse databases using shared Exadata infrastructure.
Number of Autonomous Data Warehouse OCPUs for databases using dedicated Exadata infrastructure. (See note about "n/a" values on the Limits, Quotas and Usage page of the Console.)
Amount of storage (in TB) for Autonomous Transaction Processing databases using dedicated Exadata infrastructure. (See note about "n/a" values on the Limits, Quotas and Usage page of the Console.)
Number of Autonomous Transaction Processing OCPUs for databases using shared Exadata infrastructure.
Amount of storage (in TB) for Autonomous Transaction Processing databases using shared Exadata infrastructure.
Number of BM.DenseIO1.36 DB systems
Number of BM.DenseIO2.52 DB systems
Number of Exadata.Base.48 DB systems
Number of Exadata.Full1.336 - X6 DB systems
Number of Exadata.Full2.368 - X7 DB systems and Autonomous Exadata Infrastructure
Number of Exadata.Half1.168 - X6 DB systems
Number of Exadata.Half2.184 - X7 DB systems and Autonomous Exadata Infrastructure
Number of Exadata.Quarter1.84 - X6 DB systems
Number of Exadata.Quarter2.92 - X7
DB systems and Autonomous Exadata Infrastructure
Total size of block storage attachments across all virtual machine DB systems, in GB
Number of VM.Standard1.x OCPUs
Number of VM.Standard2.x OCPUs
When viewing the Limits, Quotas and Usage page of the Console, you will see the value "n/a" in the Service Limit column for storage and OCPU resources related to Autonomous Transaction Processing and Autonomous Data Warehouse with dedicated Exadata infrastructure. You may also see this value in the Available column for these resources. This is because limits for these resources are based on the capacity of your provisioned Exadata hardware, and are not service limits controlled by Oracle Cloud Infrastructure. If you define compartment quota policies for either of these resources, the Available column will display a value for the amount that is available to be allocated, based on your existing usage in the Exadata hardward.
The following example shows how to limit the number of Autonomous Data Warehouse resources in a compartment:
#Limits the Autonomous Data Warehouse CPU core count to 2 in the MyCompartment compartment
set database quota adw-ocpu-count to 2 in compartment MyCompartment
This example shows how to set a quota for OCPU cores in an Autonomous Data Warehouse with dedicated Exadata infrastructure:
#Limits the number of Autonomous Data Warehouse dedicated Exadata infrastructure OCPUs to 20 in the MyCompartment compartment
set database quota adw-dedicated-ocpu-count to 20 in compartment MyCompartment
This example shows how to set a quota for Autonomous Exadata Infrastructure quarter rack resources in a compartment:
#Limits the usage of Exadata.Quarter2.92 X7 shapes to 1 in the MyCompartment compartment
set database quota exadata-quarter2-92-x7-count to 1 in compartment MyCompartment
To limit the number of virtual machine DB systems in a compartment, you must set a quota for the number of CPU cores and a separate quota for the block storage:
#Sets a quota for virtual machine Standard Edition OCPUs to 2 in the MyCompartment compartment
set database quota vm-standard1-ocpu-count to 2 in compartment MyCompartment
#Sets the virtual machine DB system block storage quota to 1024 GB in the same compartment
set database quota vm-block-storage-gb to 1024 in compartment MyCompartment
The following example shows how to prevent the usage of all database resources in the tenancy except for two Exadata full rack X7 resources in a specified compartment:
zero database quotas in tenancy
set database quota exadata-full2-368-x7-count to 2 in compartment MyCompartment
This example of nested quotas shows how to distribute limits for a resource type in a compartment among its subcompartments:
#Allows usage of 3 Autonomous Data Warehouse OCPUs in parent compartment Compartment1
set database quota adw-ocpu-count to 3 in compartment Compartment1
#Allows usage of 1 Autonomous Data Warehouse OCPU in child compartment Compartment1.1
set database quota adw-ocpu-count to 1 in compartment Compartment1.1
#Allows usage of 2 Autonomous Data Warehouse OCPUs in child compartment Compartment1.2
set database quota adw-ocpu-count to 2 in compartment Compartment1.2
Number of traffic management steering policy attachments
zero dns quotas in compartment MyCompartment
zero dns quota global-zone-count in compartment MyCompartment zero dns quota steering-policy-count in compartment MyCompartment
zero dns quota steering-policy-attachment-count in compartment MyCompartment