Prerequisites for Oracle Platform Services on Oracle Cloud Infrastructure
This topic describes procedures that are required by some Oracle Platform Services before you can launch them on Oracle Cloud Infrastructure. The information in this topic applies only to the following services:
-
Oracle Database Cloud Service
-
Oracle Data Hub Cloud Service
-
Oracle Event Hub Cloud Service
-
Oracle Java Cloud Service
-
Oracle SOA Cloud Service
For a list of all services supported on Oracle Cloud Infrastructure, see Information About Supported Platform Services.
Accessing Oracle Cloud Infrastructure
Oracle Cloud Infrastructure has a different interface and credential set than your Oracle Platform Services.
You can access Oracle Cloud Infrastructure (OCI) by using the Console (a browser-based interface), REST API, or OCI CLI. Instructions for using the Console, API, and CLI are included in topics throughout this documentation. For a list of available SDKs, see Software Development Kits and Command Line Interface.
To access the Console, you must use a supported browser. To go to the Console sign-in page, open the navigation menu at the top of this page and select Infrastructure Console. You are prompted to enter your cloud tenant, your user name, and your password.
Required Identity and Access Management (IAM) Policy
To use Oracle Cloud Infrastructure, an administrator must be a member of a group granted security access in a policy by a tenancy administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don't have permission or are unauthorized, verify with the tenancy administrator what type of access you have and which compartment your access works in.
See Common Policies for more information and examples.
Resources Created in Your Tenancy by Oracle
Oracle creates a compartment in your tenancy for Oracle Platform Services. This compartment is specially configured by Oracle for the Oracle Cloud Infrastructure resources that you create through the Platform Services. You can't choose another compartment for Oracle to use.
Along with this compartment, Oracle creates the IAM policies to allow Oracle Platform Services access to the resources.
The compartment that Oracle creates for Oracle Platform Services is named: ManagedCompartmentForPaaS.
The polices that Oracle creates for Oracle Platform Services are:
-
PSM-root-policyThis policy is attached to the root compartment of your tenancy.
-
PSM-mgd-comp-policyThis policy is attached to the
ManagedCompartmentForPaaScompartment.
Do not make any changes to these resources. Editing or renaming the policies or the compartment can result in loss of functionality.
Prerequisites for Oracle Platform Services
Before you can create instances of an Oracle Platform Service on Oracle Cloud Infrastructure, you need to have the following resources in your Oracle Cloud Infrastructure tenancy:
- A compartment for your resources
- A virtual cloud network (VCN) with at least one public subnet
- IAM policies to allow Oracle Platform Services to access the VCN
- An Object Storage bucket
- Credentials to use with Object Storage
Some of the Platform Services automatically create some of these resources for you. See details about your service in the following sections.
Setting Up the Prerequisites
To use Autonomous Data Warehouse Cloud, you don't need to set up any of the resources listed in this prerequisites section. However, if you optionally choose to use Oracle Cloud Infrastructure Object Storage for data loading, you need to perform these two tasks:
Following are two scenarios with procedure sets. If you need to set up all the required resources, follow Scenario 1. If you already have a VCN in your Oracle Cloud Infrastructure tenancy that you want to use for Oracle Platform Services, follow Scenario 2.
To follow a tutorial on how to set up the prerequisites for Scenario 1, see Creating the Infrastructure Resources Required for Oracle Platform Services.
Scenario 1: I need to create all the prerequisite resources
Use this procedure if you don't have any resources set up in OCI.
You cannot use the
ManagedCompartmentForPaaS for your VCN and bucket. - Open the navigation menu and select Identity & Security. Under Identity, select Compartments.
A list of the existing compartments in your tenancy is displayed.
- Click Create Compartment.
- Enter the following:
- Name: For example, PaaSResources. Restrictions for compartment names are: Maximum 100 characters, including letters, numbers, periods, hyphens, and underscores. The name must be unique across all the compartments in your tenancy. Avoid entering confidential information.
- Description: A friendly description.
- Click Create Compartment.
This procedure creates a VCN with these characteristics:
- A VCN with the CIDR of your choice (example: 10.0.0.0/16).
- A regional public subnet with access to the VCN's internet gateway. You can choose the subnet's CIDR (example: 10.0.0.0/24).
- A regional private subnet with access to the VCN's NAT gateway and service gateway (and therefore the Oracle Services Network). You can choose the subnet's CIDR (example: 10.0.1.0/24).
- Use of the Internet and VCN Resolver for DNS, so your instances can use their hostnames instead of their private IP addresses to communicate with each other.
The following VCN quickstart procedure is useful for getting started and trying out Oracle Platform Services on Oracle Cloud Infrastructure. For production, use the procedure in VCNs and Subnets. That topic explains features such as how to specify the CIDR ranges for your VCN and subnets, and how to secure your network. When you use the advanced procedure in that topic, remember that the VCN that you create must have a public subnet for Oracle Platform Services to use.
-
Open the Region menu and select the region in which you want to create the Oracle PaaS service instance.
Select a region that's within the default data region of your account. For example, if your default data region is EMEA, then select Germany Central (Frankfurt) or UK South (London).
- From the Compartment list, select the compartment you created.
- Open the navigation menu , select Networking, and then select Virtual cloud networks.
- Click Networking Quickstart.
- Select VCN with Internet Connectivity, and then click Start Workflow.
- Enter the following:
- VCN Name: Enter a name for your cloud network, for example, <your_initials>_Network. The name is incorporated into the names of all the related resources that are automatically created. Avoid entering confidential information.
- Compartment: Leave the default value (the compartment you're currently working in). All the resources will be created in this compartment.
- VCN CIDR Block: Enter a valid CIDR block for the VCN. For example 10.0.0.0/16.
- Public Subnet CIDR Block: Enter a valid CIDR block for the subnet. The value must be within the VCN's CIDR block. For example: 10.0.0.0/24.
- Private Subnet CIDR Block: Enter a valid CIDR block for the subnet. The value must be within the VCN's CIDR block and not overlap with the public subnet's CIDR block. For example: 10.0.1.0/24.
- Accept the defaults for any other fields.
- Click Next.
- Review the list of resources that the workflow will create for you. Notice that the workflow will set up security list rules and route table rules to enable basic access for the VCN.
- Click Create to start the short workflow.
- Open the navigation menu and select Identity & Security. Under Identity, select Policies.
- In the Compartment list, select the root compartment of your tenancy.
- Click Create Policy.
- Enter the following:
- Name: A unique name for the policy. The name must be unique across all policies in your tenancy. You cannot change this later.
- Description: A friendly description. You can change this later if you want to.
Policy Builder: Click Show manual editor. To allow Oracle Platform Services access to use the network in your compartment, enter the following policy statements. Replace <compartment_name> with your compartment name where the resources are located.
Allow service PSM to inspect vcns in compartment <compartment_name> Allow service PSM to use subnets in compartment <compartment_name> Allow service PSM to use vnics in compartment <compartment_name> Allow service PSM to manage security-lists in compartment <compartment_name> Allow resource psmrp psm to inspect vcns in compartment <compartment_name> Allow resource psmrp psm to use subnets in compartment <compartment_name> Allow resource psmrp psm to use vnics in compartment <compartment_name> Allow resource psmrp psm to manage security-lists in compartment <compartment_name>For more information about policies, see Policy Basics and also Policy Syntax.
-
(Optional) If you want to enable the use of an Autonomous Database for Transaction Processing and Mixed Workloads or Oracle Cloud Infrastructure Database instance in your compartment as the infrastructure schema database for your Oracle Java Cloud Service instance, then add the following statements:
Allow service PSM to inspect autonomous-database in compartment <compartment_name> Allow service PSM to inspect database-family in compartment <compartment_name> Allow resource psmrp psm to inspect autonomous-database in compartment <compartment_name> Allow resource psmrp psm to inspect database-family in compartment <compartment_name> - Click Create.
-
Open the Region menu and select the region in which you want to create the Oracle PaaS service instance.
Select a region that's within the default data region of your account. For example, if your default data region is EMEA, then select Germany Central (Frankfurt) or UK South (London).
- Open the navigation menu and select Storage. Under Object Storage & Archive Storage, select Buckets.
-
Select the compartment you created.
-
Select Create Bucket.
-
Enter a bucket name, for example: PaasBucket.
Make a note of the name you enter. You need it when you create an instance for your Oracle Platform Service later.
-
Select Create.
For Big Data Cloud, set up an API signing key:
Follow the instructions in this topic: Required Keys and OCIDs.
For all other services, create an auth token. Note that your service might refer to this credential as a Swift password. Use the auth token wherever you are asked to provide a Swift password.
- View the user's details:
- If you're creating an auth token for yourself: In the navigation bar, select the Profile menu (
and then select User settings or My profile, depending on the option that you see. - If you're an administrator creating an auth token for another user: In the Console, click Identity, and then click Users. Locate the user in the list, and then click the user's name to view the details.
- If you're creating an auth token for yourself: In the navigation bar, select the Profile menu (
- On the left side of the page, click Auth tokens.
- Click Generate Token.
-
Enter a friendly description for the token and click Generate Token.
The new token is displayed.
- Copy the token immediately, because you can't retrieve it again after closing the dialog box. Also, make sure you have this token available when you create your Oracle Platform Services instance.
Scenario 2: I have an existing VCN in Oracle Cloud Infrastructure that I want to use for my Oracle Platform Services instance
You can use an existing VCN. The VCN must have at least one public subnet. Perform these tasks to complete the prerequisites:
- Open the navigation menu and select Identity & Security. Under Identity, select Policies.
- In the Compartment list, select the root compartment of your tenancy.
- Click Create Policy.
- Enter the following:
- Name: A unique name for the policy. The name must be unique across all policies in your tenancy. You cannot change this later. Avoid entering confidential information.
- Description: A friendly description. You can change this later if you want to.
Policy Builder: Click Show manual editor. To allow Oracle Platform Services access to use the network, enter the following policy. In each statement, replace <compartment_name> with the name of the compartment where your VCN resides.
Allow service PSM to inspect vcns in compartment <compartment_name> Allow service PSM to use subnets in compartment <compartment_name> Allow service PSM to use vnics in compartment <compartment_name> Allow service PSM to manage security-lists in compartment <compartment_name> Allow resource psmrp psm to inspect vcns in compartment <compartment_name> Allow resource psmrp psm to use subnets in compartment <compartment_name> Allow resource psmrp psm to use vnics in compartment <compartment_name> Allow resource psmrp psm to manage security-lists in compartment <compartment_name>For more information about policies, see Policy Basics and also Policy Syntax.
-
(Optional) If you want to enable the use of an Autonomous Database for Transaction Processing and Mixed Workloads or Oracle Cloud Infrastructure Database instance in your compartment as the infrastructure schema database for your Oracle Java Cloud Service instance, then add the following statements:
Allow service PSM to inspect autonomous-database in compartment <compartment_name> Allow service PSM to inspect database-family in compartment <compartment_name> Allow resource psmrp psm to inspect autonomous-database in compartment <compartment_name> Allow resource psmrp psm to inspect database-family in compartment <compartment_name> - Click Create.
-
Open the Region menu and select the region in which you want to create the Oracle PaaS service instance.
Select a region that's within the default data region of your account. For example, if your default data region is EMEA, then select Germany Central (Frankfurt) or UK South (London).
- Open the navigation menu and select Storage. Under Object Storage & Archive Storage, select Buckets.
-
Select the compartment you want to create the bucket in.
-
Select Create Bucket.
- Enter a bucket name, for example: PaasBucket. Make a note of the name you enter. You need it when you create an instance for your Oracle Platform Service later. Avoid entering confidential information.
-
Select Create.
For Big Data Cloud, set up an API signing key:
Follow the instructions in this topic: Required Keys and OCIDs.
For all other services, create an auth token. Note that your service might refer to this credential as a Swift password. Use the auth token wherever you are asked to provide a Swift password.
- View the user's details:
- If you're creating an auth token for yourself: In the navigation bar, select the Profile menu ( and then select User settings or My profile, depending on the option that you see.
- If you're an administrator creating an auth token for another user: In the Console, click Identity, and then click Users. Locate the user in the list, and then click the user's name to view the details.
- If you're creating an auth token for yourself: In the navigation bar, select the Profile menu (
- On the left side of the page, click Auth Tokens.
- Click Generate Token.
-
Enter a friendly description for the token and click Generate Token.
The new token is displayed.
- Copy the auth token immediately, because you can't retrieve it again after closing the dialog box. Also, make sure you have this token available when you create your Oracle Platform Services instance.
Information About Supported Platform Services
The following table lists the services supported on Oracle Cloud Infrastructure and links to more information about using those services on Oracle Cloud Infrastructure: