Managing Regions

This topic describes the basics of managing your region subscriptions. For more information about regions in Oracle Cloud Infrastructure, see Regions and Availability Domains. For information about Platform Services regions, see Managing Platform Services Regions.

Required IAM Policy

If you're in the Administrators group, then you have the required access to manage region subscriptions.

If you're new to policies, see Getting Started with Policies and Common Policies. If you want to dig deeper into writing policies for managing regions or other IAM components, see Details for IAM.

The Home Region

When you sign up for Oracle Cloud Infrastructure, Oracle creates a tenancy for you in one region. This is your home region. Your home region is where your IAM resources are defined. When you subscribe to another region, your IAM resources are available in the new region, however, the master definitions reside in your home region and can only be changed there.


Your home region contains your account information and identity resources. It is not changeable after your tenancy is provisioned. If you are unsure which region to select as your home region, contact your sales representative before you create your account

Resources that you can create and update only in the home region are:

  • Users
  • Groups
  • Policies
  • Compartments
  • Dynamic groups
  • Federation resources

When you use the API to update your IAM resources, you must use the endpoint for your home region. (See How do I find my tenancy home region?) IAM automatically propagates the updates to all regions in your tenancy.

When you use the Console to update your IAM resources, the Console sends the requests to the home region for you. You don't need to switch to your home region first. IAM then automatically propagates the updates to all regions in your tenancy.

When you subscribe your tenancy to a new region, all the policies from your home region are enforced in the new region. If you want to limit access for groups of users to specific regions, you can write policies to grant access to specific regions only. For an example policy, see Restrict admin access to a specific region.


IAM Updates Are Not Immediate Across All Regions

When you create or update an IAM resource, be aware that you need to allow up to several minutes for the changes in your home region to become available in all regions.


Using the Console to Manage Infrastructure Regions

To view the list of infrastructure regions
To subscribe to an infrastructure region

You cannot unsubscribe from a region.

Using the API to Work with Infrastructure Regions

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use these API operations to manage infrastructure regions:

You cannot unsubscribe from a region.

Region FAQs

Can an individual user subscribe to a region?
Can I see my existing resources in the new region?
How do my service limits apply to the new region?
Can I restrict access to a specific region?
Can I change my home region?