Oracle Cloud Infrastructure Documentation

Scenario A: Public Subnets

This topic explains how to set up Scenario A, which consists of a virtual cloud network (VCN) and public subnets. See the following figure. For more information, see Typical Networking Scenarios.

This image shows Scenario A: a VCN with public subnets and an Internet Gateway.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be given the required type of access in a An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. you should work in.

If you're a member of the Administrators group, you already have the required access to execute Scenario A. Otherwise, you need access to Networking, and you need the ability to launch instances. See IAM Policies for Networking.

Setting Up Scenario A

Setup is easy in the Console. Alternatively, you can use the Oracle Cloud Infrastructure API, which lets you execute the individual operations yourself.

Warning

Avoid entering confidential information when assigning descriptions, tags, or friendly names to your cloud resources through the Oracle Cloud Infrastructure Console, API, or CLI.

Using the Console

  1. Open the navigation menu. Under Core Infrastructure, go to Networking and click Virtual Cloud Networks.

  2. Choose a compartment you have permission to work in (on the left side of the page). The page updates to display only the resources in that compartment. If you're not sure which compartment to use, contact an administrator. For more information, see Access Control.
  3. Click Create Virtual Cloud Network.
  4. In Create in Compartment, leave the default value (the compartment you're currently working in).
  5. Enter a friendly name for the cloud network. It doesn't have to be unique, and it cannot be changed later in the Console (but you can change it with the API). Avoid entering confidential information.
  6. Select Create Virtual Cloud Network Plus Related Resources. This option is the quickest way to get a working cloud network in the fewest steps.
  7. Click Create Virtual Cloud Network.

Oracle then automatically creates a VCN for you with CIDR block 10.0.0.0/16, an internet gateway, a route rule to enable traffic to and from the internet gateway, the Default Security List, the default set of DHCP options, and one A subnet in which instances are allowed to have public IP addresses. When you launch an instance in a public subnet, you specify whether the instance should have a public IP address. per availability domain. The VCN will automatically use the Internet and VCN Resolver for DNS.

Note

Security List Rule for Windows Instances

If you're going to launch Windows instances, you need to add a security list rule to enable Remote Desktop Protocol (RDP) access. Specifically, you need a stateful ingress rule for TCP traffic on destination port 3389 from source 0.0.0.0/0 and any source port. For more information, see Security Lists.

Your next step is to launch an instance into one of the subnets and then communicate with it (for example, via SSH or RDP). For more information, see Launching an Instance.

Using the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use the following operations:

  1. CreateVcn: Make sure to include a DNS label if you want the VCN to use the built-in DNS capability (see DNS in Your Virtual Cloud Network).
  2. CreateSubnet: To match the scenario described above, create one public subnet per availability domain. Include a DNS label for each subnet if you want the VCN Resolver to resolve hostnames for instances in the subnet. Use the default route table, default security list, and default set of DHCP options.
  3. CreateInternetGateway
  4. UpdateRouteTable: To enable communication via the internet gateway, update the default route table to include this route rule: 0.0.0.0/0 > internet gateway.

You now have a working cloud network (VCN) with an internet gateway, the Default Security List, the default set of DHCP options, and at least one public subnet.

Note

Security List Rule for Windows Instances

If you're going to launch Windows instances, you need to add a security list rule to enable Remote Desktop Protocol (RDP) access. Specifically, you need a stateful ingress rule for TCP traffic on destination port 3389 from source 0.0.0.0/0 and any source port. For more information, see Security Lists.

Your next step is to launch an instance into a subnet in the VCN and then communicate with it (for example, via SSH or RDP). For more information, see Launching an Instance.