Between the Oracle Cloud Infrastructure (OCI) Audit Service recording administrative operations and Oracle Identity Cloud Service (IDCS) tracking access and user management events, Oracle Cloud provides pretty comprehensive tracking of security events. Recently however, I have been in conversations with a number of organisations who have been seeking longer term retention of audit events for several different reasons, including governance, compliance and forensic requirements. The OCI Audit service supports requesting bulk export of audit events to Object Storage, which allows you manage the retention and archiving of those events yourself, so I started wondering if I could do the same for the IDCS access events. A bit of testing and some simple coding later, and I had events being pulled directly from the IDCS Audit Events API periodically and sent to Object Storage for retention.
In this blog post, I will provide this code as a sample, and discuss some of the techniques and technologies that are available in Oracle Cloud Infrastructure to enable simple, but highly secure and cost-effective, automation of cross-service tasks such as this.
Continue reading “Simple, Secure Log Retention using OCI Services”
Oracle Cloud Infrastructure provides a ton of useful services for automating and orchestrating behaviours in your cloud environment, and while they are often pretty handy on their own, leveraging them together gives almost complete flexibility on what you can achieve. Want to trigger a backup using a command in slack, then have a message get sent back when it completes? Sure! Want to periodically poll a log API and archive the results? Easy. Oracle Cloud Infrastructure provides a number of inbuilt capabilities, as well as the ability to jump into arbitrary code to build elaborate automation flows, and this blog post will focus upon the security constructs around this, looking at how services can be authorised to invoke one another, as well as how they authenticate themselves, while avoiding storing sensitive data in insecure ways. This post is intended as an overview of the concepts, and will be referenced in more concrete ways in future.
Continue reading “Secure Inter-Service Communication in OCI”
In a two-part blog series I am exploring the available options in triggering an Oracle Integration Cloud (OIC) integration whenever a resource state change occurs within Oracle Cloud Infrastructure (OCI). One example of this event based pattern is the ability to trigger an OIC integration as soon as a file is uploaded to OCI Object Storage, thereby removing the need for any scheduled based integrations that rely on file polling.
In my previous blog, I provided some context and background on the OCI Event service and the available options that we have in triggering an OIC integration. Namely these are the OCI Notifications, Functions, and Streaming services. My previous blog also explored the first of these patterns, and detailed how this event based pattern can be achieved using the OCI Notification Service. In this follow up article I will cover how we can use Oracle Functions to achieve the same outcome.
Continue reading “Triggering an OIC integration via OCI Events – the Oracle Functions Approach”
The first AppDev Made Easy (previously known as DX Workshop) for this tour started in Perth. We are continually trialing a few different things as such as we incorporated Fn project https://fnproject.io.
The whole demonstration of Functions was to articulate that there are different ways to execute and understanding the problem to solve as well as the values that the organisation holds (including both business and IT departments including developers) which will determine the technology.
For the demo we start from the very beginning.
Continue reading “Experimenting with Fn project”