One of the recent additions to Oracle Cloud Infrastructure (OCI) is IAM Domains. New OCI tenancies are provisioned with IAM Domains and at time of writing tenancies with IDCS instances are being migrated to IAM Domains.
I originally created Peek to create a visual representation of effective user permissions inside an OCI tenancy to assist with performing user access reviews. Excessive permissions and IAM misconfigurations are a common issue found in cloud environments that can lead to privilege escalation and/or unauthorised access to resources and data.
At time of writing the latest release of the OCI CLI now supports interacting with IAM Domain resources and so I have created a version of Peek that works with IAM domains.
Continue reading “OCI IAM Domains User Access Review”
In my previous blog post Oracle Cloud Infrastructure OCI Gen-2 Cloud Security – Part I , I have discussed the seven pillars of information security upon which Oracle Cloud Infrastructure OCI (Oracle Gen-2 Cloud) is built. The cloud shared security and responsibility model was discussed along with the concepts such as Regions, Availability Domains and Fault Domains. This part discusses the Identity and Access Management for OCI. It provides authentication and authorisation for all the OCI resources and services.
An enterprise can use single tenancy shared by various business units, teams, and individuals while maintaining the necessary security, isolation, and governance, and this post will go into the concepts involved in this.
Continue reading “Oracle Cloud Infrastructure OCI Gen-2 Cloud Security – Part II (Identity and Access Management)”