OCI Onboarding

Suggest Edits

Introduction

The purpose of onboarding is to help you setup an CoreStack account with respect to an Oracle Cloud Infrastructure (OCI) account with governance policies. To begin monitoring your resources for OCI, you must complete some tasks on the OCI Tenant Console and some on CoreStack. After you add your OCI tenant to CoreStack, the API integration between OCI and CoreStack is established and you can monitor resource configuration issues.

Prerequisites

  • User ID.

    • Create an IAM user.

    • Create a group and add user to the group.

    • Create policy with following permission:

      ALLOW GROUP <Group-name> to manage all-resources IN TENANCY

  • Tenancy ID - OCID of the tenancy.

  • Fingerprint ID.

    • Generate an API key for the user.
    • Download public and private (.PEM format) keys. Click Add to see the configuration file. The configuration file includes details such as Fingerprint ID, user OCID, tenancy OCID, and so on.

Onboard an OCI Account

To onboard an OCI account, follow the instructions.

  1. Click Add New in the CoreStack dashboard.

  1. Select single account.
  2. Click Start Now.
  3. Select OCI as a cloud service provider.

  1. Click Get Started.
  2. Select an Access Type.
    1. Assessment
    2. Assessment + Governance
  3. Select Currency type.
  4. Select Environment type.
  5. Click Next.

  1. Enter User ID, Fingerprint ID, Tenancy ID.
  2. Select Default Region same as your home region.
  3. In Upload Credentials File (PEM), upload the private key (.pem) generated for the user.
  4. Click Upload.
  5. Click Validate.

  1. In Scope, select an option:
    1. Tenant
    2. Account
    3. Private
  2. Click I'm Done.

Set Governance Configuration

You can set Activity Logs and Alerts configurations.

  1. Hover OCI Total Cloud Accounts and click Tenancy.

  1. Click View > View Settings.
  2. Click Governance Configuration.

  1. Click Configure. You can set Activity Logs configurations, Alerts configuration. Below policies are required for resource creation.
Allow group <group-name>  to manage alarms in tenancy
Allow group <group-name> to read metrics in tenancy
Allow group <group-name> to manage ons-topics in tenancy
Allow group <group-name> to manage ons-subscriptions in tenancy
Allow group <group-name> to read alarms in tenancy

Allow group <group-name> to manage serviceconnectors in tenancy
Allow group <group-name> to manage ons-topics in tenancy
Allow group <group-name> to manage ons-subscriptions in tenancy

Allow group <group-name> to read usage-reports in tenancy
  1. Click Create New > Next.

  1. In Regions, select regions based on account onboarding.
  2. To create a service connector, enter Service Connector Name.
  3. To create a topic, enter Topic Name.
  4. To apply this selection as default template, select Apply Default Template.

  1. Click Save.
  2. In Notification settings, enter notification email address.
  3. To access a public URL, enter URL in Webhook.
  4. To allow external applications to share content in Microsoft Teams channels, add URL in Microsoft Teams Webhook.

  1. Click Finish. The Activity log is created.
  2. Click Alerts > Configure.

  1. Click Create New > Next.

  1. In Regions, select regions based on account onboarding.
  2. To create a topic, enter Topic Name.
  3. To apply this selection as default template, select Apply Default Template.
  4. Click Save.

Updated 6 months ago