Oracle Groundbreaker’s Appreciation day time. Read more about from here!
I’m a fan of looking “dull” features of Oracle Cloud Infrastructure and thought Compartments would fit right into it on #ThanksOGB day. Compartments are way to control access and separate resources in your OCI tenancy.
And actually tenancy is the root compartment of your compartments! Compartments follow a simple hierarchy as well so with nested compartments you can allow resources to be created in different levels up to six levels deep with always the compartment administrator having ownership on the child compartments. Remember that compartments spread across regions but when you work with resources they are always specific to a region.
You always need at least one policy per compartment, policy is a document which is attached to compartment and defines who can access it. I’m not going deeper into policies but one common use case which comes up in the documentation is that you create your network resources in one compartment and let the network administrators to manage it, but give other group which has access to create compute resources in their compartment access to use network resources.
Over time and new requirements the compartment setup can become quite complicated but a well defined structure will help you a lot with your implementation!
Why did I want to bring this up? With OCI you can do with compartments almost everything in one account without need to create multiple accounts. In AWS for example you most likely have had to create multiple accounts, I at least find OCI approach much easier overall! Just design your compartment structure, policies and tagging well and it will be a great success!