Whitelisting Access for OCI Analytics Cloud Services
PythonWhitelisting access for Oracle Cloud Infrastructure (OCI) Analytics Cloud Services typically involves setting up network access rules to control the traffic to and from your Analytics instance. To whitelist access, you can specify IP addresses, VCNs, and services that are allowed to interact with your Analytics instance.
In the Pulumi program below, we will use the
oci.Analytics.AnalyticsInstance
resource to create an Analytics instance and configure its network access rules. We'll set up a whitelist of IPs using thenetworkEndpointDetails
property'swhitelistedIps
field. Additionally, if you wanted to further control the traffic by specifying VCNs or security rules, you could use thewhitelistedVcns
andnetworkSecurityGroupIds
fields respectively.Here is a step-by-step explanation followed by the Pulumi program in Python:
- Import Pulumi OCI Plugin: This allows us to interact with OCI services.
- Analytics Instance Creation: Use
oci.Analytics.AnalyticsInstance
to create an Analytics instance. - Networking Configuration: Define a
networkEndpointDetails
object within the instance creation to set up whitelisting. You'll need to supply an array of whitelisted IP addresses. Optionally, you can also define VCNs and security groups. - Output: Export the URL to access the Analytics instance.
The program assumes you have already configured your OCI provider, so no setup for that is included. Here's the Pulumi program:
import pulumi import pulumi_oci as oci # Create an OCI Analytics instance with whitelisted IPs. analytics_instance = oci.analytics.AnalyticsInstance('my-analytics-instance', compartment_id='ocid1.compartment.oc1..xxxxxx', # Replace with your Compartment OCID name='MyAnalyticsInstance', description='This is my analytics instance', feature_set='ENTERPRISE_ANALYTICS', # or 'SELF_SERVICE_ANALYTICS' based on the feature set you need license_type='LICENSE_INCLUDED', # or 'BRING_YOUR_OWN_LICENSE' service_name='my-analytics-service', # Replace with your Service Name network_endpoint_details=oci.analytics.AnalyticsInstanceNetworkEndpointDetailsArgs( network_endpoint_type='PUBLIC', # Can be 'PRIVATE' if you want to use VCNs. whitelisted_ips=['203.0.113.0', '203.0.113.1'], # Replace with IPs you want to whitelist. # Following are optional configurations based on if you choose a PRIVATE network. # subnet_id='ocid1.subnet.oc1..xxxxxx', # whitelisted_vncs=[ # oci.analytics.AnalyticsInstanceNetworkEndpointDetailsWhitelistedVncsArgs( # id='ocid1.vcn.oc1..xxxxxx', # whitelisted_ips=['203.0.113.10', '203.0.113.11'], # ), # ], # whitelisted_services=['all'], # Can specify particular services like 'logging', 'monitoring', etc. # network_security_group_ids=['ocid1.networksecuritygroup.oc1..xxxxxx'], ) ) # Export the URL of the created Analytics instance. pulumi.export('analytics_instance_url', analytics_instance.service_url)
Please replace the placeholder
ocid1.compartment.oc1..xxxxxx
and other OCID placeholders with your actual resource identifiers from your OCI environment. Thewhitelisted_ips
should be the IP addresses you desire to whitelist for access to the analytics service.You would typically run this Pulumi program by placing it in a file with a
.py
extension, such asmain.py
, and then use the Pulumi CLI to deploy it withpulumi up
. The CLI will prompt you to review and confirm the actions Pulumi will take.Keep in mind that the Python program provided assumes you're familiar with OCI terminology and structures, such as compartments, service names, and OCIDs. The actual IPs and service details would need to fit your organization's specific network setup and governance policies.