Oracle Cloud Infrastructure Documentation

Adding Security Attributes to a Mount Target

Use Zero Trust Packet Routing with a mount target.

You can use Zero Trust Packet Routing (ZPR) along with or in place of network security groups to manage network access to OCI resources . To do this, define ZPR policies that govern how resources communicate with each other, and then add security attributes to those resources. For more information, see Zero Trust Packet Routing.
Caution

If an endpoint has a Zero Trust Packet Routing (ZPR) security attribute, traffic to the endpoint must satisfy ZPR policies and also all NSG and security list rules. For example, if you're already using NSGs and you add a security attribute to an endpoint, all traffic to the endpoint is blocked. From then onward, a ZPR policy must explicitly allow traffic to the endpoint.
    1. On the File Storage mount targets list page, select the File Storage mount target that you want to work with. If you need help finding the list page or the File Storage mount target, see Listing Mount Targets.
    2. On the details page, go to the Security tab and perform one of the following actions depending on the option that you see:
      • In the Security attributes section, select Add.
      • Select Add security attributes
    3. In the panel that opens, select Add security attribute, and then enter the following information:
      • Security attribute namespace: A security attribute namespace is a container for a set of security attributes in Zero Trust Packet Routing (ZPR).
      • Security attribute key: The name for a specific security attribute.
      • Security attribute value: The value for a specific security attribute.

      These values must match an existing ZPR policy. For more information about security attributes and security attribute namespaces, see Zero Trust Packet Routing.

    4. When finished, select Add security attributes.

  • Use the fs mount-target update command and required parameters to add security associations to a mount target:

    oci fs mount-target update --mount-target-id <mount_target_OCID> --security-attributes securityattributes

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the UpdateMountTarget operation to add security associations to a mount target.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.