Oracle Cloud Infrastructure Documentation

Creating a PSA Endpoint

Create a PSA endpoint in a Virtual Cloud Network (VCN) to allow private access to the Oracle Services Network (OSN).

You can only create a PSA endpoint in an existing subnet in a VCN. You can't create the endpoint while creating a VCN or subnet.
    1. On the Virtual Cloud Networks list page, select the VCN or subnet that you want to create a PSA endpoint in. If you need help finding the list page for the VCN, see Listing VCNs or Listing Subnets.
    2. On the details page, perform one of the following actions depending on the option that you see:
      • On the Private service access tab, select Create.
    3. Enter a friendly name for the PSA endpoint. It doesn't have to be unique. Avoid entering confidential information.
    4. Verify the compartment that you want to create the PSA endpoint in. Select another compartment if needed.
    5. (Optional) In the Tags section, add one or more tags. If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.
    6. In the Service section, select the Oracle Services Network (OSN) service you want the PSA endpoint to enable access to. You can only select one per endpoint.
    7. In the Network section, select the compartment for the PSA endpoint's subnet, and the subnet itself.
    8. Select whether the PSA endpoint's private IPv4 address is automatically or manually assigned.

      If you select Automatically assign a private IPv4 address, you can decide between ephemeral (dynamically allocated from the available IP addresses in the subnet by Oracle) or persistent IPv4 addresses (selected from existing reserved private IPs).

      If you select Manually assign a private IPv4 address, you can either Provide private IPv4 address and enter the address in the field, or Select existing reserved IPv4 address from the list of available addresses.

    9. (Optional) Decide whether to add ZPR security attributes on the PSA endpoint.

      If you select this option, you can add up to three security attributes to restrict access to resources. If you have permissions to create a resource, then you might also have permissions to apply security attributes to that resource. To apply a security attribute, you must have permissions to use the security attribute namespace. For more information about security attributes and security attribute namespaces, see Zero Trust Packet Routing. If you're not sure whether to apply security attributes, skip this option or ask an administrator. You can apply security attributes later.

    10. (Optional) Decide whether to add the PSA endpoint to an NSG.

      If you select this option, select the compartment that contains the NSG and then select the NSG you want.

    11. Select Create private service access endpoint.

  • CLI tasks are TBD

  • Run the CreatePrivateServiceAccess operation to create a PSA endpoint.