Oracle Cloud Infrastructure Documentation

Creating a Private Endpoint

Create a private endpoint in Resource Manager.

Before You Begin

Gather the network information that you need:

  • Virtual cloud network (VCN) and subnet

  • The private endpoint connection is at the VCN level. If you have many subnets per VCN, you need to create only one private endpoint for that VCN. Ensure that security rules meet your requirements.

  • Network security groups (optional)

  • DNS zones (optional, for private Git servers)

    For example, for a private Git server at https://privateGitServer.examplesub.exampledomain, create a DNS zone for examplesub.exampledomain.

Additionally:

  • Ensure that the subnet allows access to the private resource: Set up a security rule for ingress.
  • Ensure that the subnet has available IP addresses.

    If no IP addresses are available in the specified subnet, then the work request for creating the private endpoint fails.

  • For private Git servers, import the certificates you want to use. See the GitHub and GitLab instructions.

Using a Terraform Configuration

Create a private endpoint by using a Terraform configuration.

  1. Add code to the Terraform configuration that creates a private endpoint.
    For an example, see Example Usage (oci_resourcemanager_private_endpoint).
  2. Create a stack that references this Terraform configuration.
  3. Run an apply job on the stack.
    A work request for creation runs, and then the private endpoint is created. You can now reference the private endpoint from any Terraform configuration or configuration source provider.
  • To create a private endpoint by using the Console, follow these steps.
    1. On the Private endpoints list page, select Create private endpoint. If you need help finding the list page or the private endpoint, see Listing Private Endpoints.
    2. In the Create private endpoint panel, enter a name and optional description for the private endpoint. Avoid entering confidential information.
    3. Select the compartment that you want to create the private endpoint in.
    4. Enter the following values:
      • Virtual cloud network: The virtual cloud network (VCN) to use with the private endpoint. See VCNs and Subnets. To select a VCN in a different compartment, select Change Compartment.
      • Subnet: The subnet to use with the private endpoint. See VCNs and Subnets. To select a subnet in a different compartment, select Change Compartment.
      • Allow this private endpoint to be used with a configuration source provider: When enabled, allows use with configuration source providers (for example, private Git servers). If you enable this option, it can't be disabled after the endpoint is created.
      • DNS zones: The DNS zones to use with the private endpoint. This field is displayed when Allow this private endpoint to be used with a configuration source provider is selected. For more information about DNS zones, see Public DNS.
      • Network security groups: The network security groups (NSGs) to use with the private endpoint. To select a NSG in a different compartment, select Change Compartment.
    5. (Optional) Select Show advanced options and assign tags to the private endpoint.
      • Tag namespace: To add a defined tag, select an existing namespace. To add a free-from tag, leave the value blank.
      • Tag key: To add a defined tag, select an existing tag key. To add a free-form tag, type the key name that you want.
      • Tag value: Type the tag value that you want.
      • Add tag: Click to add another tag.
    6. Select Create.
    The new private endpoint appears on the Private endpoints list page. While the work request for creation runs, the new private endpoint's status is Creating, and the new private endpoint's details page shows the work request in progress. When the work request reaches succeeded status, the new private endpoint's status is Active.

  • Use the oci resource-manager private-endpoint create command to create a private endpoint.

    oci resource-manager private-endpoint create --compartment-id <compartment_ocid> --display-name <text> --subnet-id <subnet_ocid> --vcn-id <vcn_ocid>

    For a complete list of parameters and values for CLI commands, see the Command Line Reference for Resource Manager.

  • Use the CreatePrivateEndpoint operation to create a private endpoint.