Prerequisites for Private Endpoints
Before creating a private endpoint, create the following policies and OCI Virtual Cloud Network (VCN) resources.
IAM Policies
Create the following Identity and Access Management (IAM) policy statements in the compartment where you plan to create the private endpoint or depending on your use case, you can add the policy for the entire tenancy. Consult your administrator on which one to use.
- To get access to all Generative AI resources in the entire tenancy, use the following policy:
allow group <your-group-name> to manage generative-ai-family in tenancy
- To get access to all Generative AI resources in a specified compartment, use the following policy:
allow group <your-group-name> to manage generative-ai-family in compartment <generative-ai-resources-compartment-name>
- To restrict access and give users access to manage private endpoints in Generative AI in the entire tenancy, use the following policy:
allow group <your-group-name> to manage generative-ai-private-endpoint in tenancy
- To restrict access and give users access to manage private endpoints in Generative AI in a specified compartment, use the following policy:
allow group <your-group-name> to manage generative-ai-private-endpoint in compartment <generative-ai-resources-compartment-name>
- To give users access to manage virtual cloud networks in the entire tenancy, use the following policy:
allow group <your-group-name> to manage virtual-network-family in tenancy
- To give users access to manage virtual cloud networks in a specified compartment, use the following policy:
allow group <your-group-name> to manage virtual-network-family in compartment <vcn-resources-compartment-name>
VCN Resources
After you add the policies for virtual cloud networks, create the following resources:
- Create a Virtual Cloud Network (VCN) in the tenancy.
- Create a private subnet in the VCN.