Oracle Cloud Infrastructure Documentation

Configuring Data Access for an IoT Domain Group

Add a Virtual Cloud Network OCID or OCIDs to an IoT domain group to define the IP address range or ranges allowed to access the database for an IoT domain group.

If you configure a direct database connection or a connection to Oracle Analytics Cloud, both configuration options require adding the VCN or VCNs to the IoT domain group to allow the IoT domain group to access the database. If the IoT domain data access option is configured, then you can view the database connection string and the database token scope for an IoT domain group when you get the details for the IoT domain group.

Note

The maximum number of VCNs you can associate to an IoT domain group is 5.

To complete the following steps your user must have at least read access to the VCN or VCNs you want to add to the IoT domain group. To confirm if you have read access to the VCN, see Getting a VCN's Details to view the VCNs you have access to.

For administrators:

To allow read access to the VCN or VCNs, an administrator must create a policy using this request.principal.type policy to allow any user working with an IoT domain group read access to a VCN or VCNs in a specific compartment. This policy provides the necessary access for configuring data access for an IoT domain group. 
Allow any-user to {VCN_READ} in compartment <compartment-name> where request.principal.type = 'iotdomain'
For more information, see Prerequisites.

    1. On the domain group's list page, select an IoT domain group you want to work with. If you need help finding the IoT domain group list page, see Listing IoT Domain Groups.
    2. The Details page opens and displays the following information about the domain group, if configured:
      • Data host: View or copy the Data host endpoint to the IoT database for the domain group.
      • Database connection: If configured, view or copy the database connection string for the IoT domain group.
      • Database token scope: If configured, view or copy the database token scope for the IoT domain group.
    3. If you configure a direct database connection or a connection to Oracle Analytics Cloud, then you can add the VCN or VCNs that are configured to allow access to the database. To do that, after you complete the steps to configure the VCN for the connection you want to use, select Add virtual cloud network to add the VCN or VCNs that define the IP address range allowed to access the database for this domain group. Select the compartment where the VCN is located, and then select the VCN created previously. Select Add.
    4. Add associated domains: View or add the domains using this domain group. If you select an associated domain you go to the domain associated with this domain group.

      • To edit the data access details, select the associated domain name to open the domain details page, select Actions, and then select Change Data Access. For more information, see Configuring an IoT Domain's Data Access.

      • If you do not see a domain, then Creating an IoT Domain and then associate the domain to the domain group.

    5. Optional: To view the work request to monitor the progress of the operation, go to the domain group, and then select the work request tab. Select the operation name to view the work request OCID. For more information, see Getting a Work Request's Details for Internet of Things.

  • Use the oci iot domain-group configure-data-access command and required parameters to configure data access for an IoT domain group. Replace the <vcn-OCID> with the OCIDs for the VCNs for your IoT domain group. Depending on your configuration, you can add one VCN OCID or multiple VCN OCIDs. The VCN must be in the same region as the IoT database. Replace the <iot-domain-group-OCID> with the OCID for the IoT domain group you want to update:

    oci iot domain-group configure-data-access --db-allow-listed-vcn-ids '["vcn-OCID-1","vcn-OCID-2"]' --iot-domain-group-id <iot-domain-group-OCID>

    For a complete list of parameters and values for CLI commands, see CLI Command Reference.

  • Run the ConfigureIotDomainGroupDataAccess operation to configure the data access for the IoT domain group.