Managing Recipes

When you create a security zone you assign a recipe to it. A recipe is a collection of security zone policies.

When you perform certain resource operations in a security zone, such as creating a compute instance or a subnet, Oracle Cloud Infrastructure automatically validates the policies within the recipe that is assigned to the security zone.

Your tenancy has a predefined recipe named Maximum Security Recipe, which includes all available security zone policies. Oracle manages this recipe, and you can’t modify it.

Required IAM Policy

To work with Security Zones, an administrator must grant you access in an IAM policy.

If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted.

For example, the following IAM policy allows users in the group SecurityAdmins to manage security zones in the entire tenancy.

Allow group SecurityAdmins to manage security-zone in tenancy

See Security Zone IAM Policies.

Viewing the Policies in a Recipe

Identify the policies in a security zone recipe by using the Console.

  1. Open the navigation menu and click Identity & Security. Under Security Zones, click Overview.
  2. Click Recipes.
  3. Click the name of a recipe.
To learn more about a security zone policy in the recipe, see Security Zone Policies.

Viewing the Security Zones Associated with a Recipe

Identify the security zones that are associated with a recipe by using the Console.

  1. Open the navigation menu and click Identity & Security. Under Security Zones, click Overview.
  2. Click Recipes.
  3. Click the name of a recipe.
  4. Click Associated Security Zones.
To create a security zone, see Managing Security Zones.