Assign Zero Trust Packet Routing (ZPR) Security Attributes to Your Instance

ZPR protects sensitive data by enforcing intent-based policies on OCI resources that include security attributes. If your Oracle Integration instance needs to send information to a ZPR-secured OCI resource, your instance must include the appropriate security attributes.

Your tenancy administrator enables ZPR, creates security attributes, and defines ZPR policies. Security attributes are labels that ZPR uses to organize and identify OCI resources. The security attributes are used in ZPR policies to define who can access those resources, and where the data can go. Then service administrators, like you, assign the security attributes to their service instances. When one OCI resource requests access to another OCI resource, ZPR looks at the security attributes for both resources and enforces the ZPR policies.

Let's look at an example.

Your tenancy includes the following ZPR artifacts:

• Security attribute: data:sensitive
• Security attribute: hosts:trusted
• ZPR policy: in networks:internal VCN allow hosts:trusted endpoints to connect to data:sensitive endpoints

Your Oracle Integration instance needs to send data to an OCI resource with the data:sensitive security attribute. So, your instance needs to include the security attribute hosts:trusted.

Note:

The ZPR security attributes you add to your Oracle Integration instance are included only when you send data sent through your private endpoint; therefore they only apply to outbound access from Oracle Integration. If you want to control inbound access to Oracle Integration, see Restrict Access to an Instance Using the Self-Service Allowlist.

For more information on ZPR, see Zero Trust Packet Routing in the Oracle Cloud Infrastructure documentation.

Prerequisites for Adding ZPR Security Attributes to Your Instance

Before you can add ZPR security attributes to your Oracle Integration instance, your tenancy administrator must have configured ZPR and you must know what security attributes you need to assign to your instance.

Prerequisite task	Associated Oracle Cloud Infrastructure documentation
1. Enable ZPR in the tenancy	Enabling Zero Trust Packet Routing
2. Create IAM policies to allow other users to manage ZPR	Zero Trust Packet Routing IAM Policies
3. Create ZPR artifacts	Creating a Security Attribute Namespace Creating a Security Attribute
4. Write ZPR policies to govern communication between OCI resources identified with security attributes	Creating a ZPR Policy
5. Find out which security attributes you need	Contact your tenancy administrator to find out which security attributes you need to assign to your Oracle Integration instance. You'll need the following information for each security attribute: Namespace Make sure you have at least read access to the namespace. Key Value

Add a Security Attribute to Your Instance

Add the appropriate ZPR security attributes to your Oracle Integration instance, and create a private endpoint. When you send data through your private endpoint, your security attributes are included and used to provide access to ZPR-secured OCI resources based on the ZPR policies.

This topic assumes the prerequisites have been completed, including finding out what security attributes you need to add to your instance.

To add ZPR security attributes to your instance, perform the following steps:

1. In the Oracle Cloud Infrastructure Console, open the navigation menu and click Developer Services, then, under Application Integration, click Integration.
2. Open the Oracle Integration instance for which you want to add the security attributes.
   If you don't see the instance you're looking for, make sure you're viewing the correct region (in the banner) and compartment (at the top of the instance list, next to Applied filters).
3. On the Integration instance details page, in the tabs across the top, click Security.
4. Click Add security attributes.
5. Select the Security attribute namespace that contains the security attribute you need.
6. Select the appropriate Security attribute key (the security attribute).
7. Depending on the security attribute type, enter or select the appropriate Security attribute value.
8. To add another attribute, click Add security attribute.

   Note:

   You can add up to three security attributes.
9. After adding all the required attributes, at the bottom of the dialog, click Add security attributes.
   The work request is submitted and the changes go into effect when the instance status changes to Active.

Remember that these attributes are included only when you send data through your private endpoint.

Edit or Delete Security Attributes for Your Instance

You can edit or delete ZPR security attributes for your Oracle Integration instance.

To edit or delete security attributes, perform the following steps:

1. On the Integration instance details page, in the tabs across the top, click Security.
2. To the right of the attribute, click , then click Edit.
   • To edit the security attribute value, click Edit, edit the value, then click Update.
   • To delete the security attribute, click Delete.

To manage ZPR and its artifacts, in the Oracle Cloud Infrastructure Console, open the navigation menu and click Identity & Security, then click one of the pages under Zero Trust Packet Routing.