Prerequisites for Configuring a Private Endpoint

A private endpoint enables integrations to access private resources in a virtual cloud network (VCN) subnet. Before configuring and using your private endpoint, the VCN and subnet must be set up, the private resources must be added to the subnet, and you must create a policy that allows the private endpoint to manage resources in the compartment that holds your subnet.

Create a VCN and Subnet

A private endpoint enables integrations to access private resources in a virtual cloud network (VCN) subnet. Before configuring and using your private endpoint, the VCN and subnet must be set up.

Note:

Perform this task only one time per Oracle Integration instance.

A VCN is a customizable, private network that you set up in Oracle Cloud Infrastructure. A subnet is a subdivision of a VCN. You might already have a VCN and subnet. For example, if you have Oracle Cloud Infrastructure resources that aren't on the public internet, you already have a VCN and subnet to hold these resources. See Overview of VCNs and Subnets.

Requirements

  • The VCN must be in the same region as your Oracle Integration instance.
  • The VCN and subnet can be in any compartment within the customer tenancy.
  • The subnet can be public or private.

Note:

When you create a private endpoint, three IPs will be selected from the available pool of free IPs in the classless inter-domain routing (CIDR) block; they won't be from the network reserved IPs.

Instructions

  1. If you don't already have a VCN, create one. See Creating a VCN.

    Make sure to note the name of the VCN and the name of the compartment that holds the VCN. You'll need this information when you create the private endpoint.

  2. If you don't already have a subnet, create one. See Creating a Subnet.

    Make sure to note the name of the subnet and the name of the compartment that holds the subnet (this might be the same compartment that holds the VCN). You'll need this information when you create the private endpoint.

Add Resources to Your Subnet

A private endpoint enables integrations to access private resources in a virtual cloud network (VCN) subnet. Before configuring and using your private endpoint, the private resources must be added to the subnet.

Requirements

  • The private resources must be in the same customer tenancy in which Oracle Integration is provisioned.

Instructions

Add any private resources that your integrations need to access to your subnet. This is generally done when creating or editing the resource.

Examples of private resources include an Oracle Autonomous AI Database (ATP) instance, a virtual machine that you set up as a private SFTP server, or a web server that you use to host private custom REST endpoints.

Create a Policy to Manage Subnet Resources

To create a private endpoint, you need to create a policy that allows the private endpoint to manage resources in the compartment that holds your subnet.

Note:

Perform this task only one time per Oracle Integration instance. You need only one policy per Oracle Integration instance.

The policy allows the private endpoint to create a virtual network interface card (VNIC) in the compartment that contains the subnet. The private endpoint uses the VNIC to access the private resources in the subnet. To learn more about VNICs, see Virtual Network Interface Cards (VNICs).

Instructions

  1. In the Oracle Cloud Console, open the navigation menu and click Identity & Security, then, under Identity, click Policies.
  2. Click Create Policy.
  3. In the Create Policy window, enter a name (for example, IntegrationPrivateEndpointPolicy) and a description.
  4. Make sure you've selected the compartment in which you want to create the policy. See Compartment Tips.
  5. Under Policy Builder, select Show manual editor and enter the required policy statements.
    Syntax:
    • allow group group_name to manage virtual-network-family in compartment compartment-name
    Where:
    • group_name is the user group that is allowed to create the private endpoint

      Make sure that the person who will create the private endpoint belongs to the group.

    • compartment-name is the name of the compartment that contains the subnet with the private resources

      When you created the VCN and subnet, the compartment that contains your Oracle Integration instance was selected by default. However, you might have chosen different compartments.

    Example:
    • allow group oci-integration-admins to manage virtual-network-family in compartment OCI-VCN-Compartment