Use Zero Trust Packet Routing on Autonomous Database

Oracle Cloud Infrastructure Zero Trust Packet Routing (ZPR) protects sensitive data from unauthorized access through intent-based security policies that you write for resources, such as an Autonomous Database on a private endpoint, that you assign security attributes to.

Security attributes are labels that ZPR uses to identify and organize resources. ZPR enforces policy at the network level each time access is requested regardless of potential network architecture changes or misconfigurations. You can write ZPR based policies in your tenancy to ensure an Autonomous Database instance on a private endpoint is only accessed by authorized users/resources. ZPR is built on top of existing network security group (NSG) and security control list (SCL) rules. For a packet to reach a target, it must pass all NSG and SCL rules, and ZPR policies. If any NSG, SCL, or ZPR rule or policy doesn't allow traffic, the request is dropped.

Note:

On Autonomous Database Zero Trust Packet Routing (ZPR) applies only for incoming connections when the instance is configured with a private endpoint. See Configure Private Endpoints for more information.

You can secure networks with Zero Trust Packet Routing (ZPR) in three steps:

1. Create and manage security attribute namespaces and security attributes
2. Write policies using security attributes to control access to resources
3. Apply security attributes to specified resources

Avoid entering confidential information when assigning descriptions, tags, security attributes, or friendly names to cloud resources through the Oracle Cloud Infrastructure Console, API, or CLI.

You have the following options to apply Zero Trust Packet Routing (ZPR) security attributes to a private endpoint on Autonomous Database:

• Apply security attributes when you provision an Autonomous Database instance and you choose Private endpoint access only network access during provisioning. See Provision an Autonomous Database Instance for more information.

• Apply security attributes when you clone an Autonomous Database instance and you choose Private endpoint access only network access during cloning. See Clone an Autonomous Database Instance for more information.

• Apply security attributes to a private endpoint on an existing Autonomous Database instance. See Configure Zero Trust Packet Routing (ZPR) for a Private Endpoint for more information.

See Getting Started with Zero Trust Packet Routing for more information.

• Configure Zero Trust Packet Routing (ZPR) for a Private Endpoint
  Shows the steps to configure Zero Trust Packet Routing (ZPR) for a private endpoint.

Configure Zero Trust Packet Routing (ZPR) for a Private Endpoint

Shows the steps to configure Zero Trust Packet Routing (ZPR) for a private endpoint.

Set or change the values for ZPR security attributes on an existing Autonomous Database instance configured with a private endpoint as follows:

1. From the Oracle Cloud Infrastructure Console, on the Details page, select the Security attributes tab.
   
   

   
   Description of the illustration adb_zero_trust_packet_routing_configure.png

   
   
2. Click Add security attributes.
3. In the Add security attributes dialog, select a Namespace and enter a Key and a Value.
4. Optionally click Add security attribute to add additional security attributes.
5. Click Add security attributes to confirm.