Create the Required Resources in Oracle Cloud Infrastructure

Before creating an Oracle SOA Cloud Service instance attached to a private subnet, you must fulfill certain prerequisites, including creating the required identity, networking, and storage resources in Oracle Cloud Infrastructure.

1. Generate an SSH key pair.

   See Generating a Secure Shell (SSH) Public/Private Key Pair.

   Note the path and name of the files that contain the private and public keys. You’ll need the keys later.

2. Complete the following steps from the tutorial Creating the Infrastructure Resources Required for Oracle Platform Services:
   1. Create a compartment.
      If you want to create the Oracle Cloud Infrastructure resources in an existing compartment, then skip this step.
   2. Create a virtual cloud network (VCN) in the compartment you created or identified.
      If you want to use an existing VCN, then skip this step.
   3. Create a policy to allow Oracle Cloud platform services to use the networking resources in the compartment that you created or identified.
      If the required policy exists for the compartment that you want to use, then skip this step.
   4. Create a bucket in the Object Storage service to store backup of your Oracle SOA Cloud Service instance.

      Note:

      The user creating the bucket must be a user in Oracle Cloud Infrastructure Identity and Access Management (IAM), not a federated user.

      If you’d like to use a bucket that were created previously, then skip this step.

      Note the name of the bucket. You’ll need them later while creating the service instance.

   5. Generate authentication tokens for the users who created the bucket.

      If you have the required token already, then skip this step.

      Note the authentication token value. You’ll need it later while creating the service instance.

3. In the VCN that you created or identified earlier, create the required networking resources:
   1. Create a service gateway.

      The service gateway is required for the Oracle SOA Cloud Service instance to access the Object Storage service.

      See Setting Up a Service Gateway in the Oracle Cloud Infrastructure documentation.

   2. Create an internet gateway.

      The internet gateway enables communication between the public Internet and the bastion node.

      See Working with Internet Gateways in the Oracle Cloud Infrastructure documentation.

   3. (Optional) Create a NAT gateway.

      The NAT gateway is required for the node of the Oracle SOA Cloud Service instance to access the public Internet. Such access would be useful when (for example) you want to allow the nodes to access the Oracle Yum server to download additional packages or OS patches.

      See Setting Up a NAT Gateway in the Oracle Cloud Infrastructure documentation.

   4. Create the following route table:

      See Working with Route Tables in the Oracle Cloud Infrastructure documentation.

      Route Table route.public for the Public Subnets

      Route Rule	Destination	Target
      To route traffic bound for the public Internet through the internet gateway	CIDR: 0.0.0.0/0	Internet gateway

      Route Table route.private for the Private Subnet

      Route Rule	Destination	Target
      To route traffic bound for the Object Storage service through the service gateway	Service: OCI region Object Storage	Service gateway
      (Optional) To route traffic bound for the public Internet through the NAT gateway	CIDR: 0.0.0.0/0	NAT gateway

   5. Create the following security lists:

      See Working with Security Lists in the Oracle Cloud Infrastructure documentation.

      Security List seclist.bastion for the Bastion Subnet

      Security Rule	Source / Destination	IP Protocol / Port
      (Ingress) To allow SSH connections to the bastion node	Source CIDR: 0.0.0.0/0	SSH / 22
      (Egress) To allow all outbound traffic	Destination CIDR: 0.0.0.0/0	All protocols / ports

      Security List seclist.lb for the Load Balancer Subnets

      Security Rule	Source / Destination	IP Protocol / Port
      (Ingress) To allow traffic from the other compute nodes in the VCN	Source CIDR: 10.0.0.0/16	All protocols / ports
      (Egress) To allow all outbound traffic	Destination CIDR: 0.0.0.0/0	All protocols / ports

      Security List seclist.private for the Private Subnet

      Security Rule	Source / Destination	IP Protocol / Port
      (Ingress) To allow traffic from the other compute nodes in the VCN	Source CIDR: 10.0.0.0/16	All Protocols
      (Egress) To allow all outbound traffic	Destination CIDR: 0.0.0.0/0	All Protocols

   6. Create the following subnets:

      See Working with VCNs and Subnets in the Oracle Cloud Infrastructure documentation.

      Subnet Purpose (Suggested Name)	Availability Domain	Attributes
      For the bastion host (subnet.bastion)	AD1	Example CIDRFoot 1: 10.0.1.0/24 Route table: route.public Subnet access: Public Security list: seclist.bastion
      For the service instances (subnet.private)	AD1	Example CIDR: 10.0.4.0/24 Route table: route.private Subnet access: Private Security list: seclist.private

      ^Footnote 1 Assuming the VCN’s CIDR is 10.0.0.0/16

      Note:

      Make a note of the OCIDs of the subnets. You’ll need them later while creating the bastion host and the service instance.
4. Create a compute instance and attach it to the public subnet that you created for the bastion host.

   Through this node, administrators can access the administration console of the Oracle SOA Cloud Service instance, and they connect using ssh to the compute nodes of the service instance.

   See Creating an Instance in the Oracle Cloud Infrastructure documentation.

   After creating the bastion compute instance, note its public IP address.

You’ve created the required resources in Oracle Cloud Infrastructure. You can now create the Oracle SOA Cloud Service instance.