Required IAM Policies

Non-Admin User Group Policies

If the user applying the Resource Manager stack is not an OCI administrator, your OCI administrator must first grant the following user group policies to allow proper provisioning and access:

Optional User Group Policies

The following policies are required only if specific features are enabled:

Note:

Note: These policies are conditional and should only be applied when the corresponding feature checkboxes are selected during Stack Apply.

Dynamic Group Policies (for users who unselect "Create Policies" checkbox)

When Compute instances are started, certain scripts make OCI API calls. These instances gain permissions through dynamic groups and associated policies.

You have two options:

  • Pre-create the policies before stack creation.
  • Let the Terraform scripts create them automatically by selecting the OCI Policies option.

If you want Terraform to create the dynamic groups and policies, and you are not an OCI administrator, your OCI administrator must first grant the following user group policies:

Dynamic Group Policies Created When "Create Policies" Checkbox Is Selected

The following dynamic group and network policies are automatically created if the "Create Policies" checkbox is selected.

Note:

Important If the checkbox is not selected, these policies must be added manually by your OCI administrator.

ATP-DB Dynamic Group Policy (Optional)

If the migrated domain uses an Autonomous Database (ATP/ADW), The following policy is required to download the ATP or ADW database wallet:

VCN Peering Dynamic Group Policies (Optional)

If VCN Peering is required (i.e., when the WebLogic VCN is different from the DB VCN), the following policies are needed:

WLS to DB Access Dynamic Group Policy (Optional)

The following policy is required only if the "Add Rule for WLS to Access DB" checkbox is selected:

Note:

Note:

  • Replace MyGroup, MyCompartment, MyDBNetworkCompartment, and <dynamic-group> with your actual group names, compartment OCIDs, and dynamic group definitions.
  • These policies ensure the user has sufficient permissions to provision networking, compute, storage, and WebLogic resources required by the migration stack.