1. Platform Preparation and Installation Guide
  2. Public Cloud Platforms
  3. Create and Deploy on OCI
  4. Create Dynamic Group and Policy Statements

Create Dynamic Group and Policy Statements

High Availability (HA) instances require the ability to interact with the platform's API during failover events. You create both Dynamic Groups and Policy Statements for this purpose. Dynamic Groups include rules configuration, which you use to define the instances that belong the group. Policy statements refer to dynamic group names, followed by the action allowed for the group.

The use of dynamic groups allows you to provide the required privileges to multiple instances at the same time. This means you can define and provide these privileges to all instances in a compartment simultaneously by specifying the compartment ID as a single rule attribute. If you want to limit the privileges to a subset of the instances in a compartment, you need to add rule attributes accordingly. If you want to specify individual instances, you need to create the instance first so you have its OCID available as an additional attribute.

Create Dynamic Group

To create a Dynamic Group:

  1. From the Oracle Cloud VCN Compartment dialog, click the Hamburger menu icon to display its drop-down menu and click Identity, Dynamic Groups.
  2. Name—Enter a name for your dynamic group. This name can be anything. You use this name when configuring policy statements.
  3. Matching Rules—Use matching rules configuration to define which instances belong to your group. You specify the attributes on which you want to group instances, and add them to the dynamic group. You can use the provided rule builder, which automatically populates the matching rule text box with your rule(s).

    Consider the identifier syntax, <instance.compartment.id.> Be sure to use the OCID of the compartment in which SBC you create your instances.

Note:

Your IAM policy must include you in the Administrators group to manage dynamic groups.

Create Policy Statements

To create applicable policy statements:

  1. From the Oracle Cloud VCN Compartment dialog, click the Hamburger menu icon to display its drop-down menu and click Identity, Policies.
  2. Policy Name—Enter a name for your policy. This name can be anything.
  3. Policy Statements—Create the statements needed by the instances in your dynamic group to perform HA procedures with the platform's API, including:
    • Allow dynamic-group <dynamic-group name> to read all-resources in compartment <compartment name>
    • Allow dynamic-group < dynamic-group name> to use private-ips in compartment <compartment name>
    • Allow dynamic-group <dynamic-group name> to use vnics in compartment <compartment name>
    • Allow dynamic-group < dynamic-group name> to use vnic-attachments in compartment <compartment name>

For <dynamic-group-name>, use the same name you used for the dynamic group you created above.