Recommended Setup for a Single Cloud Service

If you are using a single Oracle Utilities cloud service (such as Customer Cloud Service) consider the following recommended setup:

Oracle Cloud Infrastructure - IAM and Object Storage

Compartments and Buckets

• Root Compartment

• CCS-Prod (Compartment)

• CCS-Non-Prod (Compartment)

• CCS-Shared (Compartment)

• CMA-Files (Bucket)

[for the system Content Migration Assistant]

• CONV-Upload (Bucket)

[for Data Conversion]

• CONV-Output (Bucket)

[for Data Conversion]

System Account Users and User Groups for Object Storage Access

• CCS-DEV (for the Development environment)

[part of User Group CCS-OSNonProdApp]

• CCS-TEST (for the Testing environment)

[part of User Group CCS-OSNonProdApp]

• CCS-PROD (for the production environment)

[part of User Group CCS-OSProdApp]

Additional environments will each have their own unique User with the "CCS" prefix and will be a part of the CCS-OSNonProdApp User Group.

Policies for Object Storage

• Policy for System Account users access to object storage in the Production Compartment:

• Typically defined under the root compartment.

• Open only to production user groups.

• Allows read access to buckets and read, create, modify and delete access to objects in the Production Compartment and the Shared Compartment.

• Policy for System Account users access to object storage in the Non-Production Compartment

• Defined under the root compartment.

• Open only to non-production user groups.

• Policy details can resemble the production policy or be less restrictive in terms of access allowed for buckets.

• Policies for Human users can be similar to the policies for System Account users but can allow more access for managing compartments and buckets as needed. These policies will be typically separated into production vs non-production resource access.

Example: Oracle Utilities Customer Cloud Service

The following example references the setup in the Customer Cloud Service (CCS) application outlined above.

File Storage Configuration

The following File Storage Configuration extendable lookup values should be defined to correspond to the cloud infrastructure setup above:

• OS-SHARED: This value will point to the Shared Compartment:

• The user ID will be different in each environment (CCSDEV, CCSTEST, CCSPRODCCS-DEV, CCS-TEST, CCS-PROD)

• The key ring can be the same in all environment but each environment key ring will have different key pairs (generated separately in each environment).

• Additional values can be defined based on the file location your specific processes will need to access, for example:

• OS-Payment: for Payment upload interface

• OS-MR-Up: for Meter Reads upload interface

• OS-MR-Dl: for Meter Reads download interface

• The Extendable Lookup values (the name) will be the same in each environment but some of the information that is defined for them will be different in each environment:

• User ID, compartment (Prod vs Non-Prod) and keys.