Request for Inbound Allow List
The inbound allow list feature provides a way to allow or deny inbound requests based on user-defined configuration.
By default, all inbound requests coming from all sources are allowed for Oracle Utilities Cloud Services.
Customers are given the capability to override this default behavior. It is possible to limit the sources that are able to perform inbound requests.
Request Specifications
- If a customer would like to customize or override the inbound allow list behavior,
the expected flow is:
- Customers need to determine how they will identify the sources that are
allowed to access the resources:
- via IP address ranges defined as CIDR blocks
- via VCN OCID - only sources that access the resources via the OCI service gateway
- both IP and VCN OCID
- Customers need to determine how they will identify the sources that are
allowed to access the resources:
- Optionally, customers can create and name groups of CIDR blocks and/or VCN OCID.
- Customer will identify what resources will be restricted:
- These can be grouped into paths depending on the application. For example: /web for online OUAF application; /sql for ORDS, /rest for OUAF rest services etc
- These can also be grouped into paths that start with a particular subpath. For example: /rest/busSvc/K1 for all K1-owned rest services
- These can also be grouped into specific paths. For example: /rest/ busSvc/F1-HealthCheck can be configured to be accessible by set of sources
- Customer will identify what resources will be restricted:
- Optionally, the customers can create and name groups of paths (refer path matching
below)
- Customer will identify the "allow rules" based on sources and paths they have
identified:
- each allow rule is made up of a path group, and one or more sources that can access it
- Customer will identify the "allow rules" based on sources and paths they have
identified:
Customer Obligations
- The customer can request for Inbound Allow List by creating a Service Request in My Oracle Support (MOS).
- The customer must provide necessary details for the request as stated in Request Specification section.
- The customer must specify the environment names and desired date/ time for this activity to be scheduled
Note: The execution of this activity will involve the environment to be restarted.
Oracle Cloud Ops Team Obligations
- Acknowledge and schedule the execution of the service request
- Submit the ticket with internal security team for approval
- Coordinate with Infrastructure teams (if needed) for completion of the service request
- Communicate the status upon completion of the service request
Service Level Objective
- Advanced Notice: 7 business days
- Acknowledge/Schedule: 2 business days
- Execution Time: 2 business days
- Outage Expected: No