1. Enable credential expiry notification for OCI Identity and Access Management
  2. Plan

Plan

Prepare and configure required dynamic group and policy to invoke OCI Functions and OCI Resource Scheduler services.

Policy and Group Requirements

Before you begin, ensure you have configured the prerequisite policy and dynamic group configuration.

Policies

Allow Oracle Cloud Infrastructure Identity and Access Management policies for OCI Functions and OCI Resource Scheduler services.

Resource Type Description Example
Policies Allow OCI Identity and Access Management policies for OCI Functions and OCI Resource Scheduler services.
  • Allow dynamic-group dynamic-group-name to read secret-family in compartment function-compartment where target.secret.id='ocid of smtp password vaultsecret'
  • Allow dynamic-group dynamic-group-name to inspect compartments in tenancy.
Policies OCI Identity and Access Management policy to allow the OCI Resource Scheduler service to trigger OCI Functions.
  • Allow any-user to manage functions-family in compartment id ocid1.compartment.oc1..aaaaaa where all {request.principal.type='resourceschedule'}

Dynamic Group

Create dynamic group for function compartment.

Resource Type Description Example
Dynamic group Dynamic group to grant permission to specific function or compartment. All {resource.type = 'fnfunc', resource.compartment.id = 'ocid1.compartment.oc1..aaaaaaaanov...'}