This image shows a Tenancy with an OCI Region. The Tenancy has Oracle Cloud Infrastructure Identity and Access Management (IAM). Deployment User and Application User are outside the Tenancy.

The OCI Region has a Compartment, Policies, an Internet Gateway, a Service Gateway, an Autonomous Database, and three availability domains (AD1, AD2, and AD3). The VCN (172.0.0.0/16) has the following subnets:

• Public Subnet (172.0.0.128/27): Bastion as a Service is in AD1.
• Public Subnet (172.0.0.96/27): Load Balancer is in AD2.
• Private Subnet (172.0.0.64/27): Virtual Machine is in AD3.
• Private Subnet (172.0.0.32/27): A Private Endpoint for an Autonomous Database is in AD2.

Deployment User data flows into the Bastion as a Service to the virtual machine in AD3 in the private subnet.

Application User data flows through the Internet Gateway to the Load Balancer into the Private Endpoint for an Autonomous Database in the private subnet.

The Autonomous Database is outside of the VCN, but has a Private Endpoint in the private subnet. Data flows from the private endpoint to the database and from the database to the private endpoint.