1. Deploy the Enterprise Baseline Landing Zone
  2. Consider These Recommendations

Consider These Recommendations

Use the following recommendations as a starting point when deploying an Enterprise Baseline Landing Zone.
Be aware that your requirements might differ from the architecture described here.
  • Security Lists

    The Enterprise Scale Baseline Landing Zone creates stateful security lists. If you have a public-facing application or load balancer that requires you to support a very large number of connections, we recommend that you create stateless security lists. For more information, see Stateful Versus Stateless Rules, the link for which you can find in the Explore More topic, elsewhere in this playbook.

  • Private Endpoints

    A private endpoint is a private IP address within your VCN that you can use to access a given service within OCI. The Enterprise Scale Baseline Landing Zone creates private endpoints to access the following Oracle Cloud Infrastructure services: Autonomous Database, Streaming, Data Safe, Data Catalog, Analytics Cloud, and Data Flow. We recommend that you use private endpoints if your workloads need to connect with any of these services.

  • Audit Logging

    By default, Audit logs are retained for 365 days. If your organization needs to meet compliance or other requirements, you can optionally archive Audit logs for a longer length of time by saving them in immutable storage written to Oracle Cloud Infrastructure Object Storage and Archive Storage buckets with locked, time-bound retention rules.

  • Managing Terraform State

    The Enterprise Scale Baseline Landing Zone in Oracle Resource Manager manages Terraform state inherently as part of each landing zone deployment. You can store Terraform state within Oracle Cloud Infrastructure Object Storage if needed. For more information, see Using Object Storage for State Files, the link for which you can find in the Explore More topic, elsewhere in this playbook..

  • Tagging

    As part of the Enterprise Scale Baseline Landing Zone deployment, the resources that are created by the landing zone are assigned tags for cost center and geographic location. You should define values for these tags that will help you identify and separate resources based on your organization’s workloads. We recommend that you map the cost center tag to a project or line of business that a workload supports. The geographic location should be defaulted to the OCI region where your workload runs.