Securing Private Service Access Endpoints with ZPR

You can apply ZPR security attributes to Private Service Access (PSA) endpoints, then write ZPR policies to control access to Oracle Cloud Infrastructure services.

PSA endpoints give cloud resources without public IP addresses private access to OCI services.

For example, only the endpoints with the app:dbs security attribute can connect to the PSA endpoint when the PSA endpoint is assigned the svc:dbs security attribute:

in vcn:A VCN allow app:dbs endpoints to connect to svc:dbs endpoints with protocol 'tcp/443'

To use security attributes and policies with PSA endpoints, you must first create a PSA endpoint, create security attributes to apply to the endpoint, and then create ZPR policy to control access to the endpoint.