Getting Started with Cloud Advisor
Start using the Cloud Advisor service. Cloud Advisor recommendations can help you save money and improve performance, fault tolerance, and security.
Required IAM Policies
This page describes the Identity and Access Management requirements and security policies that Cloud Advisor uses to ensure that your resources are protected.
To use Oracle Cloud Infrastructure, you must be granted security access in a policy by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don't have permission or are unauthorized, verify with your administrator what type of access you have and which compartment to work in.
To get started with Cloud Advisor, an administrator must grant each user access to Cloud Advisor and to the resources that Cloud Advisor recommendations impact through an IAM policy. Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).
The resource name for Cloud Advisor is optimizer-api-family
. The following is an example policy to grant users access to Cloud Advisor to the resources that Cloud Advisor recommendations impact:
Allow group OptimizerAdmins to manage optimizer-api-family in tenancy
If you're new to policies, see Getting Started with Policies and Common Policies. For more information about Cloud Advisor policies, see Creating Cloud Advisor policies.
Additional Cloud Advisor required permissions
Although the permissions described above let you view the recommendations and some information about them, Cloud Advisor features granular permissions to support compartment and resource based security policies. These permissions are granted at the compartment level rather than the tenancy level as was previously done. If you do not have the correct permissions, you might not be able to view all the recommendation details, or the resource details for the recommendation you are viewing. To view all the recommendation and resource metadata, contact your account administrator to get the permissions for your compartment. For more information, see Additional Required Permissions.
Operational Status
This section describes the Cloud Advisor operational (enrollment) statuses and explains how to get, list, and change them. It contains procedures to complete the following tasks:
Listing the Cloud Advisor Operational Status
Listing the Cloud Advisor Operational Status
This section describes how to list the Cloud Advisor operational status for a compartment.
- Open the navigation menu and click Governance & Administration. Under Cloud Advisor, click Settings.The Cloud Advisor Settings page opens. The operational status of Cloud Advisor is shown on the page. If Cloud Advisor is enabled, Disable Cloud Advisor is shown on the screen. If Cloud Advisor is disabled, Enable Cloud Advisor is shown on the screen.
Use the command oci optimizer enrollment-status-summary list to list the operational statuses for a compartment.
oci optimizer enrollment-status-summary list --compartment-id <compartment_ocid>
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Use the ListEnrollmentStatuses operation to list the operational statuses for a compartment.
Getting the Cloud Advisor Operational Status
This section describes how to obtain the Cloud Advisor operational status for a compartment.
The Console function is not available for this task. It can be performed only with the CLI or API.
Using the CLI
Use the oci optimizer enrollment-status get command to get the status of a Cloud Advisor enrollment.
oci optimizer enrollment-status get --enrollment-status-id <enrollment_status_OCID>
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Using the API
Use the GetEnrollmentStatus operation to get the Cloud Advisor operational status.
Enabling and Disabling Cloud Advisor
This section explains how to activate or deactivate Cloud Advisor.
The Console function is not available for this task. It can be performed only with the CLI or API.
To enable Cloud Advisor
The following procedure explains how to enable Cloud Advisor. This task can be performed only from the Console.
The tenancy that you are signed in to must have resources in it before you can activate Cloud Advisor. If Cloud Advisor fails to activate, check the tenancy to see if has resources in it, and add resources as needed.
When you sign in to a tenancy with resources, Cloud Advisor is automatically activated by default.
To disable Cloud Advisor
The following procedure explains how to disable Cloud Advisor. Note: This task can be performed only from the Console.
Enabling Cloud Guard
Cloud Guard integrates with Cloud Advisor to display security recommendations in the Cloud Advisor dashboard. After you enable Cloud Advisor, you can integrate Cloud Guard.
To enable Cloud Guard, follow the steps in Getting Started with Cloud Guard.
Cloud Guard can display recommendations for only the tenancies you can log in to and no others, even if they are in your organization. To view Cloud Guard recommendations, change the tenancy selection in the left pane to a tenancy you can log in to.