Prerequisites for Configuring a Private Endpoint

Complete all required tasks before configuring and using a private endpoint. If an error prevents you from creating a private endpoint, you might not have completed all prerequisites.

1. Create a VCN and subnet

Perform this task only one time per Oracle Integration instance.

A virtual cloud network (VCN) is a customizable, private network that you set up in Oracle Cloud Infrastructure. A subnet is a subdivision of a VCN. You place private resources, such as an Oracle database in your private network, in a subnet. Your integrations can access the private resources in the subnet using the private endpoint.

You might already have a VCN and subnet. For example, if you have Oracle Cloud Infrastructure resources that aren't on the public internet, you've already created a VCN and subnet to hold these resources. Examples of private resources include an instance of an Oracle Autonomous Database (ATP), a virtual machine that you set up as a private SFTP server, and a web server that you use to host private custom REST endpoints.

Requirements
  • The private resources must be in the same customer tenancy in which Oracle Integration is provisioned.
  • The VCN must be in the same region as your Oracle Integration instance.
  • The VCN and subnet can be in any compartment within the customer tenancy.
  • The subnet can be public or private.
Note

When you create a private endpoint, three IPs will be selected from the available pool of free IPs in the classless inter-domain routing (CIDR) block; they won't be from the network reserved IPs.

Instructions

See Overview of VCNs and Subnets.

Information you'll need later

Make sure you note the following information. You'll need it when you create the private endpoint.

  • Name of the compartment that holds the VCN, and the compartment that holds the subnet.

    They might be the same compartment.

  • Name of the VCN.
  • Name of the subnet within the VCN that the private endpoint will allow access to.

    The subnet contains your private resources, such as your Oracle Autonomous Database (ATP) instance.

2. Add resources to your subnet

Place any private resources that you want integrations to access in your subnet. Examples of private resources include an instance of an Oracle Autonomous Database (ATP), a virtual machine that you set up as a private SFTP server, and a web server that you use to host private custom REST endpoints.

3. Create a policy

Perform this task only one time per Oracle Integration instance. You need only one policy per Oracle Integration instance.

To create a private endpoint, you need permission to manage resources in the compartment that holds your subnet. To get these permissions, create a policy.

The policy allows the private endpoint to create a virtual network interface card (VNIC) in the compartment that contains the subnet. The private endpoint uses the VNIC to access the private resources in the subnet. To learn more about VNICs, see Virtual Network Interface Cards (VNICs).

Requirements

Use the following syntax:

allow group group_name to manage virtual-network-family in compartment compartment-name

where:
  • group_name is the user group that is allowed to create the private endpoint.

    Make sure that the person who will create the private endpoint belongs to the group.

  • compartment-name is the name of the compartment that contains the subnet with the private resources. When you created the VCN and subnet, the compartment that contains your Oracle Integration instance was selected by default. However, you might have chosen different compartments.

Instructions

To create a policy, see the following: