Managing Private Endpoints

Create, edit, and delete private endpoints in Resource Manager.

With private endpoints, you can access nonpublic cloud resources in your tenancy from Resource Manager. For example, configure a private compute instance using Terraform's remote exec functionality and access Terraform configurations in a private GitHub server.

Required IAM Policy

To manage private endpoints, you must have permission to manage private endpoints in the tenancy, and to use virtual network resources, such as VCNs and subnets. For more information, see Manage Private Templates.

If you're new to policies, see How Policies Work.

Scenarios

Review common scenarios for using private endpoints with Resource Manager.

Other scenarios also exist. You can reach any private resource with a private IP, using a private endpoint in Resource Manager. For example, connect to a Kubernetes cluster.

Private Git Server

Give Resource Manager access to a Git server that isn't accessible over the internet. User these instructions for a private server that you host at Oracle Cloud Infrastructure or on-premises.

  1. If the private server is on-premises, then set up site-to-site VPN or FastConnect.
    For more information, see Site-to-Site VPN and FastConnect.
  2. Import the private Git server's associated SSL certificate into the Certificates service.

    For more information, see the relevant page:

  3. Create a private endpoint.
  4. Get the reachable IP address for the private endpoint.
  5. Create a configuration source provider that references this private endpoint (and the associated SSL certificate that you imported into the Certificates service).
  6. Create a stack that references this configuration source provider.

Private Remote Exec

Access private instances with Remote Exec.

Note

When accessing a private instance with Remote Exec, you must use a reachable IP address.

See also Getting the Reachable IP Address for a Private Endpoint.

  1. Write a Terraform configuration that creates a private instance.
  2. In the Terraform configuration, either create or reference a private endpoint:

    For example Terraform configurations that use Resource Manager private endpoints, see Private endpoint Terraform configuration examples.

  3. Add code to your Terraform configuration to convert the private IP address to a reachable IP address.

    The reachable IP address is in the range 240.0.0.0 to 255.255.255.255 (Class E; see RFC 1112, Section 4).

    To get the reachable IP address, see Getting the Reachable IP Address for a Private Endpoint.

    Example code
    resource "null_resource" "remote-exec" {
      depends_on = [oci_core_instance.private_endpoint_instance]
    
      provisioner "remote-exec" {
        connection {
          agent = false
          timeout = "30m"
          host = data.oci_resourcemanager_private_endpoint_reachable_ip.test_private_endpoint_reachable_ips.ip_address
          user = "opc"
          private_key = tls_private_key.public_private_key_pair.private_key_pem
        }
    
        inline = [
          "echo 'remote exec showcase' > ~/remoteExecTest.txt"
        ]
      }
    }

    For example Terraform configurations that use Resource Manager private endpoints, see Private endpoint Terraform configuration examples.

  4. Store the Terraform configuration in a supported location.
  5. Create a stack that references this Terraform configuration.
  6. Run an apply job on the stack.
    The private instance and private endpoint are created. You can now use Remote Exec to access your private instance.