Creating a Security Zone
Create a security zone to help ensure that the resources in a compartment comply with security policies.
Before you create a security zone, you must enable Cloud Guard in the tenancy. See Getting Started with Cloud Guard.
When you create a security zone, you can select an Oracle-managed recipe or a custom recipe.
- Deletes any existing Cloud Guard target for the compartment and its subcompartments
- Creates a security zone target for the compartment
- Adds the default Oracle-managed detector recipe to compartments in the security zone
If you create a security zone for a subcompartment whose parent compartment is already in a security zone, Cloud Guard creates a separate security zone target for the subcompartment. No changes are made to the existing target for the parent compartment.
The following diagram illustrates the Cloud Guard configuration for a new security zone in a subcompartment:
For maximum flexibility, avoid assigning a security zone to the root compartment of the tenancy. Security zones applied to the root compartment might constrain the actions that are possible across an entire tenancy. Although this configuration might be preferable for specific use cases, it's too restrictive for most users.
The new security zone is in the Creating state. It can take several minutes to associate the compartment and its subcompartments with the security zone. When finished, the security zone is in the Active state.
If the compartment for this security zone contains existing resources, you can verify whether any of them violate policies in the zone's recipe.
Use the oci cloud-guard security-zone create command and required parameters to create a security zone:
oci cloud-guard security-zone create --compartment-id <compartment_ocid> --display-name <security_zone_name> --security_zone-recipe-id <security_zone_recipe_ocid> [OPTIONS]
For a complete list of flags and variable options for CLI commands, see the Command Line Reference.
Run the CreateSecurityZone operation to create a security zone.