Removing a Subcompartment from a Security Zone

When you remove a subcompartment from a security zone, Oracle Cloud Infrastructure no longer enforces security zone policies on the resources in the subcompartment.

Note

You can't remove the parent compartment that was used to create the security zone. You must delete the security zone.

When you remove a subcompartment from a zone, Cloud Guard creates a standard target for the subcompartment. The new target has the same detector recipes as the security zone target for the parent compartment, but it doesn't detect security zone policy violations. No changes are made to any of the existing Cloud Guard targets and detector recipes.

The following diagram illustrates the Cloud Guard configuration for a subcompartment that's removed from a security zone:

View full-size image.

• Console
• CLI
• API

• 1. Open the navigation menu and click Identity & Security. Under Security Zones, click Overview.
  2. Under List scope, select the compartment associated with the security zone that you want to modify.
  3. Click the name of the security zone.

     The Security Zone details page is displayed.

     The compartments in this security zone are listed under Associated compartments. Expand the parent compartment to view any subcompartments in this security zone.

  4. Click the Actions icon to the right side of the subcompartment, and then select Remove compartment.
  5. When prompted for confirmation, click Remove.

• Use the oci cloud-guard security-zone remove command and required parameters to remove a subcompartment from a security zone:

  oci cloud-guard security-zone remove --compartment-id <compartment_ocid> --security-zone-id <security_zone_ocid> [OPTIONS]

  For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

• Run the RemoveCompartment operation to remove a subcompartment from a security zone.