HowTo configure oci-cli with Instance/Resource Principals
(Doc ID 2763990.1)
Last updated on APRIL 20, 2021
Oracle Database Cloud Exadata Service - Version N/A to N/A [Release 1.0] Information in this document applies to any platform.
Oracle Cloud Infrastructure CLI (oci-cli) has 3 ways to authenticate: User + Authentication Token, Instance Principals and Resource Principals. With User Principals, you are placing your private token onto the machine... Hence anyone accessing the machine could potentially use your user (as you left the private key on there) and perform whatever you are allowed to do. Moreover such configuration is not permitted in the tenant that is configured with "federated users". OCI introduced a way that instances (in compute case) can authenticate themselves against the Control Plane and execute things the “instance” is allowed to do. Scope of this article is to show how to configure Resource Principals and how to leverage such configuration with oci-cli.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!