It is very important for any organizations to protect its resources against accidental termination and especially when it comes to compute instance. You not only secure your data but you are also ensuring that the services which are running on the compute instance are always up. In the cloud world, creation and maintenance of the resources have been made much easier. Within a click of button, one can create the resources and even terminate them easily. What if, unintentionally someone terminate the instance which was not supposed to be? All Data Gone????
Normally, when we create users in OCI, we give them some privileges through which they perform some tasks. These privileges comes through Policies. As a best practice, we should always follow the principle of giving least privileges. If the privileges are wide open, then in that case users can easily go and terminate an instance accidentally.
In the above case, user having the privileges can easily terminate, stop, reboot the instance. Basically it can perform all the instance management operations. The instance management operations are basically categorized as
Allow group
REST_USERS to manage instance-family in tenancy
where request.permission!='INSTANCE_DELETE'
Allow group
REST_USERS to use volume-family in tenancy
Allow group
REST_USERS to use virtual-network-family in tenancy
Now if the user tries to terminate the instance, he/she will get the error as below
This is how we can protect our compute instance from getting accidentally terminated. In this case, only the tenancy administrator can terminate an instance The other instance management operations such as Start, Stop, Reboot can be performed by other users and thus it is not going to hamper the daily operations.
I hope this post will help someone. Till, then happy learning cloud
No comments:
Post a Comment