End-to-End CI/CD Pipeline using Azure DevOps and Terraform for Oracle Cloud Infrastructure (OCI)

 Learn how to build a complete CI/CD pipeline using Azure DevOps and Terraform to automate Oracle Cloud Infrastructure (OCI). This step-by-step guide covers repository setup, service connections, Terraform configuration, pipeline creation, self-hosted agents, and deployment strategies. Ideal for DevOps engineers and cloud architects working with OCI, Azure DevOps, and Infrastructure as Code (IaC). Improve automation, scalability, and deployment efficiency with real-world implementation insights.

Introduction

In today’s cloud-native world, automation is the backbone of scalable infrastructure. In this blog, I’ll walk you through setting up a complete CI/CD pipeline using Azure DevOps and Terraform to deploy resources on Oracle Cloud Infrastructure (OCI).

This approach enables:

• Infrastructure as Code (IaC)
• Automated deployments
• Version-controlled infrastructure
• Scalable and repeatable environments

Create Azure DevOps Repository

Create a PAT token in Azure

Go to your profile and 

Clone the blank repository to your local machine  using an IDE. I had used VsCode

Download the terraform extension in Azure.

Create service connection to OCI

Choose OCI for terraform

Save the details

Prepare the terraform codes

Note: The terraform state file will be stored in the OCI object storage.

Create the variables in ADO

Click on pipelines. Inside we have the library

Also upload the private key to the secure files which will be referred during the execution

The local machine should have the OCI-CLI installed and configured so that terraform connects to the target OCI tenancy. 

Github Repo:-  https://github.com/samratsinha/ADO-OCI-Terraform

Push the code to ADO Repo

in ADO

Create the ADO Pipeline

Save it

Trigger the CI/CD Pipeline

Every commit in the code will trigger the ADO pipeline.

In Azure

in OCI

From the screenshot above, we can see that the pipeline completed successfully and created all the resources in OCI needed to run a VM. This concept can be scaled up as per the requirement.

In continuation to this blog, the part 2 of this blog will discuss about how we can add an another stage to the pipeline which is terraform destroy which will only run after the approval is provided in the staging pipeline.

Till then, continue learning cloud. Hope this will help someone.

How to Set Up Vulnerability Scanning Service in OCI (Step-by-Step Guide)

 

Introduction

Securing your cloud infrastructure is critical, and Oracle Cloud Infrastructure (OCI) provides a built-in Vulnerability Scanning Service (VSS) to detect security risks in your compute instances. In this guide, we’ll walk through the complete setup—from scan recipes to remediation.

---

Prerequisites

• A running OCI compute instance
• Proper access to OCI Console
• Required permissions to configure security services

Create scan recipes

Click on create scan recipe

Go to the compute instance and Enable the VSS agent

Create target. In this example, i am taking a single compute instance as an example.

Configure Cloud Guard and click on recipes

change it to root

click on Detector Rules tab and make sure the below ones are enabled

from the home page, click on configuration and then create new targets

Once the target is created, then move to scan reports

Click on vulnerability report

Go to cloud guard >Alerts>problems

The next step would be to remediate the problems based upon the individual scenarios one by one.

Conclusion

OCI’s Vulnerability Scanning Service combined with Cloud Guard provides a powerful security layer. Regular scans and proactive remediation ensure your infrastructure remains secure and compliant.