Before you create an Oracle Cloud Object Storage connection to read from or write to Oracle Cloud Object Storage, be sure to complete the prerequisites.
Configure Oracle Cloud Infrastructure policies
As a user, you can use Oracle Cloud Object Storage Connector after the organization administrator creates a minimal Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) policy for Oracle Cloud Object Storage Connector.
The Oracle Cloud Infrastructure policy defines the resources that users and groups can access in an OCI account and how to access them. You can use policies to manage certain types of resources in a specific compartment in certain ways.
You need to perform the following tasks:
1Define users, groups, and one or more compartments to hold the cloud resources for your organization.
2Create the policies.
3Place users into the appropriate groups depending on the compartments and resources they need to work with.
4Provide the users with the one-time passwords that they need to access the console and work with the compartments.
Allow group <group_name> to <verb> <resource-type> in compartment <compartment_name>
For example,
Allow group ObjectReaders to read buckets in compartment ABC
Allow group ObjectWriters to manage objects in compartment ABC where any {request.permission='OBJECT_CREATE', request.permission='OBJECT_INSPECT'}
You need to add the following policies to configure the Oracle Cloud Object Storage connection, access objects, and run mappings:
•Policies for Oracle Cloud Object Storage test connection
Allow group <group_name> to inspect object-family in compartment <compartment_name>
Allow group <group_name> to inspect buckets in compartment <compartment_name>
•Policies for Oracle Cloud Object Storage sources
Allow group <group_name> to inspect buckets in compartment <compartment_name>
Allow group <group_name> to read object-family in compartment <compartment_name>
•Policies for Oracle Cloud Object Storage targets
Allow group <group_name> to manage inspect buckets in compartment <compartment_name>
Allow group <group_name> to manage object-family in compartment <compartment_name>
Prepare for authentication
You can configure the following authentication methods for Oracle Cloud Object Storage Connector:
ConfigFile authentication
The ConfigFile authentication uses identity credentials of Oracle Cloud Infrastructure (OCI) account provided through a configuration file for authentication. This authentication method is based on the profile selected in the configuration file.
You can create a configuration file in the following format:
You require the user OCID, fingerprint, and tenancy OCID information from the OCI account for the configuration file.
For more information about the steps to extract the identity credentials from the Oracle Cloud Infrastructure Console, see the Oracle Cloud Infrastructure documentation.
By default, the OCI configuration file is located at ~/.oci/config on the Secure Agent machine. The ~/.oci/config file can contain several profiles. The default profile name is DEFAULT. You can change the default profile name to any new profile names based on the profiles that you add to the ~/.oci/config file. The ~/.oci/config file cannot contain two profiles with the same name.
Simple authentication
The simple authentication uses API keys for authentication. You can provide the authentication details in the Oracle Cloud Object Storage connection. You need to place the private key file in the Secure Agent machine.
You require the user OCID, fingerprint, and tenancy OCID information from the Oracle Cloud Infrastructure account to create an Oracle Cloud Object Storage connection.
For more information about the steps to extract the identity credentials from the Oracle Cloud Infrastructure Console, see the Oracle Cloud Infrastructure documentation.