Oracle Cloud Infrastructure Setup
Network Architecture
Resource Organization
Compartment Structure
Network Configuration
VCN Setup
vcn:
name: oan-finance-vcn
cidr_block: "10.0.0.0/16"
dns_label: oanfinance
subnets:
public:
name: public-subnet
cidr_block: "10.0.0.0/24"
security_lists:
- allow_http_https
- allow_ssh
private_app:
name: private-app-subnet
cidr_block: "10.0.1.0/24"
security_lists:
- allow_app_traffic
private_data:
name: private-data-subnet
cidr_block: "10.0.2.0/24"
security_lists:
- allow_database_traffic
Security Configuration
Network Security Groups
security_groups:
load_balancer:
name: lb-security-group
rules:
ingress:
- protocol: tcp
source: 0.0.0.0/0
ports: [80, 443]
application:
name: app-security-group
rules:
ingress:
- protocol: tcp
source: lb-security-group
ports: [3000]
database:
name: db-security-group
rules:
ingress:
- protocol: tcp
source: app-security-group
ports: [5432]
Database Configuration
Database Instance
database:
shape: VM.Standard2.2
storage_size_in_gb: 256
database_edition: ENTERPRISE_EDITION
cpu_core_count: 2
backup_policy:
retention_days: 30
backup_type: INCREMENTAL
maintenance_window:
preference: CUSTOM_PREFERENCE
days: ['SUNDAY']
hours: [2]
Load Balancer Setup
Load Balancer Configuration
load_balancer:
shape: 100Mbps
subnet_ids:
- public-subnet-id
listeners:
http:
port: 80
protocol: HTTP
https:
port: 443
protocol: HTTPS
certificate_name: oan-finance-cert
backend_sets:
app:
policy: ROUND_ROBIN
health_checker:
protocol: HTTP
port: 3000
url_path: /health
Storage Configuration
Block Volume Configuration
block_volumes:
data:
size_in_gbs: 100
vpus_per_gb: 20
backup_policy: gold
logs:
size_in_gbs: 50
vpus_per_gb: 10
backup_policy: silver
Monitoring Setup
Monitoring Configuration
monitoring:
metrics:
namespace: oan_finance
compartment_id: ocid1.compartment.oc1..
alarms:
cpu_utilization:
display_name: High CPU Usage
namespace: oan_metrics
query: CPU.Utilization > 80
severity: CRITICAL
logging:
log_group: oan_logs
categories:
- application
- system
- audit
Identity and Access Management
IAM Policies
policies:
developers:
name: developers
statements:
- Allow group developers to manage instances in compartment development
- Allow group developers to use virtual-network-family in compartment development
operators:
name: operators
statements:
- Allow group operators to manage all-resources in compartment production
- Allow group operators to manage backups in compartment production
Disaster Recovery
DR Configuration
disaster_recovery:
type: active_passive
rto: 4_hours
rpo: 15_minutes
replication:
database: continuous
block_volume: periodic
object_storage: continuous
Cost Management
Budget Configuration
budgets:
monthly:
name: monthly-budget
amount: 10000
targets:
- compartment_id: ocid1.compartment.oc1..
alert_rules:
- threshold: 80
type: ACTUAL
message: Monthly budget threshold exceeded
Best Practices
Security
- Use least privilege access
- Enable audit logging
- Implement network security
- Regular security assessments
Performance
- Right-size resources
- Use auto-scaling
- Monitor performance metrics
- Optimize costs
Reliability
- Multi-AD deployment
- Regular backups
- DR testing
- High availability setup
Maintenance
- Regular updates
- Resource tagging
- Cost monitoring
- Compliance checks