1. Whitelisting Access for OCI Analytics Cloud Services


    Whitelisting access for Oracle Cloud Infrastructure (OCI) Analytics Cloud Services typically involves setting up network access rules to control the traffic to and from your Analytics instance. To whitelist access, you can specify IP addresses, VCNs, and services that are allowed to interact with your Analytics instance.

    In the Pulumi program below, we will use the oci.Analytics.AnalyticsInstance resource to create an Analytics instance and configure its network access rules. We'll set up a whitelist of IPs using the networkEndpointDetails property's whitelistedIps field. Additionally, if you wanted to further control the traffic by specifying VCNs or security rules, you could use the whitelistedVcns and networkSecurityGroupIds fields respectively.

    Here is a step-by-step explanation followed by the Pulumi program in Python:

    1. Import Pulumi OCI Plugin: This allows us to interact with OCI services.
    2. Analytics Instance Creation: Use oci.Analytics.AnalyticsInstance to create an Analytics instance.
    3. Networking Configuration: Define a networkEndpointDetails object within the instance creation to set up whitelisting. You'll need to supply an array of whitelisted IP addresses. Optionally, you can also define VCNs and security groups.
    4. Output: Export the URL to access the Analytics instance.

    The program assumes you have already configured your OCI provider, so no setup for that is included. Here's the Pulumi program:

    import pulumi import pulumi_oci as oci # Create an OCI Analytics instance with whitelisted IPs. analytics_instance = oci.analytics.AnalyticsInstance('my-analytics-instance', compartment_id='ocid1.compartment.oc1..xxxxxx', # Replace with your Compartment OCID name='MyAnalyticsInstance', description='This is my analytics instance', feature_set='ENTERPRISE_ANALYTICS', # or 'SELF_SERVICE_ANALYTICS' based on the feature set you need license_type='LICENSE_INCLUDED', # or 'BRING_YOUR_OWN_LICENSE' service_name='my-analytics-service', # Replace with your Service Name network_endpoint_details=oci.analytics.AnalyticsInstanceNetworkEndpointDetailsArgs( network_endpoint_type='PUBLIC', # Can be 'PRIVATE' if you want to use VCNs. whitelisted_ips=['', ''], # Replace with IPs you want to whitelist. # Following are optional configurations based on if you choose a PRIVATE network. # subnet_id='ocid1.subnet.oc1..xxxxxx', # whitelisted_vncs=[ # oci.analytics.AnalyticsInstanceNetworkEndpointDetailsWhitelistedVncsArgs( # id='ocid1.vcn.oc1..xxxxxx', # whitelisted_ips=['', ''], # ), # ], # whitelisted_services=['all'], # Can specify particular services like 'logging', 'monitoring', etc. # network_security_group_ids=['ocid1.networksecuritygroup.oc1..xxxxxx'], ) ) # Export the URL of the created Analytics instance. pulumi.export('analytics_instance_url', analytics_instance.service_url)

    Please replace the placeholder ocid1.compartment.oc1..xxxxxx and other OCID placeholders with your actual resource identifiers from your OCI environment. The whitelisted_ips should be the IP addresses you desire to whitelist for access to the analytics service.

    You would typically run this Pulumi program by placing it in a file with a .py extension, such as main.py, and then use the Pulumi CLI to deploy it with pulumi up. The CLI will prompt you to review and confirm the actions Pulumi will take.

    Keep in mind that the Python program provided assumes you're familiar with OCI terminology and structures, such as compartments, service names, and OCIDs. The actual IPs and service details would need to fit your organization's specific network setup and governance policies.