Whitelisting Access for OCI Analytics Cloud Services

Question

Pulumi · Accepted Answer

Whitelisting access for Oracle Cloud Infrastructure (OCI) Analytics Cloud Services typically involves setting up network access rules to control the traffic to and from your Analytics instance. To whitelist access, you can specify IP addresses, VCNs, and services that are allowed to interact with your Analytics instance.

In the Pulumi program below, we will use the `oci.Analytics.AnalyticsInstance` resource to create an Analytics instance and configure its network access rules. We'll set up a whitelist of IPs using the `networkEndpointDetails` property's `whitelistedIps` field. Additionally, if you wanted to further control the traffic by specifying VCNs or security rules, you could use the `whitelistedVcns` and `networkSecurityGroupIds` fields respectively.

Here is a step-by-step explanation followed by the Pulumi program in Python:

1. **Import Pulumi OCI Plugin**: This allows us to interact with OCI services.
2. **Analytics Instance Creation**: Use `oci.Analytics.AnalyticsInstance` to create an Analytics instance.
3. **Networking Configuration**: Define a `networkEndpointDetails` object within the instance creation to set up whitelisting. You'll need to supply an array of whitelisted IP addresses. Optionally, you can also define VCNs and security groups.
4. **Output**: Export the URL to access the Analytics instance.

The program assumes you have already configured your OCI provider, so no setup for that is included. Here's the Pulumi program:

```python
import pulumi
import pulumi_oci as oci

# Create an OCI Analytics instance with whitelisted IPs.
analytics_instance = oci.analytics.AnalyticsInstance('my-analytics-instance',
    compartment_id='ocid1.compartment.oc1..xxxxxx',  # Replace with your Compartment OCID
    name='MyAnalyticsInstance',
    description='This is my analytics instance',
    feature_set='ENTERPRISE_ANALYTICS',  # or 'SELF_SERVICE_ANALYTICS' based on the feature set you need
    license_type='LICENSE_INCLUDED',  # or 'BRING_YOUR_OWN_LICENSE'
    service_name='my-analytics-service',  # Replace with your Service Name
    network_endpoint_details=oci.analytics.AnalyticsInstanceNetworkEndpointDetailsArgs(
        network_endpoint_type='PUBLIC',  # Can be 'PRIVATE' if you want to use VCNs.
        whitelisted_ips=['203.0.113.0', '203.0.113.1'],  # Replace with IPs you want to whitelist.
        # Following are optional configurations based on if you choose a PRIVATE network.
        # subnet_id='ocid1.subnet.oc1..xxxxxx', 
        # whitelisted_vncs=[
        #     oci.analytics.AnalyticsInstanceNetworkEndpointDetailsWhitelistedVncsArgs(
        #         id='ocid1.vcn.oc1..xxxxxx',
        #         whitelisted_ips=['203.0.113.10', '203.0.113.11'],
        #     ),
        # ],
        # whitelisted_services=['all'],  # Can specify particular services like 'logging', 'monitoring', etc.
        # network_security_group_ids=['ocid1.networksecuritygroup.oc1..xxxxxx'],
    )
)

# Export the URL of the created Analytics instance.
pulumi.export('analytics_instance_url', analytics_instance.service_url)
```

Please replace the placeholder `ocid1.compartment.oc1..xxxxxx` and other OCID placeholders with your actual resource identifiers from your OCI environment. The `whitelisted_ips` should be the IP addresses you desire to whitelist for access to the analytics service.

You would typically run this Pulumi program by placing it in a file with a `.py` extension, such as `main.py`, and then use the Pulumi CLI to deploy it with `pulumi up`. The CLI will prompt you to review and confirm the actions Pulumi will take.

Keep in mind that the Python program provided assumes you're familiar with OCI terminology and structures, such as compartments, service names, and OCIDs. The actual IPs and service details would need to fit your organization's specific network setup and governance policies.