Skip to main content

Compartments in OCI



Hi and welcome to my blog.

My intention with this blog is to explain in a simple and intuitive way how to work with OCI. And to begin with, let's start with one of the key elements of OCI, the compartment.

Compartments are logical divisions used to organize the resources in OCI. To draw an analogy, you can think of them like folders in Windows or directories in Linux. Essentially, each element in your environment will be stored in a compartment, and you'll need to access that compartment in the OCI console to locate those elements.

Following you can see the main characteristics of the compartments:


For all of these reasons, compartments are a powerful feature to ensure security isolation and acccess control in your environment.

It is also important to know that child compartments inherit their parents policies.

To access to the compartment view in OCI, just navigate to Identity & Security / Compartments, and you will see all the compartments deployed in your environment.


A compartment can be created mainly in 3 ways:

  • Manually from OCI Console
Click on "Create compartment" button on OCI console:



And fill the fields:



  • With Terraform code
Use the power of Infrastructure as Code to deploy it:

resource "oci_identity_compartment" "test_compartment" {
    #Required
    compartment_id = var.compartment_id
    description = var.compartment_description
    name = var.compartment_name

    #Optional
    defined_tags = {"Operations.CostCenter"= "42"}
    freeform_tags = {"Department"= "Finance"}
}

Code obtained from the official Terraform documentation:

  • OCICLI
It is also to use the OCI API to create resources:

oci iam compartment create -c [text] --description [text] -- name [text]
To see all available options:












Popular posts from this blog

Object Storage

  Object Storage in Oracle Cloud Infrastructure (OCI) is a cloud-based service that lets you store and access any kind of digital file—like photos, videos, documents, or backups—easily and securely. Instead of using folders like on your computer, it organizes everything in containers called “buckets,” where each file is an “object.” It’s designed to handle large amounts of data, so you don’t have to worry about running out of space, and your files are safely stored and always available when you need them. In OCI Object Storage, there are different storage tiers depending on how often you need to access your files: The Standard tier is for data you use regularly—it's fast and always ready.  The Archive tier is for files you don’t need very often, like old backups or logs; it’s much cheaper, but it takes a few hours to access the data when you need it.  You can move files between these tiers to save money using something called lifecycle policies —these are simple rules...
Read more

Purge Logging Analytics logs

 Is your tenant generating unexpected costs for Logging Analytics? Here is a possible solution. In the metrics you can see that as time progresses the storage used by Logging Analytics only increases. The explanation is that you are only generating logs, without deleting the old ones. Here is how you can create a Logging Analytics log purging policy: Navigate to Logging Analytics / Administration / Storage Here you can create a policy like this, which will purge the logs with more than 1 month old (for example): Also you can delete manually the Logging Analytics logs clicking the following button:
Read more

Infrastructure as Code

In some of the previous posts we have seen how to deploy some resources with Terraform. Terraform is an Infrastructure-as-Code (IaC) tool that allows to manage, version and maintain your infrastructure programmatically in OCI. But... What is Infrastructure as Code?   So, let's start with the concept of Infrastructure as Code (IaC). Infrastructure as Code, abbreviated as IaC, allows us to manage and provision infrastructure through code, rather than manual processes . This approach offers numerous advantages:   The first advantage is deployment automation . You won't need to manually prepare or manage operating systems, servers, storage, or any other components. Everything becomes automated.   Another benefit is the speed of implementation and deployment due to this automation.   It also reduces the risk of errors by utilizing templates for deployments and eliminating manual processes.   Lastly, using IaC ensures consistent environment crea...
Read more