Necessary Steps for Configuring Instance Principals for OCI Public Services
Question
You need to set up instance principals so that an application running on an instance can call Oracle Cloud Infrastructure (OCI) public services, without the need to configure user credentials.
A developer in your team has already configured the application built using an OCI SDK to authenticate using the instance principals provider.
Which is NOT a necessary step to complete this set up?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D.
https://blogs.oracle.com/cloud-infrastructure/announcing-instance-principals-for-identity-and-access-managementTo set up instance principals so that an application running on an instance can call Oracle Cloud Infrastructure (OCI) public services, without the need to configure user credentials, you need to perform the following steps:
A. Create a dynamic group with matching rules to specify which instances you want to allow to make API calls against services: To use instance principals, you need to create a dynamic group with rules that identify the instances that require access to OCI services. Dynamic groups are a way to group resources in OCI based on specific attributes. You can create dynamic groups using various attributes, such as instance OCID, compartment ID, and instance tags.
B. Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs: After creating the dynamic group, you need to generate an auth token for each instance in the group. An auth token is a short-lived token that enables an instance to authenticate with OCI APIs using instance principals. You can generate auth tokens using the OCI CLI or the API.
C. Create a policy granting permissions to the dynamic group to access services in your compartment or tenancy: Once you have created the dynamic group and generated auth tokens for the instances, you need to create a policy that grants permissions to the dynamic group to access OCI services. A policy is a set of statements that specify the resources and actions that a group or user can access. In this case, you need to create a policy that grants permissions to the dynamic group to access the required OCI services.
D. Deploy the application and the SDK to all the instances that belong to the dynamic group: Finally, you need to deploy the application and the OCI SDK to all the instances that belong to the dynamic group. The application must be configured to use the OCI SDK to authenticate using instance principals.
Therefore, to answer the question, the step that is NOT necessary to complete this setup is D, which is to deploy the application and the SDK to all the instances that belong to the dynamic group. This step is already assumed to be done by the developer who has configured the application to authenticate using the instance principals provider.
