Prerequisites for Oracle Platform Services on Oracle Cloud Infrastructure

Setting up Oracle cloud services requires some procedures and prerequisites to be fulfilled before Oracle cloud infrastructure can be used. In this article we will look more deeper into those services and procedures which are mandatory to enable cloud infrastructure to be ready for appropriate usage of its services.

Oracle cloud offers a wide variety of services such as Oracle database cloud service, Oracle data hub cloud service, Oracle event hub service, Oracle java cloud service, Oracle SOA cloud service and so on. 

Oracle Cloud: Sign up and ‘root’ compartment

Oracle cloud infrastructure has different credentials and interface set than Oracle platform services. We can access Oracle cloud infrastructure using a web-based interface called cloud or the REST API. To access console, it is important to use supported browser such as Google Chrome 69 or later Safari 12.1 or later, Firefox 62 or later*.  You will be prompted to enter your cloud tenant, your user name, and your password on the console sign-in page as under.  

Sign in to Oracle Cloud at, provide your cloud account name (also sometimes referred to as your tenancy name) Username and password

Identity and Access Management (IAM) Policy is required to use Oracle cloud infrastructure, you must be granted security policy access by the administrator. This access is needed while using console or using the REST API with an SDK, CLI or any other tool. 

Resources created in your tenancy by Oracle – Oracle creates a compartment in your tenancy for Oracle Platform services. This compartment is configured by Oracle for cloud infrastructure resources that you create via platform services and you are not allowed to choose any other compartment apart from the one created by Oracle for your tenancy. (All subsequent compartments shall be created under this root compartment only). 

Oracle creates IAM policies along with compartments to allow Oracle platform services to access resources. The compartment created by Oracle is named  ManagedCompartmentForPaaS. The policies created by Oracle for Platform services are:

  • PSM-root-policy which is attached to root compartment of your tenancy
  • PSM-mgd-comp-policy is attached to ManagedCompartmentForPaaS compartment

Prerequisites: Oracle Cloud Infrastructure  

Before creation of instances of an Oracle Platform service on Oracle cloud infrastructure you need to have the following resources available in your cloud tenancy. 

  • Compartment for your resources
  • Create Virtual cloud network (VCN) with at least one public subnet
  • IAM Policies to permit Oracle platform services to access VCN
  • Object storage bucket
  • Credentials for use with Object storage bucket

Let’s look each one of them in a bit of detail.

Create a compartment 

  1. Open the navigation menu and click Identity and Security. Under identity click compartments 
  2. List of existing compartments in your tenancy will be displayed 
  3. Click on Create compartment
  4. Enter the following details – Name and description 
  5. Name length is limited to 100 characters including letters, numbers, period, hyphen and underscore and has to be unique 

Create Virtual cloud network (VCN) with at least one public subnet

In Oracle cloud infrastructure web console, in region selector field near upper right-hand corner choose the region in which you want to create Oracle PaaS service instances.

Click = menu near upper left corner of web console

  1. Under networking choose Virtual cloud networks
  2. On the virtual cloud network page click create virtual cloud network
  3. Enter name for virtual cloud network choose the compartment that you created and select Create Virtual cloud network plus related resources

Scroll down and note name of each name of each subnet you want to use for your Oracle PaaS instances

Click create Virtual cloud network 

Oracle cloud infrastructure creates a virtual cloud network with the CIDR block 10.0.0/16 and one public subnet for each availability zone

IAM Policies to permit Oracle platform services to access VCN

Once you created VCN and its subnets now create a policy to permit the PaaS services to use the required network resources.

  1. Click = menu on upper left corner of web console
  2. Under identity select Policies
  3. In the Compartment field select ‘root’ compartment for your tenancy
  4. Click create policy
  5. In create policy enter name and description for the policy
  6. In policy provisioning specify definition of verbs and resources that policy will use
  7. In policy statements add four policies one by one 

Allow service PSM to inspect vcns in compartment <compartment_name>

Allow service PSM to use subnets in compartment <compartment_name>

Allow service PSM to use vnics in compartment <compartment_name>

Allow service PSM to manage security-lists in compartment <compartment_name>

  1. After adding required policies click create 

Create Object storage bucket

  1. Sign in to Oracle cloud infrastructure web console 
  2. Choose region and click = Menu near upper left corner of web console
  3. In menu choose Object storage 
  4. On the buckets page in Compartment field select compartment that you created 
  5. Click create bucket
  6. In create bucket dialog box give name to bucket
  7. Accept the default values in other fields and click on create bucket 

Credentials for use with Object storage bucket

  • Sign in to web console as user who created buckets or has permission to access them
  • Click user icon at upper right corner and from the menu select User settings
  • In Resources navigation pane click Auth tokens and click generate token
  • In Generate token enter token description and click generate token 

Leave a Comment

Select your currency
USD United States (US) dollar