OCI Object Storage: Copy Objects Across Tenancies Within a Region

Note: My original blog was published in ORACLE CLOUD INFRASTRUCTURE blog site on April 15th, 2019. I have republished it here with permission.

Official Disclaimer: The views and opinions expressed in this blog are those of the author and do not necessarily reflect the official policy or position of Oracle Corporation.
This post was developed jointly with Mohamad Charaf, Oracle Enterprise Cloud Architect.

If you have two tenancies in the same region, and you want to copy data that is stored in Object Storage from one tenancy to the other without making the buckets public, this action requires some additional types of identity and access management (IAM) policies.
This blog post walks you through how to create these policies. For this example, the source tenancy is named ACMEBMCS and the destination tenancy is named ACMEOCISA. In ACMEBMCS, the Object Storage buckets are in the benchmark compartment. In ACMEOCISA, the target compartment is oracleexa.
The following activities are required to enable copying across tenancies:
  1. Object Storage needs permission to access the source and the destination buckets.
  2. Both the source and destination tenancies require IAM policies to permit the copy. The tenancy that is the destination for the copy must have a policy with at least the following permissions:
    define tenancy CopySourceTenancy as <OCID_for_source_tenancy>

define group CopySourceGroup as <OCID_for_group_in_source_tenancy>
admit group CopySourceGroup of tenancy CopySourceTenancy to {OBJECT_READ, OBJECT_CREATE, OBJECT_OVERWRITE, OBJECT_INSPECT, OBJECT_DELETE} in tenancy
  3. The source tenancy of the copy operation must have policies in place with at least the following permissions:
    define tenancy CopyDestinationTenancy as <OCID_for_destination_tenancy>

endorse group <group_name_in_source_tenancy> to {OBJECT_READ, OBJECT_CREATE, OBJECT_OVERWRITE, OBJECT_INSPECT, OBJECT_DELETE} in tenancy CopyDestinationTenancy
Using the console UI, the following policies were created for this example:

Source Tenancy Policy

Target Tenancy Policy

The instance principal from the destination tenancy initiates the copy process.
This example used object copy within the same region. If you're interested in cross-region copy, you can essentially use the same IAM policies and permissions. We've created a repository of guides especially for managing object storage with IAM polices using Terraform.

For additional background reading, review our foundational blog post on IAM best practices.

Comments

  1. saivenkatJanuary 20, 2021 at 5:30 PM

    Great blog.you put Good stuff.All the topics were explained briefly.so quickly understand for me.I am waiting for your next fantastic blog.Thanks for sharing.Any coures related details learn...
    Cloud Business Management Software Suite

    ReplyDelete
  2. Trusted Business SolutionsOctober 15, 2021 at 3:14 AM

    I found one successful example of this truth through this blog. I am going to use such information now. NEC Brisbane

    ReplyDelete
  3. Cyber CodeNovember 19, 2021 at 3:00 AM

    Excellent post. I really enjoy reading and also appreciate your work. This concept is a good way to enhance knowledge. Keep sharing this kind of articles, Thank you. Cyber Security IT Courses In Canada

    ReplyDelete
  4. Mace IT ServicesDecember 10, 2021 at 11:13 AM

    Nice info, I am very thankful to you for sharing this important knowledge. This information is helpful for everyone. Read more info about IT Solutions Auckland. So please always share this kind of information. Thanks.

    ReplyDelete
  5. immunitynetworksDecember 16, 2021 at 1:27 PM

    I admire this article for the well-researched content and excellent wording. Read more info about MSP Service. I got so involved in this material that I couldn’t stop reading. I am impressed with your work and skill. Thank you so much.

    ReplyDelete
  6. Aaron jhonsonDecember 26, 2021 at 8:54 PM

    Thank you for sharing such a useful article. I had a great time. This article was fantastic to read. Continue to publish more articles on
    Data Engineering Services 
    Data Analytics Solutions
    Data Modernization Solutions
    AI & ML Service Provider

    ReplyDelete

Post a Comment

Popular posts from this blog

Access data anywhere using DataDistillr and your Oracle Cloud Credits

Image
DataDistillr is the “easy button” to join and query any data set without ETL or pipelines and publish to an API. What is DataDistillr “DDR” DDR is the leading enterprise data & analytics platform that dramatically decreases the time to insight by creating a real time virtual data lake that enables analysts, data scientists and business users to join, query and visualize data from any source with the click of a button - No ETL or coding required. Pre-built Enterprise “Connectors” to all your data sources  DDR connects to relational & non relational databases, APIs (Salesforces, Marketo, Hubspot, ServiceNow, Twilio, Stripe, etc.) and flat files (Excel, CSV, JSON & more), and runs queries, including joins, across all of these data sources using standard SQL without having to move, prep or orchestrate any data. Collaborate, publish & share both raw and curated data DDR one click API and messaging provides native functionality for users to: ● Easily collaborate with each o
Read more

Guidance for Setting Up a Cloud Security Operations Center (cSOC)

Image
Note : My original blog was published in ORACLE CLOUD INFRASTRUCTURE blog site on August 20th, 2018. I have republished it here with permission. Official Disclaimer : The views and opinions expressed in this blog are those of the author and do not necessarily reflect the official policy or position of Oracle Corporation. Establishing a security operations center (SOC) is one of the primary requirements for managing cybersecurity-related risks in the current information age. This post provides general DIY guidance for building a SOC primarily for Oracle Cloud, including both platform-as-a-service and infrastructure-as-a-service offerings. This general guidance is also applicable to hybrid cloud environments. As more businesses are relying on interconnected technologies, like IoT sensors and cloud-based platforms, it’s becoming unmanageable to respond to cyberthreats and resulting incidents without having proper visibility across the cyberthreat landscape. So it’s
Read more