TABLE OF CONTENTS
OCI Account Connection Overview
Before Aqua CSPM can produce any security scan results, you must connect a cloud account. For Oracle Cloud, this is done through the use of a Service Account. A Service Account is an entity that can be assumed by a third party and secured to only access resources in a project. third party
Step 1: Navigate to the "Cloud Accounts" page
- Click on Connect Account on the top right
Step 2: Choose Oracle Cloud Infrastructure (OCI) under "Account Type" and Default Setup under "Method"
Step 3: Retrieve your tenancy OCID
- Log into your Oracle Cloud console and navigate to administration > Tenancy Details.
- Click on Copy by your Tenancy OCID and paste it in the Aqua connection wizard
Step 4: Create a User and API Signing Key
- Navigate to Identity > Users.
- Select Create User.
- Enter "Aqua", then enter "Aqua API Access" in the description.
- Click on Create.
- Copy the User OCID and paste it in the Aqua connection wizard.
- Follow the steps to Generate an API Signing Key listed on Oracle's Cloud Docs.
- Open the public key (oci_api_key_public.pem) in your preferred text editor and copy the plain text (everything).
- Click on Add Public Key and paste the key, then click on Add.
- Copy the public key fingerprint and paste it into the Aqua connection wizard.
- Open the private key (oci_api_key.pem) in your preferred text editor and paste it in the Aqua connection wizard.
Step 5: Create a policy and attach it to the User
- Navigate to Identity > Groups.
- Select Create Group.
- Enter "SecurityAudit" in the Name field, then enter "Aqua Security Audit Access" in the description.
- Click on Submit.
- Select the SecurityAudit group in the Groups List and Add the Aqua API User to the group.
- Navigate to Identity > Policies.
- Select Create Policy.
- Enter "SecurityAudit" in the Name field, then enter "Aqua Security Audit Policy" in the description.
- Copy and paste the following statement:
ALLOW GROUP SecurityAudit to READ all-resources in tenancy
- Click on Create.
Step 6: Retrieve your Compartment OCID
- Navigate to Identity > Compartments.
- Select the compartment to connect and then Click on Copy by your Compartment OCID and paste it in the Aqua connection wizard.