Control: 2.7 Ensure Oracle Analytics Cloud (OAC) access is restricted to allowed sources or deployed within a Virtual Cloud Network

Description

Oracle Analytics Cloud (OAC) is a scalable and secure public cloud service that provides a full set of capabilities to explore and perform collaborative analytics for you, your workgroup, and your enterprise. OAC instances provide ingress filtering of network traffic or can be deployed with in an existing Virtual Cloud Network VCN. It is recommended that all new OAC instances be deployed within a VCN and that the Access Control Rules are restricted to your corporate IP Addresses or VCNs for existing OAC instances.

Remediation

From Console

1. Follow the audit procedure above.
2. For each OAC instance in the returned results, click the OAC Instance name.
3. Click Edit next to Access Control Rules.
4. Click +Another Rule and add rules as required.

From CLI

1. Follow the audit procedure.
2. Get the json input format by executing the below command:

oci analytics analytics-instance change-network-endpoint --generate-full-command-json-input

3. For each of the OAC Instances identified get its details.
4. Update the Access Control Rules, copy the network-endpoint-details element from the JSON returned by the above get call, edit it appropriately and use it in the following command:

oci integration analytics-instance change-network-endpoint --from-json '<network endpoints JSON>'