Control: 2.8 Ensure Oracle Autonomous Shared Databases (ADB) access is restricted to allowed sources or deployed within a Virtual Cloud Network

Description

Oracle Autonomous Database Shared (ADB-S) automates database tuning, security, backups, updates, and other routine management tasks traditionally performed by DBAs. ADB-S provide ingress filtering of network traffic or can be deployed within an existing Virtual Cloud Network (VCN). It is recommended that all new ADB-S databases be deployed within a VCN and that the Access Control Rules are restricted to your corporate IP Addresses or VCNs for existing ADB-S databases.

Remediation

From Console

1. Follow the audit procedure above.
2. For each ADB-S database in the returned results, click the ADB-S database name.
3. Click Edit next to Access Control Rules.
4. Click +Another Rule and add rules as required.
5. Click Save Changes.

From CLI

1. Follow the audit procedure.
2. Get the json input format by executing the following command:

oci db autonomous-database update --generate-full-command-json-input

3. For each of the ADB-S Database identified get its details.
4. Update the whitelistIps, copy the WhiteListIPs element from the JSON returned by the above get call, edit it appropriately and use it in the following command:

oci db autonomous-database update –-autonomous-database-id <ABD-S OCID> -- from-json '<network endpoints JSON>'