turbot/oci_compliance

Control: 6.1 Create at least one compartment in your tenancy to store cloud resources

Description

When you sign up for Oracle Cloud Infrastructure, Oracle creates your tenancy, which is the root compartment that holds all your cloud resources. You then create additional compartments within the tenancy (root compartment) and corresponding policies to control access to the resources in each compartment.

Compartments allow you to organize and control access to your cloud resources. A compartment is a collection of related resources (such as instances, databases, virtual cloud networks, block volumes) that can be accessed only by certain groups that have been given permission by an administrator.

Compartments are a logical group that adds an extra layer of isolation, organization and authorization making it harder for unauthorized users to gain access to OCI resources.

Remediation

From Console

  1. Login to OCI Console.
  2. Select Identity from the Services menu.
  3. Select Compartments from the Identity menu.
  4. Click Create Compartment.
  5. Enter a Name.
  6. Enter a Description.
  7. Select the root compartment as the Parent Compartment.
  8. Click Create Compartment.

From CLI

  1. Execute the following command:
oci iam compartment create --compartment-id '<tenancy-id>' --name '<compartment-name>' --description '<compartment description>'

Usage

Run the control in your terminal:

powerpipe control run oci_compliance.control.cis_v200_6_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run oci_compliance.control.cis_v200_6_1 --share

SQL

This control uses a named query:

identity_tenancy_with_one_active_compartment

Tags