Control: 6.1 Create at least one compartment in your tenancy to store cloud resources
Description
When you sign up for Oracle Cloud Infrastructure, Oracle creates your tenancy, which is the root compartment that holds all your cloud resources. You then create additional compartments within the tenancy (root compartment) and corresponding policies to control access to the resources in each compartment.
Compartments allow you to organize and control access to your cloud resources. A compartment is a collection of related resources (such as instances, databases, virtual cloud networks, block volumes) that can be accessed only by certain groups that have been given permission by an administrator.
Compartments are a logical group that adds an extra layer of isolation, organization and authorization making it harder for unauthorized users to gain access to OCI resources.
Remediation
From Console
- Login to OCI Console.
- Select
Identity
from the Services menu. - Select
Compartments
from the Identity menu. - Click
Create Compartment
. - Enter a
Name
. - Enter a
Description
. - Select the root compartment as the
Parent Compartment
. - Click
Create Compartment
.
From CLI
- Execute the following command:
oci iam compartment create --compartment-id '<tenancy-id>' --name '<compartment-name>' --description '<compartment description>'
Usage
Run the control in your terminal:
powerpipe control run oci_compliance.control.cis_v200_6_1
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run oci_compliance.control.cis_v200_6_1 --share
SQL
This control uses a named query:
identity_tenancy_with_one_active_compartment