[OCI] Understanding Security Lists in Oracle Cloud (OCI)

on

 


When working with Oracle Cloud Infrastructure (OCI), one of the key things to understand is how to control who can access your cloud resources and how those resources connect to the outside world. This is where Security Lists come into play.

In this blog post, I’ll explain what a Security List is in OCI, using simple terms and real-life examples to help you understand it easily.


🔐 What is a Security List?

A Security List in OCI is like a gatekeeper or security guard for your cloud environment. It contains rules that determine:

  • Who can enter (called Ingress Rules)

  • Who can exit (called Egress Rules)

These rules help protect your cloud resources by only allowing approved network traffic to flow in and out.


🏡 Real-World Analogy

Imagine your house is a virtual machine in OCI, and your street is the internet. You live in a gated community where the guard only allows specific people or deliveries to enter.

  • You maintain a list at the gate of who can visit — this is similar to the ingress rule.

  • You also have a rule at home — like not letting your dog go out without a leash — this is your egress rule.

Similarly, in OCI, the Security List defines who can talk to your server and what your server can talk to.



📋 How It Works in OCI

A Security List is attached to a subnet, and it applies to all the compute instances (VMs) inside that subnet.

It contains rules based on:

  • Source or destination IP address

  • Port number (e.g., 22 for SSH, 80 for HTTP, 443 for HTTPS)

  • Protocol (TCP, UDP, ICMP)



Example Use Case

Let’s say you have a web server running in OCI and you want people across the internet to access it:

  • You’ll create an Ingress Rule to allow traffic from any IP address to port 80 (HTTP)




Let's see in OCI Environment:

  • To access the Oracle Cloud Infrastructure (OCI) Console, navigate to https://www.oracle.com/
  • Upon successful login, you will be redirected to the Oracle Cloud Console homepage


  • Navigate to Navigation Menu -> Compute -> Instances


  •  Click on Virtual Machine name and Instance Detail page will be displayed. Click on the Subnet name to open Subnet details page:


  • For this Subnet, click on the Security List name which is available.




  • In this screen we can see Ingress and Egress Rules. 


  • Add Source CIDR as 0.0.0.0/0 (means all IP Addresses), IP Protocol as TCP & Destination Port Range as 80 and additionally add the description. Then click Add Ingress Rules button





  • Ingress Rule will be added as below:



  • Now with this rule traffic from any IP which be allowed to destination Virtual Compute Machine at port 80. Similarly, you can add additional Ingress or Egress Rules.


Comments

Post a Comment