DevSecOps in Oracle Cloud: Securing and Automating Oracle Cloud Infrastructure(Oracle Press Cloud)

Automate, secure, and optimize your cloud infrastructure with proven best practices and expert insights. Securing every stage of development and deployment is no longer a choice—it is a necessity. Adopting a proactive DevSecOps approach is crucial to safeguarding cloud applications and infrastructures. OCI experts Benner, Aboulnaga, and Patel provide comprehensive guidance on leveraging DevSecOps principles to effectively secure and automate cloud environments. Developers, DevOps professionals, and cloud architects will learn best practices for automating security processes and optimizing enterprise infrastructures with powerful tools such as Terraform and Ansible. This comprehensive guide provides actionable strategies for building secure, scalable, and resilient cloud applications. You will learn Step-by-step examples of using Terraform and Ansible in OCI to automate and manage cloud infrastructure DevSecOps principles and best practices for Oracle Cloud environments Key OCI services and how they can be applied within a DevSecOps framework to ensure security and efficiency Practical strategies for building secure, scalable, and resilient applications in Oracle Cloud How to integrate DevSecOps principles throughout the development and deployment lifecycle Techniques for maintaining regulatory compliance while ensuring security in Oracle Cloud How to optimize cloud costs in OCI without compromising security or performance Practical steps to securely deploy applications in Oracle Cloud Unlock the full potential of Oracle Cloud and DevSecOps and ensure that your organization stays ahead of evolving security threats and operational demands. This guide provides the hands-on tools, expert insights, and proven strategies you need to secure, automate, and scale your Oracle Cloud applications.

Table of Contents:
Introduction xxii Chapter 1 Introduction to OCI and DevSecOps 1 What Is DevSecOps? 4 Why DevSecOps? 5 What Makes Up a DevSecOps Team? 6 Benefits of OCI 7 OCI Free Services 9 Summary 10 Chapter 2 Oracle Cloud Infrastructure—Governance 11 Tenancy Account Management and Governance 11 Creating a New Tenancy 12 Organizational Governance 15 Cloud Advisor 20 Cost Management 22 Performance 24 High Availability 25 Billing and Budgets 26 Dashboards 32 Summary 36 Chapter 3 Oracle IaaS—Security 37 Identity and Access Management (IAM) 37 Security Zones 39 Bastions 44 Threat Intelligence Service 49 Web Application Firewall (WAF) 54 Firewall 65 Vault 80 Audit 84 Summary 87 Chapter 4 Oracle IaaS—Cloud-Native Technologies 89 Functions 90 Setting Up the Tenancy 91 Creating the Application 92 Setting Up the Linux Host 95 Creating and Running a Function 104 Streams 107 Events 108 Oracle Kubernetes Engine (OKE) 112 Docker 113 Key Terms 113 Summary 119 Chapter 5 Oracle IaaS—Network 121 Getting Started with OCI Networking 121 Understanding Concepts and Terminology 121 Walking Through a Basic Network Architecture Diagram 122 Creating Your First VCN and Subnet 124 Creating a VCN 124 Creating a Subnet 125 Updating the Security List 126 Connecting VCNs Through Local Peering 127 Creating Local Peering Gateways and Establishing Peering 128 Adding a New Route Rule to the Route Table 129 Creating Network Security Groups (NSGs) 130 Attaching VNIC to the Network Security Group 131 Creating Flow Logs 132 Using Network Path Analyzer 133 Understanding Gateways 136 Securing Your Network 136 Summary 137 Chapter 6 Oracle IaaS—Compute 139 Building a VM 139 X86 and ARM, AMD vs. Intel… What’s the Scoop? 145 A VM Is More Than a VM; There Are Options… 147 OS Images and the Marketplace 153 Custom OS Images 160 Summary 163 Chapter 7 Oracle IaaS—Storage 165 Block Volume 166 Creating and Attaching 166 Configuring Performance 169 Performing a Backup 172 Object Storage 175 File Storage 176 Archive Storage 179 How to Secure Your Storage 179 Summary 181 Chapter 8 Oracle DBaaS—Databases 183 Oracle’s DBaaS Offerings 183 Database as a Base Database Service 186 Exadata Cloud Service and Exadata Cloud@Customer 186 Autonomous Database Services 187 MySQL and MySQL HeatWave 189 NoSQL 190 How to Provision Databases 191 Provisioning Base Database Service 191 Provisioning the Autonomous Database Service 196 Provisioning MySQL Database 199 Provisioning the NoSQL Database 204 Summary 205 Chapter 9 OCI DevOps Service 207 Overview of OCI DevOps 208 Deployment Environments 210 Deployment Strategies 210 DevOps Components and Resources 211 How to Create a Working Sample Project 214 Creating Compute Instances to Deploy To 215 Granting Permissions to Compute Instance Run Command Plug 215 Creating an Artifact Registry to Host Artifacts 216 Uploading a Script to the Artifact Registry 216 Creating a Notification Topic 218 Creating a DevOps Project 218 Creating an Environment in the DevOps Project 218 Adding an Artifact from the Artifact Registry to the DevOps Project 219 Adding an Instance Group Deployment Configuration Artifact 220 Creating a Deployment Pipeline 222 Running the Deployment Pipeline 222 Summary 224 Chapter 10 Data Safe 225 Security Assessment 225 User Assessment 228 Data Discovery 230 Data Masking 236 Activity Auditing 241 Alerts 243 How to Add a Database 244 Registering an Autonomous Database 245 Registering an Oracle Base Database System 247 Registering an On-Premises Database 253 Summary 255 Chapter 11 Identity and Access Management 257 Compartments 257 Users 258 Database Passwords 258 API Keys 263 Groups 269 Dynamic Groups 269 Policies 273 Federation 277 Summary 292 Chapter 12 Operating System Security 293 Oracle Ksplice 293 Oracle Autonomous Linux 296 Vulnerability Scanning Service (VSS) 298 Summary 301 Chapter 13 Observability and Management 303 OCI Logging Service 303 Log Format 303 Log Types 305 Log Groups 307 Exercise 1: Enabling a Service Log 307 Exercise 2: Creating a Custom Log 311 Oracle Cloud Logging Analytics 313 Setting Up Logging Analytics for the First Time 313 Downloading and Installing the Management Agent 317 Clearing and Resetting Logging Analytics 320 Summary 320 Chapter 14 Cloud Guard 321 Initial Configuration 322 Recipe Management 331 Using Detector Recipes 331 Using Responder Recipes 332 Accessing Cloud Guard Recipes 332 Managing Detector Recipes 333 Managing Responder Recipes 334 Security Zones 338 Adding a New Security Zone 340 Summary 343 Chapter 15 An Introduction to Ansible 345 What Is Ansible? 345 What Is OLAM? 346 Sizing the Deployment 348 OCI Authentication 350 Getting the OCI Information 350 Adding the OLAM Credential 353 Collections and Modules 354 Installing the OCI Collection on Your OCI Development System 354 Playbooks 356 Introduction to YAML 359 Summary 362 Chapter 16 Using Ansible in OCI 363 Using Ansible 363 Writing Playbooks 363 Sample Playbooks 369 Common OCI Playbooks 374 Summary 382 Chapter 17 Ansible—Installing and Configuring OLAM 383 Installation 383 Preparing Linux 383 Setting Up PostgreSQL 385 Installing OLAM 387 OLAM Management 392 Resource Management 394 Templates 395 Credentials 399 Projects 401 Inventory 403 Hosts 408 Access Management 410 Organizations 410 Users 412 Teams 414 OLAM Administrative Options 416 Credential Types 416 Notifications 417 Management Jobs 418 Instance Groups 420 Applications 420 Execution Environments 420 Summary 421 Chapter 18 Ansible Full Stack Sample 423 Ansible in the Real World 423 Planning a Team 423 Creating Users 423 Creating Teams 426 Setting Up an Inventory 439 Summary 451 Chapter 19 Infrastructure as Code 453 The Problem That IaC Solves 454 Introducing Terraform as an IaC Tool 454 Terraform Concepts and Terminology 455 Declarative Approach 457 State File 457 Immutable Infrastructure 457 Plug-ins 458 Terraform and OCI 459 Terraform Best Practices 459 Summary 460 Chapter 20 Terraform API with Examples 461 Setting Up Terraform in OCI 461 Downloading and Installing Terraform 461 Creating RSA Keys Required for API Signing 463 Adding a Policy for the User to Read OCI Resources 465 Exercise 1: Running Terraform for the First Time 466 Creating a Working Directory 466 Creating an Initial Terraform Script 466 Running Terraform Initialize for the First Time 467 Running terraform plan for the First Time 468 Running terraform apply for the First Time 469 Exercise 2: Parameterizing Terraform Configuration 471 Exercise 3: Understanding the Terraform OCI Documentation 473 Updating Terraform Configuration from the Terraform OCI Documentation 474 Running the Terraform Script to Create and List a Block Volume 478 Updating a Resource 482 Parameterizing from Other Output 483 Debugging Errors 484 Summary 485 Chapter 21 Terraform Sample Use Case 487 Confirming IAM Policies 489 Setting Up Terraform 489 Applying the Changes 490 Creating a New Compartment 490 Applying the Changes 491 Rerunning Terraform Apply with No Changes 491 Rerunning Terraform Apply After a Change in Terraform Configuration 493 Rerunning Terraform Apply After a Change on the OCI Console 494 Creating a Virtual Cloud Network 494 Defining a VCN Module 494 Defining Security Lists and Ingress/Egress Rules 495 Defining the Private and Public Subnets 498 Updating the Outputs File 499 Applying the Changes 500 Creating a Compute Instance 502 Applying the Changes 504 Creating an Autonomous Database 505 Applying the Changes 506 Replicating to a Production Environment 507 Using Other Terraform Commands 508 Formatting Terraform Configuration 508 Validating Terraform Configuration 508 Listing All Resources in the Terraform State 508 Displaying Details of All Resources from the Terraform State 509 Viewing the Terraform Output 510 Destroying Resources 510 Destroying the Entire Infrastructure 511 Destroying a Single Terraform Resource 511 Stopping/Starting Instances with Terraform 511 Summary 512 Chapter 22 Enterprise Manager Cloud Control Installation 515 Installing and Configuring the Repository Database 517 Installing and Configuring Oracle Management Service 522 OPatch 526 Oracle Enterprise Manager 13c Update 12 for OMS 526 Oracle Enterprise Manager 13c Release 5 Update 12 for Oracle Management Agent 527 Installing and Configuring Oracle Analytics Server 529 Installing JDK 529 Installing FMW Infrastructure 530 Installing OAS 531 Configuring OAS 532 Integrating OAS with Oracle Enterprise Manager 534 Configuring Security Infrastructure 534 Configuring the Required OAS Datasource 537 Setting OAS Support for Oracle Enterprise Manager-Provided Reports 538 Summary 546 Chapter 23 Using Oracle Enterprise Manager Cloud Control 547 Setting Up Administrators and Users 551 Monitoring OCI Environments 554 Monitoring OCI Compute Instance 554 Monitoring OCI Autonomous Database 558 Integrating Oracle Enterprise Manager with OCI 564 Setting Up Preferred Credentials 564 Creating an Enterprise Manager Target Group 568 Creating an Oracle Enterprise Manager Super Administrator 569 Creating a Global Named Credential 570 Incorporating Best Practices 578 Monitoring Database Security 579 Patching Oracle Enterprise Manager 579 Sizing Oracle Enterprise Manager 580 Summary 581 9780138029418 TOC 4/11/2025

About the Author :
Erik Benner is the vice president of Enterprise Transformation at Mythics, LLC, and an Oracle ACE Director. He is an expert strategist for both federal, state, and local government, as well as commercial customers across the United States. His customer engagements range from enterprise cloud transformations and data center modernization to large-scale virtualization projects and Oracle Engineered Systems implementations. Erik’s passion for volunteering is evident through his role as the president of the Cloud Computing Special Interest Group (SIG), co-chair of the OATUG Oracle Enterprise Manager SIG, and active participation in user groups sitting on various committees. He frequently presents at conferences such as Oracle CloudWorld, Oracle FedForum, East Coast Oracle, ASCEND, and Blueprint4d. Having worked with Oracle and Sun Systems since the mid-’90s, Erik is well-versed in most of the core Oracle technologies, including Oracle Cloud, Oracle Linux, and Oracle Databases. When not flying to the far points of the country from the Atlanta metro area, he enjoys spending time with his family at their observatory, where the telescopes outnumber the people, or on cloudy nights blowing glass in his private glass studio. Ahmed Aboulnaga has a professional focus in technical management, architecture, and consulting within Oracle, Java, and cloud technologies, having implemented enterprise solutions for commercial, government, and global customers throughout his career. Ahmed is an Oracle ACE, published author, and frequently presents on new and trending technologies at major conferences. Currently residing in the Washington DC region, Ahmed holds a master’s degree in computer science from George Mason University. Dhrumil Patel is a Solutions Architect at Mythics, LLC. He works closely with the sales and engineering team to provide Oracle Cloud Infrastructure (OCI), thought leadership, and solutioning expertise. He also works with Oracle and internal/external clients to develop highly automated and efficient digital transformation processes and cloud migration processes. Prior to his current role, he held the position of Senior Principal Consultant. He worked with his clients to administer and maintain their on-premises and cloud environments’ footprints. Moreover, he has years of experience as a DBA Consultant.