Professional Documents
Culture Documents
Tagging Resources
You can apply tags to your resources to help you organize them according to your business
needs. You can apply tags at the time you create a resource, or you can update the resource
later with the desired tags. For general information about applying tags, see Resource Tags.
For example, you can restrict access to Object Storage buckets in your tenancy to only users
that are signed in to Oracle Cloud Infrastructure through your corporate network. Or, you can
allow only resources belonging to specific subnets of a specific VCN to make requests over
a service gateway.
Network resources can only be created in the tenancy (or root compartment) and, like
other Identity resources, reside in the home region.
For information about the number of network sources you can have, see IAM Limits.
Follow the instructions provided for the Console or the API to create the network source.
A single network source can include IP addresses from a specific VCN, public IP addresses,
or both.
To specify the VCN, you need the VCN OCID and the subnet IP ranges that you want to
allow.
Examples:
The IAM service includes a variable to use in policy that allows you to scope your policy
using a condition. The variable is:
request.networkSource.name
After you have created your network source, you can scope policies for Object Storage by
using this variable in a condition. For example, assume you create a network source named
"corpnet". You can restrict users of the group "CorporateUsers" to access your Object
Storage resources only when their requests originate from IP addresses you specified in
corpnet. To do this, write a policy like the following:
Avoid entering confidential information when assigning descriptions, tags, or friendly names
to your cloud resources through the Oracle Cloud Infrastructure Console, API, or CLI.
To create a network source