Building an Architecture Step-by-Step in OCI: Security Lists and Subnets

Continuing the series of articles with the goal of creating a step-by-step architecture in Oracle Cloud Infrastructure (OCI) to run a web application, we will now create new Security Lists and Subnets.

Security Lists provides a virtual firewall for an instance, with ingress and egress rules that specify the types of traffic (protocol and port) allowed in and out of the instances.

Subnets are a logical subdivisions of the VCN and all instances in a given subnet use the same Route Table, Security Lists, and DHCP options. Subnets can be either public or private.

A default Security List was created for this VCN, but we will not use it. We will create two new Security Lists, one for the public subnet and one for the private subnet. This way, we can control the types of traffic (protocol and port) will be allowed in and out of the instances in public and private subnets. To create a new Security List, on the Resources menu, click Security Lists.

Click Create Security List.

In the Create Security List dialog box, use the information below:

  • Name: myPrivateSecurityList
  • Create In Compartment: The compartment name (e.g. mycompartment)

Click + Additional Ingress Rule, use the information below:

  • Source Type: CIDR
  • Source CIDR: 0.0.0.0/0
  • IP Protocol: TCP
  • Destination Port Range: 22

Click + Additional Ingress Rule, use the information below:

  • Source Type: CIDR
  • Source CIDR: 0.0.0.0/0
  • IP Protocol: TCP
  • Destination Port Range: 80

Click + Additional Egress Rule, use the information below and click Create Security List:

  • Source Type: CIDR
  • Source CIDR: 0.0.0.0/0
  • IP Protocol: TCP
  • Destination Port Range: All

Click Create Security List again.
In the Create Security List dialog box, use the information below:

  • Name: myPublicSecurityList
  • Create In Compartment: The compartment name (e.g. mycompartment)

Click + Additional Ingress Rule, use the information below:

  • Source Type: CIDR
  • Source CIDR: 0.0.0.0/0
  • IP Protocol: TCP
  • Destination Port Range: 22

Click + Additional Ingress Rule, use the information below:

  • Source Type: CIDR
  • Source CIDR: 0.0.0.0/0
  • IP Protocol: TCP
  • Destination Port Range: 80

Click + Additional Egress Rule, use the information below and click Create Security List:

  • Source Type: CIDR
  • Source CIDR: 0.0.0.0/0
  • IP Protocol: TCP
  • Destination Port Range: All

The Security Lists were created …

… with ingress and egress rules.

We will create two new Subnets, one for the public instances and one for the private instances. To create a new Subnets, go back to VCN Details page and on the Resources menu, click Subnets.

Click Create Subnet.

Click Create Subnet again.
In the Create Subnet dialog box, use the information below and click Create Subnet:

  • Name: myPublicSubnet
  • Subnet Type: Regional (Recommended)
  • CIDR Block: 10.0.10.0/24
  • Route Table: The public Route Table name (e.g. myPublicRouteTable)
  • Subnet Access: Public Subnet
  • DNS Resolution: Selected
  • DNS Label: myPublicSubnet
  • DHCP Options: Default DHCP Options for this VCN
  • Security List: The public Security List name (e.g. myPublicSecurityList)

In the Create Subnet dialog box, use the information below and click Create Subnet:

  • Name: myPrivateSubnet
  • Subnet Type: Regional (Recommended)
  • CIDR Block: 10.0.20.0/24
  • Route Table: The private Route Table name (e.g. myPrivateRouteTable)
  • Subnet Access: Private Subnet
  • DNS Resolution: Selected
  • DNS Label: myPrivateSubnet
  • DHCP Options: Default DHCP Options for this VCN
  • Security List: The private Security List name (e.g. myPrivateSecurityList)

The Subnets were created.

Good job!
In this article you learned how to create new Security Lists and Subnets.

Have a good time!

Author: Waslley Souza

Consultor Oracle com foco em tecnologias Oracle Fusion Middleware e SOA. Certificado Oracle WebCenter Portal, Oracle ADF e Java.

Leave a Reply

Your email address will not be published. Required fields are marked *