/
OCI-Compute-Instance-Policy-Protection

OCI-Compute-Instance-Policy-Protection

Severity : Medium

Description: This control ensures that OCI compute instances are protected against unintended and malicious deletion by unauthorized groups and users. Instance users/groups should be able to launch instances but not delete them. Security policies for instance users and groups should remove statements for permission for INSTANCE_DELETE with where statement request.permission != INSTANCE_DELETE.

Remediation Steps:

Perform following to update bucket access policies :

  1. Login to the OCI console at https://www.oracle.com/cloud/sign-in.html .

  2. In the navigation, Click Identity & Security.

  3. Under Identity, click Policies.

  4. Select the compartment and then reported policy .  The policy's details and statements are displayed.

  5. Click Edit Policy Statements.

  6. In Policy Builder Select Basic or Advance editor to update the policy statements with request.permission != INSTANCE_DELETE.

  7. Click Save Changes.

Important:

Reference:



Related content

OCI-Identity-Policy-Least-Privilege
OCI-Identity-Policy-Least-Privilege
Read with this
OCI-ObjectStore-Pre-Authenticated-Requests-Expiry
OCI-ObjectStore-Pre-Authenticated-Requests-Expiry
Read with this

Blue Hexagon Proprietary