Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.rad.security/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Integrate your Oracle Cloud Infrastructure (OCI) tenancy with RAD Security to enhance threat detection capabilities and ensure your cloud environments adhere to stringent compliance frameworks. RAD Security publishes a Terraform module in the Terraform Registry that provisions everything needed to connect your tenancy: an OCI user, a group, a read-only IAM policy at the tenancy scope, an RSA keypair, and registration of the credentials with RAD Security for cloud resource discovery and monitoring.

Prerequisites

  • An OCI tenancy admin (or equivalent) with permissions to create IAM users, groups, and tenancy-scoped policies
  • The OCI Terraform provider configured locally (user OCID, fingerprint, private key, tenancy OCID, region)
  • A RAD Security access key and secret

Connection setup

If you navigate to the Settings icon you will find the Cloud Providers section. Click on Connect an Oracle Cloud account to generate the Terraform needed to connect your tenancy with RAD Security.

Terraform setup

A Terraform snippet will appear, similar to the example below. Copy it and add it to your existing Terraform code. At minimum you need to provide your tenancy OCID and the OCI home region. 
terraform {
  required_providers {
    rad-security = {
      source  = "rad-security/rad-security"
      version = ">= 1.1.8"
    }
    oci = {
      source  = "oracle/oci"
      version = ">= 5.0.0"
    }
  }
}

provider "oci" {
  # Your OCI provider configuration here
}

provider "rad-security" {
  access_key_id        = "Your RAD Security access key here"
  secret_key           = "Your RAD Security secret key here"
  rad_security_api_url = "https://api.rad.security"
}

module "rad-security-connect" {
  source  = "rad-security/rad-security-connect/oci"
  version = "<version>"

  tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaa..."
  region       = "us-ashburn-1"
}

Module inputs

VariableDescriptionRequiredDefault
tenancy_ocidOCI tenancy OCID where IAM resources are created.Yes
regionOCI home region used for API calls (for example us-ashburn-1).Yes
user_nameOCI user name created for RAD authentication.Norad-security-connect
group_nameOCI group the user is added to.Norad-security-connect
policy_nameIAM policy name created at the tenancy scope.Norad-security-connect
policy_statementsList of OCI policy statements granting RAD read access.No["Allow group rad-security-connect to read all-resources in tenancy"]
The canonical inputs and defaults live in the rad-security/terraform-oci-rad-security-connect repository. The published module is available on the Terraform Registry.

Customizing the policy

By default the module grants RAD read access to all resources in the tenancy via the statement Allow group rad-security-connect to read all-resources in tenancy. If you need to scope access more narrowly, pass your own list of OCI policy statements through policy_statements. The statements must reference the group created by the module (or whatever you set group_name to). 
module "rad-security-connect" {
  source  = "rad-security/rad-security-connect/oci"
  version = "<version>"

  tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaa..."
  region       = "us-ashburn-1"

  policy_statements = [
    "Allow group rad-security-connect to read instance-family in tenancy",
    "Allow group rad-security-connect to read virtual-network-family in tenancy",
    "Allow group rad-security-connect to read object-family in tenancy",
  ]
}

Multiple OCI tenancies

If you’re integrating multiple OCI tenancies with RAD Security, the module needs to be applied once per tenancy. Use distinct user_name, group_name, and policy_name values for each invocation so the IAM resources do not collide. 
module "rad-security-connect-prod" {
  source  = "rad-security/rad-security-connect/oci"
  version = "<version>"

  tenancy_ocid = "ocid1.tenancy.oc1..prod..."
  region       = "us-ashburn-1"
  user_name    = "rad-security-connect-prod"
  group_name   = "rad-security-connect-prod"
  policy_name  = "rad-security-connect-prod"
}