多云卓越：保护和连接 Oracle 多云数据库 [PRE1112]（8）.pdf

《多云卓越：保护和连接 Oracle 多云数据库 [PRE1112]（8）.pdf》由会员分享，可在线阅读，更多相关《多云卓越：保护和连接 Oracle 多云数据库 [PRE1112]（8）.pdf（31页珍藏版）》请在三个皮匠报告上搜索。

1、 Securing Oracle DatabaseAWSSergio J.CastroSenior Principal Instructor and ConsultantOracle University CSS Cloud DeliveryOctober 13,2025Las Vegas,NevadaSusan L.JangSenior Principal InstructorOracle University CSS Cloud DeliveryOctober 13,2025Las Vegas,Nevada1Objectives2Copyright 2025,Oracle and/or i

2、ts affiliates|Confidential:Internal/Restricted/Highly Restricted12345AWS IAMAmazon VPCDataDatabaseData encryption with AWS KMS2The following is intended to outline our general product direction.It is intended for information purposes only,and may not be incorporated into any contract.It is not a com

3、mitment to deliver any material,code,or functionality,and should not be relied upon in making purchasing decisions.The development,release,timing,and pricing of any features or functionality described for Oracles products may change and remains at the sole discretion of Oracle Corporation.Safe harbo

4、r statement3Copyright 2025,Oracle and/or its affiliates|Confidential:Internal/Restricted/Highly Restricted3SecuringAWS IAM4JSON Policy Document StructureStatementSidEffectPrincipalActionResourceCondition BlockOptional top-level elementsStatementStatement.5AWS Identity-based policy elementsSid Label

5、to identify the statementEffect Allow or Deny the actionAction Which AWS operations are permitted/deniedResource The AWS resources(ARNs)affectedCondition Extra rules(IP,MFA,tags,time,etc.)6Sample Identity-based Policy7When you onboard Oracle DatabaseAWS,OCI automatically creates policies that enable

6、:The multicloud service to perform required operations.Authorized user groups to manage database resources.Policies are created in two compartments:Root Compartment Base Compartment(auto-created during onboarding)Name format:MulticloudLink_AWS_(Timestamp indicates creation time)Auto-Created OCI Poli