Oracle Cloud Infrastructure (OCI) is a comprehensive platform offering high-performance computing and a wide range of cloud services, designed for reliability, scalability, and security.
Integrating Finout with OCI allows you to efficiently manage your cloud resources, optimize spending, and gain valuable insights into your OCI cloud operations.
Give Finout Access to the Oracle Billing Reports
For detailed official OCI documentation on these steps, refer to Oracle's documentation.
Create a New Group for Finout
Access permissions in Oracle are assigned to groups. Create a separate group for Finout to ensure access only to the necessary billing resources.
Go to the OCI navigation menu → Identity & Security → Domains → <Finout domain> → Groups (in the right-hand menu).
Note: Ensure that the <Finout domain> you define can be the default domain, or a separate one, as long as it includes both the group and the user you will create next in the following steps.
Click Create group.
Fill in the Group Name and add some Description.
Click Create
Add the Group a Policy to Access the Cost Reports
Assign a policy to the group for accessing cost reports. In OCI, group permissions are managed through policies. By assigning a policy to the Finout group, you ensure that all its members have access only to what the group policies allow.
Go to the OCI navigation menu → Identity & Security → Policies.
Click Create policy.
Choose a name for the policy that clearly indicates its purpose for accessing cost reports.
In the policy builder box at the bottom of the screen, activate the Show manual editor button and enter the following statements:
Statement 1:
define tenancy usage-report as ocid1.tenancy.oc1..aaaaaaaaned4fkpkisbwjlr56u7cj63lf3wffbilvqknstgtvzub7vhqkggq
This specifies the tenancy for usage reports, which is in a bucket owned by Oracle.
Statement 2:
endorse group <group name> to read objects in tenancy usage-report
Replace <group name> with the name of the group created for Finout. If you want your own groups/users to access the cost reports as well, add another policy with the relevant <group name>.
Click Create.
Create a User for Finout
Go to the OCI navigation menu → Identity & Security → Domains → Users.
Click Create User.
Fill in the name and email of the Finout user.
Assign the user to the new Finout group you created in section 1 by selecting the appropriate box under the Groups section.
Note: This setup ensures that a Finout user will have access only to the specified policies, specifically the cost reports bucket. It's important to avoid selecting the administrator option and instead choose only the group dedicated to Finout for proper access control.
Click Create.
You can Edit the user capabilities and limit to only API keys.
Generate an API Key
Generate an API key to enable Finout users to access the reporting bucket via the Oracle API key.
For detailed instructions, refer to the official Oracle documentation here.
Produce an API Key Pair
Create an API key pair in the OCI console to enable API signing for the Finout user.
Ensure an administrator user is logged into Oracle, as only administrators can perform these steps.
Navigate to Identity & Security → Domains → <Finout user domain> → Users, and click the Finout user to access their profile.
Navigate to the Resources section in the bottom left screen and select API keys.
Make sure that the Generate API key pair is chosen.
Click Download Private Key and save the key in a local directory.
Click Add.
A configuration will be displayed. Click on the copy button below the text box and paste it into a local file editor.
Note: The Oracle documentation offers alternative methods for generating the key. Ensure that you have the complete configuration details as outlined in the following step.
Provide Finout with the API Key Details
Please provide Finout with the following:
The configuration snippet you copied in the earlier stages.
The full updated configuration structure should appear in the following format:
config = {"user": "<your user ocid>",
"key_file": "<path_to_private_key_file>",
"fingerprint": "<fingerprint of your public key>",
"tenancy": "<your tenancy ocid>",
"region": "<your oci region>"}
The private key file associated with the API key.
Please make sure to copy the entire file content from the local directory (including the key header).