TABLE OF CONTENTS

OCI Account Connection Overview

Before Aqua Wave CSPM can produce any security scan results, you must connect a cloud account. For Oracle Cloud, this is done through the use of a Service Account. A Service Account is an entity that can be assumed by a third-party and secured to only access resources in a project. 


Default Setup

Step 1: Navigate to the "Cloud Accounts" page

  • Click on Connect Account on the top right

Step 2: Choose Oracle Cloud Infrastructure (OCI) under "Account Type" and Default Setup under "Method"

Step 3: Retrieve your tenancy OCID

  1. Log into your Oracle Cloud console and navigate to administration > Tenancy Details.
  2. Click on Copy by your Tenancy OCID and pase it in the Aqua connection wizard

Step 4: Create a User and API Signing Key

  1. Navigate to Identity > Users.
  2. Select Create User.
  3. Enter "Aqua", then enter "Aqua API Access" in the description.
  4. Click on Create.
  5. Copy the User OCID and paste it in the Aqua connection wizard.
  6. Follow the steps to Generate an API Signing Key listed on Oracle's Cloud Docs.
  7. Open the public key (oci_api_key_public.pem) in your preferred text editor and copy the plain text (everything).
  8. Click on Add Public Key and paste the key, then click on Add.
  9. Copy the public key fingerprint and paste it in the Aqua connection wizard.
  10. Open the private key (oci_api_key.pem) in your preferred text editor and paste it in the Aqua connection wizard.

Step 5: Create a policy and attach it to the User

  1. Navigate to Identity > Groups.
  2. Select Create Group.
  3. Enter "SecurityAudit" in the Name field, then enter "Aqua Security Audit Access" in the description.
  4. Click on Submit.
  5. Select the SecurityAudit group in the Groups List and Add the Aqua API User to the group.
  6. Navigate to Identity > Policies.
  7. Select Create Policy.
  8. Enter "SecurityAudit" in the Name field, then enter "Aqua Security Audit Policy" in the description.
  9. Copy and paste the following statement:
    ALLOW GROUP SecurityAudit to READ all-resources in tenancy
  10. Click on Create.

Step 6: Retreive your Compartment OCID

  1. Navigate to Identity > Compartments.
  2. Select the compartment to connect and then Click on Copy by your Compartment OCID and paste it in the Aqua connection wizard.