Best practice rules for OCI Compute
- Approved Instance Shape Compliance
Ensure that your OCI compute instances are of a given, approved shape (e.g., VM.Standard.E5.Flex).
- Check for Public IP Address Exposure
Avoid using public IP addresses for OCI compute instances unless it's necessary for business operations.
- Enable Cloud Guard Workload Protection
Ensure that Cloud Guard Workload Protection feature is enabled for OCI compute instances.
- Enable Compute Instance Monitoring
Ensure that compute instance monitoring is enabled for your OCI compute instances.
- Enable Confidential Computing
Ensure that the Confidential Computing feature is enabled for OCI compute instances.
- Enable Custom Logs Monitoring
Ensure that custom logs monitoring is enabled for your OCI compute instances.
- Enable In-Transit Encryption
Ensure that encryption of data in transit is enabled for OCI compute instances.
- Enable OS Management Service for Compute Instances
Ensure that OS Management Service is enabled for OCI compute instances.
- Enable Secure Boot for Compute Instances
Ensure that Secure Boot is enabled for shielded Oracle Cloud Infrastructure (OCI) compute instances.
- Enable Vulnerability Scanning
Ensure that the Vulnerability Scanning feature is enabled for OCI compute instances.
- Require IMDSv2 for Compute Instances
Ensure that IMDSv2 is enforced for all Oracle Cloud Infrastructure (OCI) compute instances.
- Use Network Security Groups to Control Traffic to Compute Instances
Ensure that your OCI compute instances are using Network Security Groups (NSGs) for traffic control.