Managing Dynamic Groups
Dynamic groups allow you to group compute instances and other resources as "principal" actors (similar to user groups). You can then create policies to permit the resources to make API calls against services. When you create a dynamic group, rather than adding members explicitly to the group, you instead define a set of matching rules to define the group members. Resources that match the rules are members of the group. For example, a rule could specify that all instances in a particular compartment are members of the dynamic group. The members can change dynamically as instances are launched and terminated in that compartment.
You can perform the following dynamic group management tasks:
- Working with Dynamic Groups
- Updating Dynamic Groups
- Creating a Dynamic Group
- Updating a Dynamic Group's Description
- Deleting a Dynamic Group
- Assigning a Domain Role
- Updating a Dynamic Group's Matching Rules
- Writing Matching Rules to Define Dynamic Groups
- Using the Rule Builder
Required Policy or Role
- Be a member of the Administrators group
- Be granted the Identity Domain Administrator role or the Security Administrator role
- Be a member of a group granted
managedomains
To understand more about policies and roles, see The Administrators Group, Policy, and Administrator Roles, Understanding Administrator Roles, and IAM Policies Overview.