Custom Security Zones with Cloud Guard

This release includes many significant changes to the implementation and user interface for Security Zones.

You can customize new security zones in the following ways:

  • Create a custom recipe and enable specific security zone policies. Previously, all security zones used the Maximum Security Recipe and you couldn't enable or disable policies.
  • Create a security zone for a compartment with existing resources. Previously, you always had to create a compartment to create a security zone.
  • Edit a security zone and change its recipe. Previously, you couldn't edit an existing security zone.
  • Remove a subcompartment from a security zone. Child compartments can be in separate security zones from the parent compartment.
  • Use APIs and the OCI CLI to manage recipes and security zones.

You must enable Oracle Cloud Guard before you create new security zones. Cloud Guard helps you detect policy violations in existing resources that were created before the security zone.

You can't create a security zone for a compartment that is already associated with a zone. In this case, the Create Security Zone button is disabled and you must select a different compartment.