Adding a Removed Subcompartment to a Security Zone

If you removed a subcompartment from a security zone, you can add it back to the same security zone. As a result, Oracle Cloud Infrastructure ensures that resources in the subcompartment comply with the security zone's policies.

Any existing Cloud Guard target for this subcompartment is deleted. No changes are made to the parent compartment's security zone target, or to any of the existing Cloud Guard detector recipes.

The following diagram illustrates the Cloud Guard configuration for a subcompartment that's added back to a security zone:

View full-size image.

• Console
• CLI
• API

• 1. Open the navigation menu and click Identity & Security. Under Security Zones, click Overview.
  2. Under List scope, select the compartment associated with the security zone that you want to modify.
  3. Click the name of the security zone.

     The Security Zone details page is displayed.

     The compartments in this security zone are listed under Associated compartments. Expand the parent compartment to view any subcompartments in this security zone.

  4. Click Add compartment.
  5. Select a compartment and then click Add compartment.

     You can select only a subcompartment of this zone's parent compartment, and only if the subcompartment isn't already in a zone.

• Use the oci cloud-guard security-zone add command and required parameters to add a removed compartment to a security zone:

  oci cloud-guard security-zone add --compartment-id <compartment_ocid> --security-zone-id <security_zone_ocid> [OPTIONS]

  For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

• Run the AddCompartment operation to add a removed compartment to a security zone.