Oracle Cloud Infrastructure Documentation

Creating a Service Gateway

Create a service gateway in a Virtual Cloud Network (VCN) to allow access to the Oracle Services Network (OSN).

Only one service gateway is needed for each VCN. All subnets within a VCN have access to the service gateway if the security rules and route table rules allow that access.

This task assumes that you already have a VCN with at least one subnet (either private or public).

Important

The service gateway allows access to supported Oracle services within the region to protect your data from the internet. Your applications might require access to public endpoints or services not supported by the service gateway (for example, to download updates or patches). Ensure you have a NAT gateway or other access to the internet if necessary.

    1. In the Console, confirm that you're viewing the compartment that contains the VCN that you want to add the service gateway to. For information about compartments and access control, see Access Control.
    2. Open the navigation menu, click Networking, and then click Virtual cloud networks.
    3. Click the name of the VCN in which you want to create the service gateway.
    4. Under Resources, click Service Gateways.
    5. Click Create Service Gateway.
    6. Enter the following values:
      • Name: A descriptive name for the service gateway. It doesn't have to be unique. Avoid entering confidential information.
      • Create in Compartment: The compartment in which you want to create the service gateway, if different from the compartment you're currently working in.
      • Services: (Optional) Select the service CIDR label that you're interested in. If you don't select one now, you can update the service gateway later and add a service CIDR label then. Without a service CIDR label enabled for the gateway, no traffic flows through it.
      • Route Table Association: (Advanced option) You can associate a specific VCN route table with this gateway. If you associate a route table, afterwards the gateway must always have a route table associated with it. You can modify the rules in the current route table or replace it with another route table.
      • Tags: (Advanced option) If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.
    7. Click Create Service Gateway.

    The service gateway is then created and displayed on the Service Gateways page in the compartment that you chose. The gateway allows traffic through it by default. At any time, you can block or allow the traffic through it.

  • Use the network service-gateway create command and required parameters to create a service gateway:

    oci network service-gateway create --compartment-id ocid --vcn-id ocid ... [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateServiceGateway operation to create a service gateway.