Grant OCI flow log access
Learn how to allow Illumio Cloud access to your OCI cloud account flow logs.
To set up flow logs, which you need to do before you grant flow log access, see Set up Flow Logs.
To review your destinations before granting flow log access, which you should do before you grant flow log access, See Review destinations before granting flow log access.
Prerequisites
Review the prerequisites for your CSP. See Prerequisites for granting flow log access to your CSPs.
Grant OCI flow log access
Illumio Cloud uses flow logs to display the flows. Granting access to flow logs allows Illumio Cloud to use these flow logs. For OCI you can enable VCN logs. For instructions on how to enable flow log access in Illumio Cloud, see the in-application help. For instructions on how to set up flow logs, which you need to do before you grant flow log access, see Set up Flow Logs.
In the Flow log grant dialog box, download the cs_connector.zip file, which contains the Terraform files to grant access to the selected destinations.
After downloading the file, open the OCI Console and navigate to Developer Services → Resource Manager → Stacks. Select the stack created during the onboarding process. Selecting a different stack will result in failure to grant access to flows.
In the stack details page select Edit > Edit Stack.
In the edit page, upload the new zip file and click Next.
The page shows the variables that were added during onboarding process.
Click Next. In the Review page, under the Run apply on the created stack option, make sure the Run Apply check box is not selected and click Save Changes. (For onboarding, the check-box must be selected. For enabling flows, it must not be selected.)
In the Stack Details page, click Plan and run the Plan.
This will run a diff between the previous configuration and the new configuration. Once the plan is completed, it shows the new policies to be added to the group created during onboarding. The new policies are required to allow Illumio Cloud to read flows from the specified destination.
After the Plan job has successfully completed, click Apply.
In the Apply dialog under the Apply job plan resolution, select Automatically Approve (selected by default) and click Apply. The stack will run granting the access to the destinations for Cloud.
Once the stack completes, return to Illumio Cloud and click script run successfully and click Save.