WIV OCI Integration: Cloud Shell Setup Guide
This document outlines the steps to set up WIV's read-only integration with your Oracle Cloud Infrastructure (OCI) tenancy using a Terraform script executed via OCI Cloud Shell.
The Terraform configuration creates the following dedicated resources in your OCI tenancy for the WIV platform:
Service User: wiv-service
Dedicated API-only user account.
No console access.
Contact email is stored for this user.
Service Group: WivServiceGroup
Contains the wiv-service user.
Assigned the WivServicePolicy.
Policy: WivServicePolicy
Grants READ-ONLY permissions to WivServiceGroup. (See permissions list below).
API Key:
RSA key pair for secure API authentication.
Public key is stored in OCI.
Private key is exported to a credentials file.
Tag Namespace: WivIntegration
Used for tracking and identifying the integration resources.
Permissions Granted to WIV (All Read-Only)
The WivServicePolicy grants the WivServiceGroup READ-ONLY access across key areas:
WIV Security Assurance: Access Limitations
WIV's access is strictly limited to ensure the security of your environment and data.What WIV Cannot Do
No Mutating Operations: WIV is prohibited from performing any write, modify, or delete operations on your resources. All permissions are strictly for inspection or reading.
No Sensitive Data Access: WIV cannot read the contents of your storage buckets, database data, instance internals, or vault secrets. Access is limited to resource metadata, not the data itself.
Security Controls and Notes
Zero Write Permissions: WIV cannot create, modify, or delete any resources.
Auditability: Every API call made by WIV is logged in Governance → Audit. These logs can be filtered by Request Principal = wiv-service.
Revocation: Access can be immediately and easily revoked by deleting the wiv-service user.
Access Method: Access is exclusively via API keys; WIV has no console access or password.
OCI Cloud Shell Setup Steps
STEP 1: Open OCI
Log into your OCI Console: [https://cloud.oracle.com](https://cloud.oracle.com)
Click the Cloud Shell icon (terminal icon) in the top-right corner.
Wait for the Cloud Shell to initialize (approximately 30 seconds).
STEP 2: Download Setup Files
Run these commands in the Cloud Shell:
wget https://wiv-onboarding.s3.us-east-1.amazonaws.com/oci/wiv-oci-setup.zip unzip wiv-oci-setup.zip
STEP 3: Run Setup Script
Run the setup script. It will automatically detect your Tenancy OCID and Region.
chmod +x setup.sh ./setup.sh
The script will prompt you for:
Your Company Name: [Enter your company name]
Contact Email: [Enter your email] (This will be the email for the wiv-service user)
Environment: [Press Enter for 'prod']
Confirm and deploy when prompted.STEP 4: Download Credentials File
Once deployment is complete:
Click the Cloud Shell menu (⋮) in the top-right.
Select "Download".
Enter the filename: wiv-credentials-[YourCompany]-prod.json
The file will download to your local computer.
STEP 5: upload the json file to wiv OCI integration
Check that the resources were created successfully:
Identity → Users: Find wiv-service
Identity → Groups: Find WivServiceGroup
Identity → Policies: Find WivServicePolicy
Revoke Access (If Needed)
Access is IMMEDIATELY revoked upon user deletion.
Option 1: Via Terraform (Recommended)
cd wiv-oci-setup/
terraform destroy
Option 2: Via OCI Console
Navigate to Identity → Users.
Select wiv-service.
Click Delete.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article