Oracle Cloud Infrastructure Documentation

Creating an Object Storage Private Endpoint

Create a private endpoint to reach Object Storage using a private IP address within your VCN without accessing the public internet.

    1. On the Private Endpoints list page, select Create private endpoint. If you need help finding the list page, see Listing Private Endpoints.
      The Create private endpoint panel opens.
    2. Enter the following information:
      • Name: Enter a name for the private endpoint. The name value is a case-insensitive string using alpha-numeric characters (no special characters).
      • DNS prefix: Enter a DNS prefix for the private endpoint. This value is part of the URL used to access Object Storage. The DNS prefix is a case-insensitive string using alpha-numeric characters (no special characters). It must be unique within the VCN.
      • Select VCN compartment: Select the compartment containing the VCN you want.
      • Select VCN: Select the VCN you want from the list of all VCNs available in the compartment you previously chose.
      • Select subnet: Select a subnet from the list of subnets available from the VCN you previously chose.

    Access targets

    Add an access target to the private endpoint. Enter the following information:
    • Namespace: Enter the namespace for the access target. You can enter either the namespace's name or "*" to specify a wildcard. You can only use the wildcard if the compartment and buckets values also specified as "*" as described below. See Namespaces for more information.
    • Compartment OCID: Enter the OCID of the compartment for the access target. You can enter either the compartment's OCID, or "*" to indicate all the compartments are available.
    • Bucket name: Enter the name of the bucket for the target. You can enter either the bucket's name, or "*" to indicate all the buckets within the compartments are available.

    Select Add access target to create another access target. You can create a total of 10 access targets.

    Tags

    Select the Tags tab.

    Select Add tag. The tagging options appear where you can apply tags to the resource. For information about tagging, see Overview of Tagging.

    Advanced options

    Select Advanced options. Here you can configure the following optional features.

    IP address: Enter or select the IP address you prefer used with the private endpoint.

    Network security group (NSG)

    Select Add NSG to add a Network security group (NSG) to the private endpoint. Enter the name of the NSG from the list. The available NSGs are determined by the VCN you selected earlier.

    Additional DNS prefixes

    Select Add DNS prefix to add another DNS prefix to the private endpoint.
    Select Create private endpoint.

  • Use the oci os private-endpoint create command and required parameters to create a private endpoint in Object Storage:

    oci os private-endpoint create --name name --compartment-id compartment_ocid --subnet-id subnet_ocid --prefix prefix --access-targets access_targets [OPTIONS]

    where the following variables apply:

    • prefix is the DNS prefix of the private endpoint.

    • access_targets are listed in JSON format. Separate each access target with a comma (",").

    For example:

    oci os private-endpoint create --compartment-id ocid1.tenancy.oc1..exampleuniqueID --subnet-id ocid1.subnet.region1.sea..exampleuniqueID --name pe1 --prefix pe1 --access-targets '[{"namespace":"MyNamespace", "compartmentId":"*", "bucket":"*"}]'
{
  "opc-work-request-id": "99f4f963-cf65-49c4-8923-4e5210742105"
}

    If you have several access targets, the output would appear as this:

    oci os private-endpoint create  --compartment-id ocid1.tenancy.oc1..exampleuniqueID --subnet-id ocid1.subnet.region1.sea..exampleuniqueID --name pe1 --prefix pe1 --access-targets '[{"namespace":"MyNamespace", "compartmentId":"*", "bucket":"*"}, {"namespace":"MyNamespace2", "compartmentId":"*", "bucket":"*"}]'
{
  "opc-work-request-id": "1f270b21-473e-4adf-8d13-5a35e8240d1e"
}

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the following API operation:

    POST n/object_storage_namespace/pe/

    These are the available payload properties:

    • name: The name of the private endpoint.
    • compartmentId: The ID of the compartment the private endpoint is created.
    • subnetId: The OCID of the customer's subnet where the private endpoint VNIC resides.
    • prefix: The DNS prefix to use for the private endpoint FQDN in the VCN's private DNS zone.
    • accessTargets: A list of targets that can be accessed by the private endpoint.
    • additionalPrefixes (optional): A list of more DNS prefixes that you can provide.
    • privateEndpointIp (optional): The private IP address to assign to this private endpoint if its available. Will return an error if IP address unavailable.
    • nsgIds (optional): A list of the OCIDs of the network security groups (NSGs) to add the private endpoint's VNIC.
    • freeformTags (optional): Free-form tags for this resource.
    • definedTags (optional): Defined tags for this resource.