Removing a Subcompartment from a Security Zone
When you remove a subcompartment from a security zone, Oracle Cloud Infrastructure no longer enforces security zone policies on the resources in the subcompartment.
You can't remove the parent compartment that was used to create the security zone. You must delete the security zone.
When you remove a subcompartment from a zone, Cloud Guard creates a standard target for the subcompartment. The new target has the same detector recipes as the security zone target for the parent compartment, but it doesn't detect security zone policy violations. No changes are made to any of the existing Cloud Guard targets and detector recipes.
The following diagram illustrates the Cloud Guard configuration for a subcompartment that's removed from a security zone:
- On the Security Zones list page, select the security zone that you want to work with. If you need help finding the list page or the security zone, see Listing a Security Zone.
- On the details page under Associated compartments, expand the parent compartment to view any subcompartments in the security zone.
-
From the Actions menu (
) for the compartment, select Remove compartment.
- When prompted for confirmation, select Remove.
Use the oci cloud-guard security-zone remove command and required parameters to remove a subcompartment from a security zone:
oci cloud-guard security-zone remove --compartment-id <compartment_ocid> --security-zone-id <security_zone_ocid> [OPTIONS]For a complete list of flags and variable options for CLI commands, see the Command Line Reference.
Run the RemoveCompartment operation to remove a subcompartment from a security zone.