Oracle Cloud Infrastructure Documentation

OCI Multicloud Landing Zone for Azure for Autonomous Database Services

Oracle Cloud Infrastructure (OCI) partnered with Microsoft Azure to develop and distribute HashiCorp Terraform/OpenTofu modules that streamline the provisioning process.

Introduction

Using both OCI Multicloud Landing Zone for Azure (OCI LZ) and Microsoft Verified Modules (MVM), multiple templates empower Oracle Database@Azure. These Terraform/OpenTofu modules leverage four (4) terraform providers, AzureRM, AzureAD, AzAPI, and OCI, covering IAM, networking, and database layer resources. Leverage these reference implementations for a quick start deployment, or customize them for a more complex topology fit to your needs.

The diagram below illustrates where Terraform or OpenTofu can be introduced to streamline the identity, access, networking, and provisioning processes within Oracle Database@Azure.
Description of odaaz-terraform-architecture.png follows

Note

There are limited properties of Oracle Database@Azure updatable from Azure at the moment, either via Azure Portal or AzAPI/AzureRM Terraform provider. If you allow changes via Oracle Cloud Infrastructure instead (e.g. Console or Oracle Cloud Infrastructure Terraform provider), we recommend you:
  • Leverage the ignore_changes of the lifecycle block in the AzureRM/AzAPI resource block so that Terraform would not trigger a force replacement plan when you update the Autonomous Database outside AzureRM/AzAPI workflow. For more details, please refer to our module as a reference implementation.
  • Avoid using the "-auto-approve" option for "Terraform apply", which is aligning with HashiCorp Terraform's recommendation.

Updatable properties for Oracle Autonomous Database@Azure:

  • ECPU Count
  • Compute auto scaling
  • Storage auto scaling
  • Backup retention period, only via AzAPI.
  • Long-term backup schedule, only via AzAPI.

Prerequisites

  1. Complete, at a minimum, steps 1-2 of the Onboarding with Oracle Database@Azure.
  2. Have a Terraform/OpenTofu, OCI CLI, Azure CLI, and python (minimum 3.4) environment. For more information, see the Oracle Multicloud Landing Zone for Azure README.

Dependencies

The Oracle Multicloud Landing Zone for Azure modules and templates use multiple Terraform providers.

Terraform/OpenTofu Providers Terraform/OpenTofu Modules

AzAPI

AzureAD

AzureRM

OCI

OCI Landing Zone modules

Azure Verified Modules

Templates

Refer to Oracle Multicloud Landing Zone for Azure for module details.

Template Use Case and Configurations Terraform/OpenTofu Providers
azurerm-oci-adbs-quickstart

Quick start Autonomous Database (AzureRM)
az-oci-adbs

Quick start Autonomous Database (AzAPI)

  1. Configuring Azure VNet with delegated subnet limits
  2. Provisioning an Autonomous Database
az-oci-rbac-n-sso-fed Setup both identity federation and RBAC roles/groups All the below
az-oci-sso-federation

Setup SSO Between OCI and Microsoft Entra ID

  1. Get service provider metadata from OCI IAM.
  2. Create an Entra ID application.
  3. Set up SAML SSO for the Entra ID application.
  4. Set up attributes and claims in the Entra ID application.
  5. Assign a test user to the Entra ID application.
  6. Enable the Entra ID application as the Identity Provider (IdP) for OCI IAM.
  7. Set up Identity Lifecycle Management Between OCI IAM and Entra ID.
az-odb-rbac

Create roles and groups in Azure for Exadata and Autonomous Database services.

  1. Create Azure role definition for ADBS Administrator role.
  2. Create Azure group.
  3. Create Azure role assignment.

Additional Terraform/OpenTofu Resources