Q: 7
You're automating the creation of multiple VCNs across different OCI regions using Cloud Shell
scripting. Which authentication method within Cloud Shell is best suited to programmatically
authenticate with OCI, ensuring both security and scalability for this automation task?
Options
Discussion
Not sure D really fits here, C is the one you want. Instance Principals let you skip managing API keys and just assign permissions through dynamic groups, which is more secure and scales well for automation in Cloud Shell. D would make sense if this were a full Infrastructure-as-Code scenario, but it's more complex than needed for shell scripting. I think option B trips people up but keeping API keys in storage brings risk.
C imo. Instance Principals are the way to go for this, since they let you avoid storing or managing API keys entirely and OCI Cloud Shell supports them through dynamic groups. B is tempting but brings risk if keys leak, and D suits bigger IaC workflows not straight shell scripting. Pretty sure Oracle recommends C for scripting automations like this, but happy to hear other arguments if I'm missing something.
C vs D? I think C is better since Instance Principals let Cloud Shell sessions authenticate without managing API keys, so that's more secure and scales better. D feels like overkill if you're just scripting VCNs. Not 100% sure though, open to other takes.
Be respectful. No spam.
