Skip to content

Prerequisites to use the CD3 Toolkit

Before using the CD3 Toolkit to create or export resources in OCI, make sure that the required IAM policies are in place.

❗At a minimum, users or instance principals must have read access to the tenancy.

Minimum Policy Requirement

Allow group <group_name> to read all resources in tenancy


πŸ” Sample IAM Policies to Manage Specific Services

To allow creation and export of specific OCI services using the toolkit, apply the following sample scoped policy:

Sample Policy for Specific OCI Services

Allow group <group_name> to manage all-resources in tenancy where any {target.resource = 'instance-family', target.resource = 'object-family', target.resource = 'volume-family', target.resource = 'virtual-network-family', target.resource = 'database-family', target.resource = 'dns', target.resource = 'file-family'}


πŸ” Additional IAM Policies for Jenkins Integrations

These permissions enable Jenkins to interact with OCI DevOps and Object Storage for CD3 automation

Additional policies needed when using toolkit with Jenkins

Allow group <group_name> to read devops-project in tenancy
Allow group <group_name> to manage devops-repository-family in tenancy
Allow group <group_name> to read buckets in tenancy
Allow group <group_name>to manage objects in tenancy

Replace <group_name> with the actual IAM group in your tenancy.