For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-69l.md. A documentation index is available at /llms.txt.

Ensure no resources are created in the root compartment

oracle-cloud-infrastructure

Description

Resources should not be created in the root compartment of an OCI tenancy. Placing resources in the root compartment makes it difficult to organize and isolate them, reducing the effectiveness of access controls and resource management. This rule reports a finding against the tenancy when any audited resource is found in the root compartment.

Note: This rule audits VCNs, compute instances, buckets, block volumes, boot volumes, file systems, autonomous databases, and database systems. Resource types outside this set are not evaluated.

Remediation

Move any flagged resource out of the root compartment into a dedicated child compartment. For step-by-step instructions on relocating resources between compartments, see Managing Compartments.

References