Control: OCI > Compute > Instance > Allowed > Region

Take an action when an OCI Compute instance is created in a region that is not allowed.

The Allowed > Region control checks if the instance is created in an allowed region based on the Allowed > Region > * policies. If the instance is created in a region that is not in the allowed list, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete if region not allowed and instance is new, this control will only take the enforcement actions for resources created within the last 60 minutes.

Note: Most OCI resources are compartment-scoped rather than region-scoped. This control applies to regional resources or checks the region metadata for compartment-scoped resources.

Resource Types

This control targets the following resource types:

OCI > Compute > Instance

Policies

The following policies can be used to configure this control:

OCI > Compute > Instance > Allowed > Region

This control type relies on these other policies when running actions:

OCI > Compute > Instance > Allowed > Region > Regions

In Your Workspace

Developers

Control Type URI

tmod:@turbot/oci-compute#/control/types/instanceAllowedRegion

Category URI

tmod:@turbot/turbot#/control/categories/resourceAllowed

GraphQL

query controlType(id: "tmod:@turbot/oci-compute#/control/types/instanceAllowedRegion") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/oci-compute#/control/types/instanceAllowedRegion'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/oci-compute#/control/types/instanceAllowedRegion"