Photo by mostafa meraji on Unsplash
Mastering Resource Management: A Guide to Compartment Quotas in Oracle Cloud Infrastructure
Oracle Cloud Infrastructure (OCI) provides various billing and cost management tools to help you easily monitor and manage your service costs. These tools feature a user-friendly interface, allowing you to access detailed billing reports, cost analysis, and budgeting options. With OCI's cost management solutions, tracking your spending, identifying ways to cut costs, and setting up alerts to prevent budget overruns is straightforward. Whether you're managing a small project or a large enterprise, OCI's billing tools offer a clear insight into your financial commitments, enabling you to make informed decisions about your cloud infrastructure spending.
In this blog, I will explain Compartment Quotas and how they will help control the resource allocation in OCI. Before that, let's revisit some of the concepts and terminologies related to this feature.
Compartment -- A compartment acts as a fundamental organisational unit. It's a logical container that groups related OCI resources together.
Budgets -- It acts as a virtual guardrail for your cloud spending. Setting up budgets will help you monitor and manage your OCI expenses by setting spending limits and configuring alerts.
Service limit -- Your tenancy has certain limits on the maximum number of resources you're allowed to use; Oracle sets these values. For example, you can create 10 Full Stack DR protection groups in a specific OCI region. For more details, refer to OCI Service limits. An OCI administrator can contact Oracle support to increase the service limits for various services depending on the requirement.
With this background information, let's dive into the details of Compartment Quotas.
Why you need Compartment Quotas:
Let's assume the necessary OCI users have been created, and the appropriate IAM policies have been assigned to the respective teams according to their roles. This setup enables OCI users to create the needed OCI resources within the service limits set for each resource.
To check the service limits, go to the OCI console, open the navigation menu, and click Governance & Administration. Then, under Tenancy Management, select Limits, Quotas and Usage.
In our example, we'll look at an IAM user named "Dbadmin", who has been given the following IAM policy to manage the autonomous database family in the production compartment.
Allow group DatabaseAdmins to manage autonomous-database-family in compartment suraj
Suppose the service limits allow it, instead of creating an Autonomous Transaction Processing Database with 5 ECPU and 2TB. The "DBADMIN" user accidentally created an Autonomous Transaction Processing Serverless Database with 50 ECPU and 20 TB. This mistake could lead to significant costs!
How can you avoid this? Compartment Quotas are the solution. They give tenant and compartment administrators better control over resource usage in OCI. Administrators can efficiently allocate resources to compartments using the Console.
What is Compartment Quotas:
Compartment quotas are similar to service limits. The main difference is that Oracle sets service limits, while administrators set compartment quotas. Administrators use policies to allocate resources flexibly.
Compartment quotas are established through policy statements crafted in straightforward declarative language, akin to the IAM policy language.
There are three types of quota policy statements you can use:
set
: Defines the maximum amount of a cloud resource that a compartment can utilise.unset
: Reverts quotas to the default service limits.zero
: Denies access to a cloud resource for a compartment.
How to use Compartment Quotas:
Let see how we can use Compartment Quotas and allocate quotas for creating Autonomous Transaction Processing Serverless DB with 5 ECPU and 5 TB.
To create a Quota Policy, from the OCI console, open the navigation menu and click Governance & Administration. Under Tenancy Management, click Quota Policies
Click Create Quota
Provide a name and description
Add the policy details in the Quota policy section
zero database quota in compartment suraj
set database quota atp-ecpu-count to 5 in compartment suraj
set database quota atp-total-storage-tb to 5 in compartment suraj
zero database quota statement will zero out all the database service limits.
- Click Create Quota Policy
Verify Compartment Quotas:
Now try to create an Autonomous Transaction Processing Serverless database with 50 EPU and 50 TB; since we allowed only 5 ECPU and 5 TB, you will get an error!
It is possible to create quota policies and create the resources only in specific regions; in the example below, the user can create an Autonomous Transaction Processing Serverless database only in the Ashburn and Phoenix regions.
Zero database quota in compartment suraj
set database quota atp-ecpu-count to 5 in compartment suraj where any {request.region = us-ashburn-1, request.region = us-phoenix-1}
set database quota atp-total-storage-tb to 5 in compartment suraj where any {request.region = us-ashburn-1, request.region = us-phoenix-1}
More details about Compartment Quotas:
What are service family names, and where can I find them?
See Available Quotas by Service. Under each service, the family name is listed.
What are all the quota names, and where can I find them?
See Available Quotas by Service, which lists all quota names under each service.
Conclusion
Compartment quotas, set by administrators, dictate the maximum resources a compartment can use, differing from Oracle-set service limits. Administrators can specify, revoke, or deny resource usage within compartments by employing policy statements, ensuring cost-effective and efficient resource management. This guide covers the essentials of compartment quotas, including their creation, application, and verification, to prevent unauthorised or accidental overuse of resources, such as creating extensive databases and other OCI resources, thereby aiding in better cost management and resource optimisation in OCI.