Pier Cloud FinOps Platform – CCA Configuration Guide for Oracle Cloud

CCA Configuration Process for the Pier Cloud FinOps Platform

Welcome to Pier Cloud!

Pier Cloud is our centralized platform for managing cloud data and services. Our focus is to ensure that access to resources is secure, practical, and efficient. This document was developed to guide you through the configuration of the CCA product for the OCI (Oracle Cloud Infrastructure) provider.

Below, you will find a step-by-step process with clear and objective instructions.

In the OCI Environment

Configuring Access to the Billing Report

  1. Access https://cloud.oracle.com and log in as an Administrator.

  2. On the main page, click Home, as shown below.

  1. In the left-hand navigation menu, click on Identity & Security, then on Identity.

Note: To perform this procedure, you must have the root 0 profile and access to the “Default (Current domain)” domain.

  1. On the Identity Overview screen, click on Domains, as shown below.

  1. On the Domains screen, locate the default domain and select Groups, as shown.

  1. On the Groups screen, existing groups will be displayed. To create a new one, click Create Group.

  1. On the Create Group screen, provide the following information:

  • Name: A name for the group (required)

  • Description: A description for the group (optional)

You can add users to the group at this step if they already exist. If not, you can create the necessary users later.

  1. Click Create to finalize group creation.

  2. Back on the Domains screen, in the left-hand menu click Policies, then Create Policy.

  1. Now we will create a policy to grant billing access to the group created in step 7 (e.g., PierCCA2).

  2. On the Create Policy screen, provide the following:

  • Name: A name for the policy (required)

  • Description: A description for the policy (required)

  • Compartment: Select the root compartment of the current domain.

  1. Scroll down to Policy Builder and click Show manual editor.

  1. Enter the following statement:

Allow group PierCCA2 to read all-resources in tenancy

Replace "PierCCA2" with the actual name of your group. This statement grants read access to all tenancy resources for the specified group.

  1. Click Create to finalize the policy.

Creating the User

  1. Return to the Domains screen and select Users.

  1. On the screen displayed, under Users, select the Create option, as illustrated below:

  1. On the Create User screen, fill in the following:

  • First Name: (Optional)

  • Last Name: (Required)

  • Username / Email: A valid email address for the user

At this step, you can associate the user with an existing group — choose the group created earlier (e.g., PierCCA2).

  1. After the user is created, the Details screen will be displayed.

Generating the API Key

  1. On the user’s Details screen, click API Keys, then Add API Key.

  1. The system will display the screen for adding API keys, where you will need to select the "Generate API key pair" option and then download the private key, as illustrated below:

  1. After downloading, click Add to finalize.

  1. After adding the access key, the system will display the page below. Copy the generated data to configure the PierCloud platform.

  • Region

  • User

  • Fingerprint

  • Tenancy

In the Pier Cloud Environment

Creating the Secret

  1. In the Pier Cloud platform, click on the User Icon, then go to Settings.

  1. In the left-hand menu, click Secrets, then click Add to create a new Oracle Cloud billing secret.

  1. Fill in the secret creation form:

    • Name: A friendly name for the secret

    • Type: Select OCI

  1. Upon selecting OCI, additional fields will appear. Fill them with the values copied from step 22:

    1. Region

    2. User

    3. Fingerprint

    4. Tenancy

    5. Private Key: Paste the contents of the .pem file downloaded in step 20.

  1. Click Save to create the secret.

Registering the Cloud Account

  1. In the left-hand menu, go to Cloud Accounts, then click Add.

  1. In the cloud account creation screen, provide the following:

    • Business Unit: Select the corresponding business unit

    • Account Identifier Name: A unique name for this account

    • Secret: Select the secret created in step 2

    • Tenant ID: Provide the tenancy from step 22

    • CCA (Cloud Compliance Analyzer): Leave this option enabled

  1. Click Save to store the information and return to the Cloud Accounts overview screen.

Done! Your OCI CCA is now successfully configured.

PreviousPierCloud FinOps Platform - Oracle Cloud Basic ConfigurationsNextPOC

Last updated