Automating Infrastructure Provisioning in OCI

Manual infrastructure provisioning in the cloud is not only inefficient—it’s risky. Oracle Cloud Infrastructure (OCI) offers multiple ways to automate the creation, configuration, and lifecycle management of cloud resources using Infrastructure as Code (IaC) principles.

This blog explores the key tools available for infrastructure automation in OCI—primarily Terraform, OCI Resource Manager, and supporting CLI/SDK methods—and provides guidance on when and how to use each.

Why Automate OCI Infrastructure?

• Consistency: Same configuration every time across environments
• Speed: Rapid provisioning of full-stack environments
• Auditability: Changes are version-controlled and traceable
• Disaster Recovery: Infrastructure can be re-deployed on demand
• Collaboration: Teams can co-develop infrastructure using Git workflows

Option 1: Terraform (HashiCorp) for OCI

Terraform is the most widely used IaC tool for OCI. Oracle provides an official Terraform provider to support all OCI resources including compute, network, storage, and IAM.

Key Benefits:

• Declarative syntax (you define what to create, not how)
• Full support for OCI resource types
• Version control with Git
• Modular, reusable code
• Can be integrated into CI/CD pipelines

Basic Workflow:

1. Write Terraform configuration (*.tf files)
2. Initialize the environment using terraform init
3. Plan changes using terraform plan
4. Apply changes using terraform apply

Example:

resource
"oci_core_instance" "my_instance" {


availability_domain = "..."


compartment_id      =
"..."


shape               =
"VM.Standard.E4.Flex"


...

}

Option 2: OCI Resource Manager (Managed Terraform)

Resource Manager is Oracle’s fully managed Terraform service, providing a web interface and backend engine to run Terraform scripts without needing a local CLI setup.

Why Use Resource Manager?

• Ideal for users new to Terraform
• No installation required
• Integrated with OCI IAM and Compartments
• Supports state file management
• Enables guardrails via policies (e.g., only Ops team can apply changes)

Use Cases:

• Enterprise environments where policy control is important
• Teams that prefer GUI-based provisioning
• Integrating with IAM approval workflows

Workflow:

1. Upload Terraform config as a stack
2. Run jobs (plan/apply/destroy)
3. Monitor progress and audit logs
4. Use variables and secure credentials natively

Option 3: OCI CLI and SDKs

For more scriptable, event-driven automation, the OCI CLI and SDKs (Python, Java, Go, etc.) offer programmatic control of OCI resources.

When to Use:

• Automation scripts triggered by events (e.g., scheduled provisioning)
• Admin tasks not easily modeled in Terraform
• Rapid prototyping and small scale provisioning

Example:

oci compute instance launch \

  --compartment-id
ocid1.compartment.oc1..xxxxx \


--availability-domain Uocm:PHX-AD-1 \


--shape VM.Standard.E4.Flex \


--image-id ocid1.image.oc1.phx.xxxxx

Option 4: OCI DevOps + GitOps

OCI also supports DevOps Pipelines for provisioning infrastructure alongside applications. Using Git as the source of truth, you can:

• Trigger Terraform runs on code push
• Integrate with OCI Vault for secrets
• Use policies to restrict deployment environments

Choosing the Right Tool

Best Practices for OCI Automation

• Use modular Terraform code for reusability
• Maintain versioned infrastructure in Git
• Keep state files secured (Resource Manager does this automatically)
• Use Vault + OCI Identity for secrets management
• Always plan before apply, especially in production
• Tag and name resources consistently for cost tracking and audit

Final Thoughts

OCI gives you multiple tools for automating infrastructure based on your team’s maturity, governance needs, and preferred workflows. Whether you’re an experienced Terraform user or new to cloud automation, you can pick the tool that best matches your use case.

For larger, multi-team deployments, a hybrid model works well:

• Use Terraform + GitOps for core infrastructure
• Use Resource Manager for self-service provisioning
• Use CLI/SDK for operational tasks and event triggers

Further Reading

• Oracle Resource Manager
• OCI CLI Documentation
• OCI DevOps Pipelines

• Author
• Recent Posts

Brijesh Gogia

I’m an experienced Cloud and AI Architect with over 19 years in Oracle Applications, Databases, and Cloud ecosystems. My work spans large-scale, global projects where I’ve designed and optimized solutions across both Oracle and non-Oracle stacks—on-prem and in the cloud. Lately, my focus has shifted toward integrating AI into enterprise architectures, leveraging GenAI, automation, and data intelligence to drive performance, resilience, and modernization. I’m passionate about exploring emerging AI tools, agentic workflows, and practical use cases—and I'm fortunate that my role gives me space to experiment and share my learnings.

Latest posts by Brijesh Gogia (see all)

• GitHub Copilot Coding Agent - May 20, 2025
• Enabling Natural Language Queries in Oracle E-Business Suite with OCI Generative AI - April 20, 2025
• Agentic AI basics – A Simple Introduction - February 8, 2025