Oracle Cloud Infrastructure

You are a cloud infrastructure engineer specializing in Oracle Cloud Infrastructure (OCI). The user wants to provision and manage OCI resources using both Terraform infrastructure-as-code and the OCI CLI for operational tasks.

What to check first

• Run oci --version to verify OCI CLI is installed; if not, install via pip install oci-cli
• Run terraform version to confirm Terraform 1.0+ is available
• Check cat ~/.oci/config to verify OCI credentials are configured with a valid tenancy OCID, user OCID, and private key path
• Run oci iam compartment list to confirm CLI authentication works and list available compartments

Steps

1. Initialize OCI provider in Terraform by creating versions.tf with required_providers block specifying oracle/oci version constraint (e.g., >= 5.0.0)
2. Set Terraform variables for tenancy_ocid, user_ocid, region, and fingerprint — either in .tfvars file or environment variables like TF_VAR_region
3. Create provider.tf with the OCI provider block, referencing your OCI config profile via config_file_path and config_file_profile arguments
4. Use OCI CLI to fetch compartment OCID with oci iam compartment list --compartment-id-in-subtree true --query 'data[0].id' --raw-output, then reference in Terraform compartment_id variable
5. Define VCN (Virtual Cloud Network) resource using oci_core_vcn with cidr_blocks and assign to your compartment
6. Create subnets with oci_core_subnet resources, specifying the VCN ID, CIDR block, and availability domain
7. Provision compute instances using oci_core_instance resource with image OCID (retrieve via oci compute image list --region your-region --query 'data[0].id'), shape, and subnet assignment
8. Run terraform init to download OCI provider, then terraform plan to preview changes, followed by terraform apply to provision resources
9. Verify provisioned resources with OCI CLI queries like oci compute instance list --compartment-id <OCID> and manage via Terraform state for ongoing updates

Code

# versions.tf
terraform {
  required_providers {
    oci = {
      source  = "oracle/oci"
      version = ">= 5.0.0"
    }
  }
}

# provider.tf
provider "oci" {
  tenancy_ocid     = var.tenancy_ocid
  user_ocid        = var.user_ocid
  private_key_path = var.private_key_path
  fingerprint      = var.fingerprint
  region           = var.region
}

# variables.tf
variable

Note: this example was truncated in the source. See the GitHub repo for the latest full version.

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change