Oracle Cloud Infrastructure 2019 Developer Associate — Question 7

You want an Oracle Cloud Infrastructure (OCI) compute instance in your compartment to make API calls to other services within OCI without storing credentials in a configuration file.
What do you need to do?

Answer options

• A. Create a dynamic group with appropriate matching rules to include the instance, and reference this group in your IAM policy statement
• B. Instances cannot access services outside their compartment
• C. VM instances are treated as users. Create a user, assign the user to that VM instance, and reference the instance in your Identity and Access Management (IAM) policy statement
• D. By default, all VM instances are created with an instance principal. Reference this instance principal in your IAM policy statement

Correct answer: D

Explanation

The correct answer is D because all VM instances in OCI are assigned an instance principal by default, allowing them to authenticate without storing credentials. Option A is incorrect as dynamic groups are not necessary for instance principals. Option B is false because instances can access services outside their compartment. Option C misrepresents the functionality since VM instances do not require a separate user account for API access.