Glossary

This glossary provides definitions for key Oracle Cloud Infrastructure (OCI) terms and concepts used throughout the onboarding process.

Oracle Cloud Terms

Tenancy

The root compartment that contains all your Oracle Cloud resources. It's the top-level container for your entire Oracle Cloud account and represents your company's Oracle Cloud subscription.

Compartment

A logical container used to organize and isolate cloud resources. Compartments can be nested in a hierarchy, allowing you to organize resources by project, team, or environment.

OCID (Oracle Cloud Identifier)

A unique Oracle-assigned identifier for every resource in Oracle Cloud. OCIDs are immutable and follow a specific format that includes the resource type and location.

Home Region

The Oracle Cloud region where your tenancy was first subscribed. This region stores your identity resources and serves as the authoritative source for your IAM configuration.

Service Principal

A special type of user that represents an application or service rather than a person. Service principals are used for programmatic access to Oracle Cloud resources.

Identity Domain

A container for managing users and groups in Oracle Cloud Infrastructure. It provides identity management, authentication, and authorization services.

Workload Identity Federation

A method of authentication that allows external identities (like AWS IAM roles) to access Oracle Cloud resources without requiring long-lived credentials. It uses temporary tokens and trust relationships for secure cross-cloud authentication.

Identity Provider

A service that authenticates users or services and provides identity information to other systems. In this context, it allows AWS services to authenticate to Oracle Cloud.

Federation

The process of establishing trust between two separate identity management systems, allowing users or services from one system to access resources in another.

Trust Relationship

A configuration that defines which external identities are allowed to access resources and under what conditions. It specifies the trusted AWS account and any additional constraints.

External ID

A unique identifier used in federation to prevent unauthorized access. It must be provided by the external party (Upwind's AWS) when assuming access to your Oracle Cloud resources.

IAM Policy

A document that specifies who can access which resources, and how. Policies use a human-readable syntax to define permissions at various levels (tenancy, compartment, or resource).

Instance Principal

A capability that lets instances make API calls against Oracle Cloud services without needing to store credentials on the instance.

Federated User

An identity that is authenticated by an external identity provider (like AWS) and granted temporary access to Oracle Cloud resources through federation.

Dynamic Group

A group whose membership is determined by matching rules rather than explicit user assignment. Commonly used to grant permissions to compute instances.

Upwind Terms

Cloud Scanner

Upwind's automated scanning component that discovers and analyzes cloud resources for security risks, misconfigurations, and compliance violations.

Orchestrator

A designated component or project that manages and coordinates scanning activities across your cloud environment.

Client Credentials

Authentication tokens generated by Upwind that allow your cloud environment to communicate with Upwind's services.

Upwind Management Console

The web-based interface where you configure integrations, view security findings, and manage your cloud security posture.

Security Baseline

A set of security best practices and configurations that Upwind uses to evaluate your cloud environment's security posture.

Integration Terms

Read-only Access

Permission level that allows viewing and listing resources without the ability to modify, create, or delete them. Used by Upwind for security scanning.

Workload

Any application, service, or computing task running in your cloud environment. Can include virtual machines, containers, or serverless functions.

Security Finding

A specific security issue, misconfiguration, or compliance violation identified by Upwind's scanning process.

Remediation

The process of fixing or mitigating a security finding to improve your cloud security posture.

Compliance Framework

A set of guidelines and best practices (such as CIS, PCI-DSS, or HIPAA) against which your cloud configuration is evaluated.

Oracle Cloud Terms​

Tenancy​

Compartment​

OCID (Oracle Cloud Identifier)​

Home Region​

Service Principal​

Identity Domain​

Workload Identity Federation​

Identity Provider​

Federation​

Trust Relationship​

External ID​

IAM Policy​

Instance Principal​

Federated User​

Dynamic Group​

Upwind Terms​

Cloud Scanner​

Orchestrator​

Client Credentials​

Upwind Management Console​

Security Baseline​

Integration Terms​

Read-only Access​

Workload​

Security Finding​

Remediation​

Compliance Framework​