OCI Availability Domain Footprint Mapper for Oracle Cloud Infrastructure

Introduction of Python Tool That Maps OCI Resource Footprints Across Availability Domains For Resilience And Capacity Planning



Description

I built the OCI Availability Domain Footprint Mapper as a standalone, read-only OCI automation tool that maps Compute placement and network footprint by Availability Domain (AD). It generates timestamped JSON + Markdown reports and can optionally upload those artifacts to OCI Object Storage for easy sharing and repeatable auditing.


Codebase

GitHub Code: Click Here

Why This Is Useful

In real OCI environments, it is surprisingly easy for workloads to end up lopsided in one Availability Domain or concentrated in a small set of subnets. That can quietly reduce resilience, increase blast radius during failures and make capacity planning harder than it needs to be. This tool exists to give platform and operations teams a quick, repeatable way to understand where compute is placed, how IP usage is distributed and whether the deployment footprint looks balanced across ADs and subnets. 


What The Tool Does

The tool scans your tenancy (optionally including subcompartments) and produces a clear footprint summary, including:

  • AD-level instance distribution

  • AD-level private/public IP distribution

  • Compartment-level footprint summary

  • Subnet occupancy summary

  • Top shape usage

  • A placement skew indicator with recommendation text (so you can immediately see if distribution looks healthy)

Behind the scenes, it uses OCI APIs across Identity, Compute, Virtual Network, and Object Storage and it avoids destructive operations.


High Level Architecture

This project is designed to be simple to operationalize from a Windows workstation, Cloud Shell-style environment or a CI runner:

  1. Collect metadata via read-only calls to OCI Identity, Compute and VCN APIs.

  2. Aggregate results into AD-level and subnet level summaries, plus a skew indicator.

  3. Export a Markdown report for humans and JSON output for automation/diffing.

  4. Archive (optional) the artifacts to OCI Object Storage using a consistent prefix and URI pattern.


Prerequisites

To run it, you need:

  • Python 3 and the dependencies in requirements.txt

  • OCI credentials configured (and permission to read Identity/Compute/VCN resources)

  • Optional: an OCI Object Storage bucket/namespace if you want uploads (the bucket can be auto discovered if omitted).


Expected Output

By default, the tool writes artifacts to output/ with a timestamped naming pattern:

  • ad_footprint_report_<timestamp>.json

  • ad_footprint_report_<timestamp>.md

If uploads are enabled, it stores the same artifacts in Object Storage using a consistent URI pattern:

  • oci://<bucket>@<namespace>/<prefix>/ad_footprint_report_<timestamp>.json

  • oci://<bucket>@<namespace>/<prefix>/ad_footprint_report_<timestamp>.md



Safety Notes

This tool is designed to be safe to run in production environments. It uses read-only calls to Identity/Compute/VCN APIs and the only write action is the optional Object Storage upload of the generated report artifacts. 












Comments

Post a Comment

Popular posts from this blog

Your Cloud Is Talking Are You Listening OCI Logging Events and Notifications

Image
  Your Cloud Is Talking Are You Listening OCI Logging Events and Notifications A practical, human guide to how Oracle Cloud Infrastructure can collect what is happening, spot what matters and alert the right people before small issues turn into big ones. The problem with modern cloud is not lack of data Cloud platforms produce a huge amount of signals. Logs, metrics, state changes, access activity and service health updates are happening all the time. The problem is not that nothing is visible. The problem is that everything is visible in too many places and when something goes wrong, you do not know where to look first. This is why good teams still get surprised. Not because they are careless, but because attention is limited. You can only watch so many dashboards. You can only skim so many notifications. And when an incident starts, the first five minutes matter most. The goal of observability is simple. Make it easier to answer three questions quickly. What happened. Where ...
Read more

OCI Network Exposure Scanner

Image
OCI Network Exposure Scanner Introduction Of A Python Tool That Scans OCI Security Lists And NSGs For Internet Exposed Ingress Rules And Risky Open Ports Description I built the OCI Network Exposure Scanner as a lightweight Python auditing tool to quickly identify internet exposed ingress rules in OCI. It scans Security Lists and Network Security Groups (NSGs) for inbound TCP rules that allow traffic from 0.0.0.0/0 on common ports like SSH (22), RDP (3389), HTTP (80), and HTTPS (443) , then generates timestamped JSON + Markdown reports and uploads them to OCI Object Storage so the results are easy to review, share, and keep as audit evidence.  Codebase GitHub Code: Click Here Why This Is Useful In most OCI environments, network rules evolve quickly as teams ship features, open temporary access for troubleshooting or create new subnets and services. Over time, it becomes easy to accidentally leave behind world open ingress rules , especially on ports like SSH and RDP. This ...
Read more

When Your Apps Refuse to Talk Oracle Integration Cloud for the Rest of Us

Image
  When Your Apps Refuse to Talk Oracle Integration Cloud for the Rest of Us Oracle Integration Cloud is the Grown Up Way to Make Those Systems Cooperate. The quiet chaos of modern work Most companies do not run on one system. They run on a collection of tools that grew over time. Finance has one platform, sales has another, HR has its own portal and operations lives inside a mix of email, shared drives and service tickets. On paper, everything is digital. In reality, people still spend their days doing digital manual work. They export a spreadsheet, paste values into another system, forward approvals through email and hope everyone is looking at the latest version. It works until it does not. Then someone asks why the customer record is inconsistent, why invoices are delayed or why a new employee is not provisioned correctly. This is exactly the kind of problem Oracle Integration Cloud is meant to reduce. Oracle positions it as an integration service that helps connect applicati...
Read more