OCI Block Volume Backup Posture Auditor

 

OCI Block Volume Backup Posture Auditor

Introduction of Python Tool That Audits OCI Block And Boot Volume Backups, Flags Stale Or Missing Backups and Generates Backup Posture Reports


Description

I built the OCI Block Volume Backup Posture Auditor as a standalone OCI automation tool to audit block volume and boot volume backup hygiene across compartments. It produces timestamped JSON + Markdown findings and uploads the artifacts to OCI Object Storage so teams can review results, share evidence and track posture over time. The tool is designed to be safe to run in production because it uses read-only OCI API calls, with the only write action being the optional Object Storage upload of the generated reports.


Codebase

GitHub Code: Click Here


Why This Is Useful

Backups are one of those controls that everyone assumes are in place until something breaks. In a real tenancy, volumes get created quickly, instances move across compartments and backup routines can drift without anyone noticing. This project gives platform and operations teams a quick way to answer, “Are my critical volumes actually protected and how stale are the latest backups?”. It is especially useful for routine operational reviews, audit readiness and catching gaps early before they become painful during incident recovery.


What The Tool Does

The auditor runs an end-to-end posture check with clear, actionable outcomes:

  • Enumerates accessible compartments (OCI Identity)

  • Collects block volumes, boot volumes and their backups (OCI Block Volume)

  • Correlates attached instances for each volume (OCI Compute)

  • Flags each volume’s posture using a simple policy threshold: COMPLIANT, STALE_BACKUP, NO_BACKUP

  • Writes reports locally in .json + .md formats

  • Uploads the reports to OCI Object Storage


High Level Architecture

The repository is structured in a clean, modular way so it is easy to extend:

  • collectors/ for OCI service data collection

  • analyzers/ for compliance logic and posture classification

  • helpers/ for report writing + Object Storage upload helpers

  • main.py as the orchestration entry point

Operationally, it follows a straightforward pipeline: discover compartments → collect volumes/backups → analyze posture → generate artifacts → upload artifacts.


Prerequisites

To run this project you will need:

  • Python 3.10+

  • OCI config profile configured (for example ~/.oci/config)

  • IAM permissions for read-only listing plus Object Storage upload (including compute/block volume visibility and put-object)


Configuration

The tool supports optional environment variables via .env.example. One particularly useful knob is the maximum allowed backup age threshold (so you can define what stale means in your environment).
Examples include: OCI_ROOT_COMPARTMENT_OCID, OCI_REGION, OCI_MAX_BACKUP_AGE_DAYS and Object Storage namespace/bucket settings (with auto detection supported if omitted).


Expected Output

Each run generates two timestamped artifacts in output/:

  • block_volume_backup_posture_<timestamp>.json

  • block_volume_backup_posture_<timestamp>.md

Then the same artifacts are uploaded to Object Storage using an oci://<bucket>@<namespace>/<prefix>/... pattern, which makes it easy to keep a consistent audit trail.


Safety Notes

This tool performs no destructive operations. It only reads from Identity/Compute/Block Volume APIs and writes the generated report artifacts locally, with the optional upload to Object Storage as the only write action. 

Comments

Post a Comment

Popular posts from this blog

Your Cloud Is Talking Are You Listening OCI Logging Events and Notifications

Image
  Your Cloud Is Talking Are You Listening OCI Logging Events and Notifications A practical, human guide to how Oracle Cloud Infrastructure can collect what is happening, spot what matters and alert the right people before small issues turn into big ones. The problem with modern cloud is not lack of data Cloud platforms produce a huge amount of signals. Logs, metrics, state changes, access activity and service health updates are happening all the time. The problem is not that nothing is visible. The problem is that everything is visible in too many places and when something goes wrong, you do not know where to look first. This is why good teams still get surprised. Not because they are careless, but because attention is limited. You can only watch so many dashboards. You can only skim so many notifications. And when an incident starts, the first five minutes matter most. The goal of observability is simple. Make it easier to answer three questions quickly. What happened. Where ...
Read more

OCI Network Exposure Scanner

Image
OCI Network Exposure Scanner Introduction Of A Python Tool That Scans OCI Security Lists And NSGs For Internet Exposed Ingress Rules And Risky Open Ports Description I built the OCI Network Exposure Scanner as a lightweight Python auditing tool to quickly identify internet exposed ingress rules in OCI. It scans Security Lists and Network Security Groups (NSGs) for inbound TCP rules that allow traffic from 0.0.0.0/0 on common ports like SSH (22), RDP (3389), HTTP (80), and HTTPS (443) , then generates timestamped JSON + Markdown reports and uploads them to OCI Object Storage so the results are easy to review, share, and keep as audit evidence.  Codebase GitHub Code: Click Here Why This Is Useful In most OCI environments, network rules evolve quickly as teams ship features, open temporary access for troubleshooting or create new subnets and services. Over time, it becomes easy to accidentally leave behind world open ingress rules , especially on ports like SSH and RDP. This ...
Read more

When Your Apps Refuse to Talk Oracle Integration Cloud for the Rest of Us

Image
  When Your Apps Refuse to Talk Oracle Integration Cloud for the Rest of Us Oracle Integration Cloud is the Grown Up Way to Make Those Systems Cooperate. The quiet chaos of modern work Most companies do not run on one system. They run on a collection of tools that grew over time. Finance has one platform, sales has another, HR has its own portal and operations lives inside a mix of email, shared drives and service tickets. On paper, everything is digital. In reality, people still spend their days doing digital manual work. They export a spreadsheet, paste values into another system, forward approvals through email and hope everyone is looking at the latest version. It works until it does not. Then someone asks why the customer record is inconsistent, why invoices are delayed or why a new employee is not provisioned correctly. This is exactly the kind of problem Oracle Integration Cloud is meant to reduce. Oracle positions it as an integration service that helps connect applicati...
Read more