{"id":888,"date":"2026-04-16T13:53:27","date_gmt":"2026-04-16T13:53:27","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-oci-database-with-postgresql-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-data-management\/"},"modified":"2026-04-16T13:53:27","modified_gmt":"2026-04-16T13:53:27","slug":"oracle-cloud-oci-database-with-postgresql-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-data-management","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-oci-database-with-postgresql-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-data-management\/","title":{"rendered":"Oracle Cloud OCI Database with PostgreSQL Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Data Management"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Data Management<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p>OCI Database with PostgreSQL is Oracle Cloud Infrastructure\u2019s managed PostgreSQL database service. It lets you run PostgreSQL databases on Oracle Cloud without managing the underlying operating system, database host provisioning, or many day-2 operations such as backups and patching (exact automation scope varies by configuration\u2014verify in official docs for your region).<\/p>\n\n\n\n<p>In simple terms: you create a PostgreSQL database in the Oracle Cloud Console (or via API\/CLI), connect to it using standard PostgreSQL tools (like <code>psql<\/code>), and Oracle Cloud runs the database on managed infrastructure while you focus on schemas, queries, and application development.<\/p>\n\n\n\n<p>In technical terms: OCI Database with PostgreSQL provisions a PostgreSQL \u201cDB system\u201d within OCI, attaches managed storage, configures networking inside your VCN, and exposes a PostgreSQL endpoint. You manage logical database objects and runtime settings allowed by the service, while OCI manages host lifecycle tasks and integrates the service with OCI Identity and Access Management (IAM), networking, monitoring, and auditing.<\/p>\n\n\n\n<p>It solves a common problem in Data Management: teams want PostgreSQL\u2019s ecosystem and portability, but don\u2019t want the operational burden of self-managing PostgreSQL (OS hardening, patching, backups, HA planning, monitoring pipelines, and upgrade orchestration). OCI Database with PostgreSQL provides a managed path with OCI-native security and network controls.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is OCI Database with PostgreSQL?<\/h2>\n\n\n\n<p><strong>Official purpose<\/strong><br\/>\nOCI Database with PostgreSQL is a managed database service on Oracle Cloud that provides PostgreSQL databases as a cloud service. You use it to deploy and operate PostgreSQL while leveraging OCI\u2019s infrastructure, IAM, networking, and observability features. For the most current positioning and capabilities, verify on Oracle\u2019s official service documentation and product page.<\/p>\n\n\n\n<p><strong>Core capabilities (high-level)<\/strong><br\/>\nCommonly documented capabilities for managed PostgreSQL services in OCI include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Provision PostgreSQL DB systems (compute + storage) through Console\/API\/CLI<\/li>\n<li>Private networking in an OCI Virtual Cloud Network (VCN)<\/li>\n<li>Automated backups and restore workflows (exact restore options such as point-in-time recovery depend on service configuration\u2014verify in official docs)<\/li>\n<li>Maintenance\/patching workflows managed by the service (maintenance windows and control level vary\u2014verify)<\/li>\n<li>Monitoring metrics and logs through OCI observability services (availability depends on enabled features\u2014verify)<\/li>\n<li>Integration with OCI IAM for access control and with OCI Audit for API event visibility<\/li>\n<\/ul>\n\n\n\n<p><strong>Major components (conceptual model)<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>PostgreSQL DB system<\/strong>: The managed PostgreSQL database deployment (compute, storage, and service-managed configuration).<\/li>\n<li><strong>VCN and subnet<\/strong>: Networking boundary in OCI where the DB system is attached.<\/li>\n<li><strong>Security lists \/ NSGs<\/strong>: Network controls for inbound\/outbound access to the database port.<\/li>\n<li><strong>Database endpoint<\/strong>: Hostname\/IP and port (typically PostgreSQL default port 5432 unless configured differently\u2014verify service defaults).<\/li>\n<li><strong>Backups<\/strong>: Service-managed backup artifacts (often stored in OCI Object Storage behind the scenes\u2014verify implementation details in docs).<\/li>\n<li><strong>OCI IAM policies<\/strong>: Control who can create\/modify\/delete DB systems and related resources.<\/li>\n<li><strong>Monitoring\/Audit<\/strong>: Visibility into operational health and API actions.<\/li>\n<\/ul>\n\n\n\n<p><strong>Service type<\/strong><br\/>\n&#8211; <strong>Managed database (DBaaS)<\/strong> for PostgreSQL on Oracle Cloud.\n&#8211; You manage <strong>data, roles, schemas, queries, and application connections<\/strong>.\n&#8211; OCI manages <strong>infrastructure lifecycle<\/strong> and selected operational tasks per the service\u2019s shared responsibility model.<\/p>\n\n\n\n<p><strong>Scope: regional vs zonal and where it \u201clives\u201d<\/strong><br\/>\nOCI services typically operate within an <strong>OCI region<\/strong> and your selected <strong>compartment<\/strong>. The DB system is deployed into a <strong>VCN subnet<\/strong> that exists within a region. Availability and specific deployment topology (single-AZ vs multi-AD\/FD or HA options) can be region- and configuration-dependent\u2014verify in the OCI Database with PostgreSQL docs for your chosen region.<\/p>\n\n\n\n<p><strong>How it fits into the Oracle Cloud ecosystem<\/strong><br\/>\nOCI Database with PostgreSQL is part of Oracle Cloud\u2019s <strong>Data Management<\/strong> portfolio and integrates with core OCI building blocks:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI Networking (VCN, subnets, NSGs)<\/strong> for private connectivity<\/li>\n<li><strong>OCI IAM<\/strong> for least-privilege authorization<\/li>\n<li><strong>OCI Vault<\/strong> (potentially) for customer-managed keys and secrets patterns (verify what is supported natively vs application-managed)<\/li>\n<li><strong>OCI Monitoring and Logging<\/strong> for metrics\/logs<\/li>\n<li><strong>OCI Bastion<\/strong> for secure administrative access patterns<\/li>\n<li><strong>OCI Object Storage<\/strong> (commonly for backups\/export patterns; service internals may use it\u2014verify)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use OCI Database with PostgreSQL?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduce operational overhead<\/strong>: Managed provisioning, maintenance, and backups can reduce DBA and SRE toil compared to self-managed PostgreSQL.<\/li>\n<li><strong>Standardize on PostgreSQL<\/strong>: Many organizations already use PostgreSQL-compatible tools, ORMs, and skills.<\/li>\n<li><strong>Faster time-to-value<\/strong>: Create databases in minutes with consistent baselines instead of building bespoke VM + storage + backup stacks.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Native PostgreSQL protocol and tooling<\/strong>: Use <code>psql<\/code>, JDBC\/ODBC, common drivers, migration tools, and SQL features that are compatible with PostgreSQL (exact version and extension support varies\u2014verify).<\/li>\n<li><strong>OCI-native networking<\/strong>: Place the database in private subnets and tightly control access via NSGs and route tables.<\/li>\n<li><strong>Composable architecture<\/strong>: Combine with OCI Compute, OKE (Kubernetes), API Gateway, Load Balancer, and Identity.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Automated backups<\/strong> and <strong>simplified restore<\/strong> workflows (verify restore options).<\/li>\n<li><strong>Monitoring and alarms<\/strong> integrated into OCI observability.<\/li>\n<li><strong>API-driven management<\/strong>: Consistent infrastructure-as-code practices using Terraform\/OCI CLI (verify provider resource coverage for your service version).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Private endpoints<\/strong> in a VCN reduce exposure.<\/li>\n<li><strong>Centralized IAM<\/strong> policies and compartment isolation.<\/li>\n<li><strong>Auditability<\/strong> through OCI Audit for control-plane actions.<\/li>\n<li><strong>Encryption at rest\/in transit<\/strong> patterns typical for managed databases (verify exact encryption and TLS configuration options supported by the service).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Scale compute\/storage<\/strong> within service-defined limits and shapes (verify supported scaling operations and whether they are online).<\/li>\n<li><strong>Use OCI performance primitives<\/strong> (fast networking, block storage capabilities, proximity to applications in the same region).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose it<\/h3>\n\n\n\n<p>Choose OCI Database with PostgreSQL when:\n&#8211; You want <strong>managed PostgreSQL<\/strong> on Oracle Cloud with OCI-native security and networking.\n&#8211; You need to run <strong>PostgreSQL-backed applications<\/strong> close to OCI workloads (OKE, Compute, Functions).\n&#8211; Your team wants a <strong>supported service<\/strong> rather than managing VMs, replication, and backups.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose it<\/h3>\n\n\n\n<p>Consider alternatives if:\n&#8211; You require <strong>full superuser OS-level control<\/strong> and custom extensions\/modules that managed services typically restrict.\n&#8211; You need <strong>specialized HA\/replication topologies<\/strong> not offered by the service (verify HA features).\n&#8211; You need <strong>cross-region active-active<\/strong> semantics and automated global failover beyond what the service provides (verify).\n&#8211; Your organization is not ready for a managed service\u2019s guardrails (restricted parameters, maintenance events).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is OCI Database with PostgreSQL used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SaaS and software product companies<\/li>\n<li>FinTech, payments, and risk analytics (with careful compliance design)<\/li>\n<li>E-commerce and marketplaces<\/li>\n<li>Media and gaming backends<\/li>\n<li>Healthcare and life sciences (with strong governance and audit requirements)<\/li>\n<li>Manufacturing and logistics (transactional systems + analytics extracts)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Platform engineering teams providing a standard PostgreSQL service<\/li>\n<li>DevOps\/SRE teams modernizing data platforms<\/li>\n<li>Application development teams using PostgreSQL as their primary relational store<\/li>\n<li>Data engineering teams running metadata stores, job schedulers, and workflow backends<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OLTP applications (web\/mobile backends)<\/li>\n<li>Multi-tenant SaaS schemas<\/li>\n<li>Event-driven ingestion into relational models<\/li>\n<li>Microservices needing relational consistency<\/li>\n<li>CMS and ERP-like systems that rely on relational constraints<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>3-tier apps (web\/app\/db) in a single OCI region<\/li>\n<li>Microservices on OKE connecting privately to PostgreSQL<\/li>\n<li>Hybrid connectivity: on-prem apps connected via VPN\/FastConnect to OCI<\/li>\n<li>Blue\/green deployments where the DB remains stable but application tiers rotate<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Real-world deployment contexts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Production systems with strict network isolation, backups, and alerting<\/li>\n<li>Dev\/test environments where teams want fast provisioning and predictable cleanup<\/li>\n<li>Staging environments mirroring production for realistic load testing<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic scenarios where OCI Database with PostgreSQL is commonly a good fit.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Managed PostgreSQL for a new OCI-hosted application<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: You need PostgreSQL but don\u2019t want to manage VMs, storage, and backups.<\/li>\n<li><strong>Why this service fits<\/strong>: Managed DB lifecycle with OCI networking and IAM.<\/li>\n<li><strong>Example<\/strong>: A new customer portal deployed on OCI Compute uses OCI Database with PostgreSQL as the transactional store.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) PostgreSQL backend for Kubernetes (OKE) microservices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Microservices need a reliable relational DB with private connectivity.<\/li>\n<li><strong>Why this service fits<\/strong>: DB system in a private subnet, locked down by NSGs; OKE nodes can connect via VCN.<\/li>\n<li><strong>Example<\/strong>: A set of OKE services uses PostgreSQL schemas per service with connection pooling.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Lift-and-shift from self-managed PostgreSQL VMs into OCI<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Existing PostgreSQL on VMs is costly to operate and patch.<\/li>\n<li><strong>Why this service fits<\/strong>: Reduce OS\/host management; standard PostgreSQL endpoints.<\/li>\n<li><strong>Example<\/strong>: A company migrates a 1 TB PostgreSQL database from on-prem VMs to OCI Database with PostgreSQL and re-points apps.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Multi-tenant SaaS with schema-per-tenant<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Need relational isolation per tenant without running many separate DB servers.<\/li>\n<li><strong>Why this service fits<\/strong>: Managed instance with predictable ops; use PostgreSQL roles\/schemas for separation.<\/li>\n<li><strong>Example<\/strong>: Each tenant gets a schema; platform uses RLS (row-level security) and role-based access.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Backend for identity, authorization, or policy services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Need strong consistency and transaction semantics for auth data.<\/li>\n<li><strong>Why this service fits<\/strong>: PostgreSQL ACID properties and strong constraints.<\/li>\n<li><strong>Example<\/strong>: An internal authorization service stores policies and audit metadata in PostgreSQL.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Metadata store for data pipelines and orchestration tools<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Workflow orchestrators need a reliable relational metadata store.<\/li>\n<li><strong>Why this service fits<\/strong>: Managed DB reduces downtime and maintenance overhead.<\/li>\n<li><strong>Example<\/strong>: Airflow-like orchestration uses PostgreSQL for metadata; workers run on OCI Compute.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Reporting database for operational analytics (lightweight)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Need near-real-time reporting without impacting primary OLTP too much.<\/li>\n<li><strong>Why this service fits<\/strong>: Use read-optimized patterns (read replicas or separate DB systems, depending on support\u2014verify).<\/li>\n<li><strong>Example<\/strong>: ETL jobs copy data into a reporting schema nightly; dashboards query the reporting DB.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Geographically constrained deployments<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Data residency requires hosting in specific regions.<\/li>\n<li><strong>Why this service fits<\/strong>: OCI region selection and compartment governance.<\/li>\n<li><strong>Example<\/strong>: EU customers\u2019 data is hosted in an EU OCI region, with strict IAM and network boundaries.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Secure private database for internal tools<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Internal tooling needs a DB but must not be public.<\/li>\n<li><strong>Why this service fits<\/strong>: Private subnet deployment with Bastion for admin access.<\/li>\n<li><strong>Example<\/strong>: A finance reconciliation app connects to PostgreSQL via private IP from a restricted compute instance.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Standardized platform offering (internal DBaaS)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Platform team needs a standard, supportable PostgreSQL service for many teams.<\/li>\n<li><strong>Why this service fits<\/strong>: Consistent provisioning model, tagging, IAM, and audit trails.<\/li>\n<li><strong>Example<\/strong>: A self-service catalog triggers Terraform that provisions OCI Database with PostgreSQL per project compartment.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<blockquote>\n<p>Note: Feature availability can vary by region, service release, and configuration. Validate specifics in the official OCI Database with PostgreSQL documentation.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Managed PostgreSQL DB system provisioning<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Creates a PostgreSQL deployment with compute, storage, and networking configured.<\/li>\n<li><strong>Why it matters<\/strong>: Avoids manual VM provisioning, storage attachment, and baseline configuration.<\/li>\n<li><strong>Practical benefit<\/strong>: Faster environment creation; fewer configuration drift issues.<\/li>\n<li><strong>Caveat<\/strong>: You typically don\u2019t get OS-level access; service enforces guardrails.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">VCN-native private networking<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Attaches the DB system to your OCI VCN\/subnet and controls traffic with NSGs\/security lists.<\/li>\n<li><strong>Why it matters<\/strong>: Strong network isolation and predictable routing.<\/li>\n<li><strong>Practical benefit<\/strong>: Keep the database off the public internet, use private IPs, integrate with OCI Bastion.<\/li>\n<li><strong>Caveat<\/strong>: You must design subnets, route tables, and access rules correctly, or connectivity fails.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Automated backups (and restore workflow)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Schedules and stores backups; provides restore operations.<\/li>\n<li><strong>Why it matters<\/strong>: Backups are mandatory for production resilience.<\/li>\n<li><strong>Practical benefit<\/strong>: Reduced operational burden and fewer missed backups.<\/li>\n<li><strong>Caveat<\/strong>: Verify backup retention defaults, restore options (full vs point-in-time), and backup storage costs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Maintenance and patching workflow<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Applies security and stability updates to managed components.<\/li>\n<li><strong>Why it matters<\/strong>: Databases are security-critical; patching reduces risk.<\/li>\n<li><strong>Practical benefit<\/strong>: Less DBA toil; standardized patch posture.<\/li>\n<li><strong>Caveat<\/strong>: Maintenance can introduce downtime or performance impact; verify maintenance window controls and notification options.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring metrics and alarms (OCI Monitoring)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Emits operational metrics (CPU, storage, connections, etc., depending on support).<\/li>\n<li><strong>Why it matters<\/strong>: You need telemetry to operate reliably.<\/li>\n<li><strong>Practical benefit<\/strong>: Set alarms for storage growth, high CPU, connection saturation.<\/li>\n<li><strong>Caveat<\/strong>: Metric set may differ from self-managed exporters; verify which PostgreSQL-specific metrics are available.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Logging integration (OCI Logging)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Centralizes logs (service logs and\/or database logs depending on configuration).<\/li>\n<li><strong>Why it matters<\/strong>: Logs are essential for incident response and auditing.<\/li>\n<li><strong>Practical benefit<\/strong>: Central retention, search, and alerting workflows.<\/li>\n<li><strong>Caveat<\/strong>: Not all PostgreSQL log types may be exposed; verify log categories and retention options.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM and compartment governance<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Controls who can manage DB systems using OCI IAM policies and compartment boundaries.<\/li>\n<li><strong>Why it matters<\/strong>: Prevents unauthorized changes and enforces separation of duties.<\/li>\n<li><strong>Practical benefit<\/strong>: Teams can manage only their compartment resources.<\/li>\n<li><strong>Caveat<\/strong>: Misconfigured policies commonly cause provisioning failures.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">API\/CLI automation support<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Lets you automate lifecycle via OCI APIs\/CLI and infrastructure-as-code.<\/li>\n<li><strong>Why it matters<\/strong>: Repeatability, auditability, and self-service provisioning.<\/li>\n<li><strong>Practical benefit<\/strong>: Consistent environments across dev\/test\/prod.<\/li>\n<li><strong>Caveat<\/strong>: Terraform\/CLI coverage evolves; verify resource support for your desired operations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security features (encryption, TLS patterns)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Supports encryption at rest and secure connections (TLS) depending on service configuration.<\/li>\n<li><strong>Why it matters<\/strong>: Protects data confidentiality.<\/li>\n<li><strong>Practical benefit<\/strong>: Aligns with compliance and security baselines.<\/li>\n<li><strong>Caveat<\/strong>: Verify whether customer-managed keys (CMK) are supported and how TLS certificates are managed.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level service architecture<\/h3>\n\n\n\n<p>OCI Database with PostgreSQL follows a common managed database pattern:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Control plane<\/strong> (OCI-managed): provisioning, patching orchestration, backups\/restore initiation, lifecycle operations, API endpoints, and IAM integration.<\/li>\n<li><strong>Data plane<\/strong> (your DB system): the actual PostgreSQL engine running in a managed environment attached to your VCN\/subnet.<\/li>\n<\/ul>\n\n\n\n<p>You interact with:\n&#8211; The <strong>control plane<\/strong> via OCI Console, CLI, SDK, or REST APIs.\n&#8211; The <strong>data plane<\/strong> via PostgreSQL clients using the database endpoint.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Request\/data\/control flow<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Provisioning<\/strong>: You create a DB system in a compartment. OCI control plane validates IAM permissions, allocates infrastructure, and attaches it to your specified VCN\/subnet.<\/li>\n<li><strong>Connectivity<\/strong>: Your application connects over TCP to the DB endpoint (port typically 5432), governed by NSG\/security list rules and routes.<\/li>\n<li><strong>Operations<\/strong>: Backups and maintenance are initiated\/scheduled by the service. Metrics and logs are emitted to OCI Monitoring\/Logging (depending on configuration).<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related OCI services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Networking<\/strong>: VCN, subnets, route tables, NAT gateway (for outbound internet), service gateway (private access to OCI services), NSGs\/security lists.<\/li>\n<li><strong>Compute\/OKE<\/strong>: App tiers in OCI Compute or OKE connect privately.<\/li>\n<li><strong>Bastion<\/strong>: Secure administrative access to private subnets.<\/li>\n<li><strong>Monitoring &amp; Logging<\/strong>: Metrics, alarms, log aggregation.<\/li>\n<li><strong>Audit<\/strong>: Records API actions for governance and investigations.<\/li>\n<li><strong>Vault<\/strong>: Key and secret management patterns (verify which parts integrate natively).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services (typical)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI Identity and Access Management (IAM)<\/li>\n<li>OCI Networking (VCN + subnet)<\/li>\n<li>OCI Monitoring\/Logging\/Audit for ops visibility<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Control-plane authorization<\/strong>: OCI IAM policies determine who can create\/manage DB systems.<\/li>\n<li><strong>Database authentication<\/strong>: PostgreSQL roles\/users and passwords (and possibly other auth mechanisms depending on supported features\u2014verify).<\/li>\n<li><strong>Network access control<\/strong>: NSGs and security lists restrict inbound database port access to known source CIDRs or VCN segments.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model<\/h3>\n\n\n\n<p>Most secure production designs place the DB system in a <strong>private subnet<\/strong>:\n&#8211; No public IP\n&#8211; Admin access via Bastion or via a private jump host\n&#8211; Application access from private subnets (OKE\/Compute)\n&#8211; Optional private connectivity from on-prem via VPN or FastConnect<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Define <strong>alarms<\/strong> on CPU, storage, connection count, and latency metrics available.<\/li>\n<li>Use <strong>compartment-level policies<\/strong> and <strong>tags<\/strong> for ownership, cost allocation, and lifecycle.<\/li>\n<li>Enable <strong>Audit<\/strong> visibility and integrate with SIEM if required.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  Dev[Developer Laptop] --&gt;|psql over VPN\/Bastion| Bastion[OCI Bastion \/ Jump Host]\n  Bastion --&gt;|TCP 5432| PG[(OCI Database with PostgreSQL\\nDB System)]\n  App[App on OCI Compute\/OKE] --&gt;|TCP 5432| PG\n  PG --&gt; Mon[OCI Monitoring]\n  PG --&gt; Log[OCI Logging]\n  IAM[OCI IAM] --&gt; CP[OCI Control Plane]\n  CP --&gt; PG\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph OnPrem[On-Prem \/ Corporate Network]\n    Users[Users\/Operators]\n    CI[CI\/CD Runners]\n  end\n\n  subgraph OCI[Oracle Cloud (Region)]\n    subgraph Net[VCN]\n      subgraph Pub[Public Subnet]\n        LB[Load Balancer]\n        Bastion[OCI Bastion]\n        NAT[NAT Gateway]\n      end\n\n      subgraph AppSub[Private App Subnet]\n        OKE[OKE Cluster \/ Compute App Tier]\n        Pool[Connection Pooler on Compute\\n(optional pattern)]\n      end\n\n      subgraph DataSub[Private Data Subnet]\n        PG[(OCI Database with PostgreSQL\\nDB System)]\n      end\n    end\n\n    Obs[Monitoring + Logging]\n    Audit[OCI Audit]\n    Vault[OCI Vault\\n(keys\/secrets patterns)]\n  end\n\n  Users --&gt;|HTTPS| LB --&gt; OKE\n  OKE --&gt;|TCP 5432| Pool --&gt;|TCP 5432| PG\n  Users --&gt;|SSH via Bastion| Bastion --&gt; OKE\n  OnPrem --&gt;|VPN\/FastConnect| Net\n\n  PG --&gt; Obs\n  OCI --&gt; Audit\n  Vault -. used by .-&gt; OKE\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Tenancy and account requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An active <strong>Oracle Cloud<\/strong> tenancy with permissions to create networking and database resources.<\/li>\n<li>A target <strong>compartment<\/strong> where you will create the DB system and supporting resources.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM roles<\/h3>\n\n\n\n<p>You need permissions to:\n&#8211; Manage networking (VCN, subnets, NSGs\/security lists) in the compartment\n&#8211; Create and manage OCI Database with PostgreSQL resources\n&#8211; Create a Compute instance or use OCI Bastion (for private connectivity)<\/p>\n\n\n\n<p><strong>Important<\/strong>: OCI IAM policy verbs and resource-family names are service-specific and can change. Use the official IAM policy reference for OCI Database with PostgreSQL and <strong>verify the exact resource type\/family names<\/strong> before applying.<\/p>\n\n\n\n<p>Example policy pattern (verify resource family name in official docs before use):<\/p>\n\n\n\n<pre><code class=\"language-text\">Allow group &lt;group-name&gt; to manage &lt;postgresql-resource-family&gt; in compartment &lt;compartment-name&gt;\nAllow group &lt;group-name&gt; to manage virtual-network-family in compartment &lt;compartment-name&gt;\nAllow group &lt;group-name&gt; to manage instance-family in compartment &lt;compartment-name&gt;\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A paid tenancy or billing method that supports provisioning database services.<\/li>\n<li>Ensure budget\/alerts are configured (OCI Budgets) to avoid surprises.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">CLI\/SDK\/tools needed (recommended)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI Console<\/strong> access<\/li>\n<li>Optional: <strong>OCI CLI<\/strong> (for listing resources, automation)<\/li>\n<li>Install guide: https:\/\/docs.oracle.com\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/li>\n<li>A PostgreSQL client:<\/li>\n<li><code>psql<\/code> installed locally or on a jump host\/Compute instance<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Not all OCI services are available in all regions. <strong>Verify OCI Database with PostgreSQL availability<\/strong> in your chosen region using the Oracle Cloud regions\/services list and the service documentation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas\/limits<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI enforces service limits (number of DB systems, cores, storage, etc.). Verify current limits in:<\/li>\n<li>OCI Console \u2192 Governance\/Administration \u2192 Limits, Quotas and Usage (naming may vary)<\/li>\n<li>Request limit increases if needed.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI Networking: VCN and subnet(s)<\/li>\n<li>Optional but recommended: OCI Bastion (for private admin access)<\/li>\n<li>OCI Compute instance in the same VCN (for running <code>psql<\/code> if your laptop cannot reach private subnets)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<blockquote>\n<p>Pricing changes over time and varies by region and possibly by configuration. Do not rely on blog posts for exact numbers. Use Oracle\u2019s official pricing pages and the cost estimator.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Official pricing references<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Oracle Cloud Pricing: https:\/\/www.oracle.com\/cloud\/price-list\/<\/li>\n<li>OCI Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html<br\/>\nSearch for <strong>\u201cOCI Database with PostgreSQL\u201d<\/strong> in the price list for the most accurate SKU dimensions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions (typical model)<\/h3>\n\n\n\n<p>While exact SKUs must be confirmed in official pricing, managed database services commonly charge for:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Compute<\/strong>: OCPU\/hour (or vCPU\/hour) for the DB system shape<\/li>\n<li><strong>Storage<\/strong>: provisioned GB-month for database storage<\/li>\n<li><strong>Backup storage<\/strong>: GB-month stored beyond any included allowance (if any)<\/li>\n<li><strong>Data transfer<\/strong>:\n   &#8211; Intra-VCN is typically not charged as internet egress, but verify OCI network pricing rules.\n   &#8211; Internet egress (public) and inter-region traffic can be significant cost drivers.<\/li>\n<li><strong>Additional capabilities<\/strong> (if applicable): HA options, additional nodes, replicas\u2014verify if offered and how billed.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier<\/h3>\n\n\n\n<p>Oracle Cloud has a Free Tier, but <strong>OCI Database with PostgreSQL Free Tier eligibility is not guaranteed<\/strong>. Verify in official Free Tier documentation and in the Console whether the service can be provisioned under your account without charges.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Primary cost drivers<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCPU size and hours<\/strong>: The largest driver in always-on production systems.<\/li>\n<li><strong>Provisioned storage<\/strong>: Growth over time, especially with large indexes and bloat.<\/li>\n<li><strong>Backups and retention<\/strong>: Long retention + large DBs increase backup storage costs.<\/li>\n<li><strong>Network egress<\/strong>: Data leaving OCI to the internet or other regions.<\/li>\n<li><strong>Environment sprawl<\/strong>: Multiple always-on dev\/stage DB systems.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden\/indirect costs to plan for<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Jump host \/ Bastion patterns<\/strong>: A Compute instance used for administration (unless using OCI Bastion without persistent instances).<\/li>\n<li><strong>Monitoring retention<\/strong>: Logging storage\/retention costs if you retain verbose logs.<\/li>\n<li><strong>Snapshots\/exports<\/strong>: If you export dumps to Object Storage for compliance.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Right-size the DB system compute based on measured utilization.<\/li>\n<li>Use <strong>short retention<\/strong> for dev\/test backups, longer retention for prod.<\/li>\n<li>Turn off or delete unused dev environments quickly (use tagging + scheduled cleanup).<\/li>\n<li>Keep DB traffic inside the VCN\/region where possible.<\/li>\n<li>Use connection pooling to avoid oversizing just to handle connection spikes.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (no fabricated numbers)<\/h3>\n\n\n\n<p>A typical low-cost lab environment often includes:\n&#8211; 1 small DB system shape (minimum OCPU supported)\n&#8211; Minimum storage size supported\n&#8211; Short backup retention\n&#8211; One small Compute instance as a client\/jump host (or OCI Bastion)<\/p>\n\n\n\n<p>Because exact SKUs vary, price it using the <strong>OCI Cost Estimator<\/strong> with your region, shape, storage, and backup retention.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations<\/h3>\n\n\n\n<p>In production, plan for:\n&#8211; Larger compute shape (or HA option if supported\/required)\n&#8211; More storage headroom (including indexes and growth)\n&#8211; Longer backup retention, and possibly cross-region DR patterns (if implemented at application level)\n&#8211; Monitoring\/logging ingestion and retention costs\n&#8211; Egress charges if serving customers across regions or exporting data regularly<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<p>Provision an <strong>OCI Database with PostgreSQL<\/strong> DB system in a private subnet on Oracle Cloud, connect to it securely from a Compute instance using <code>psql<\/code>, create a table, insert data, and verify results. Then clean up all resources to minimize cost.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will create:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>A VCN with:\n   &#8211; One <strong>private subnet<\/strong> for the database\n   &#8211; One <strong>private subnet<\/strong> (or public subnet) for a client Compute instance<\/li>\n<li>Network rules (NSG recommended) allowing PostgreSQL access only from the client subnet\/instance<\/li>\n<li>An <strong>OCI Database with PostgreSQL<\/strong> DB system<\/li>\n<li>A Compute instance with PostgreSQL client tools (<code>psql<\/code>)<\/li>\n<li>Validate connectivity and basic SQL operations<\/li>\n<li>Clean up<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected time<\/strong>: 60\u2013120 minutes<br\/>\n<strong>Cost note<\/strong>: Charges may apply while the DB system and Compute instance exist.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Create a compartment (recommended)<\/h3>\n\n\n\n<p><strong>Why<\/strong>: Compartment isolation makes IAM and cleanup easier.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In OCI Console, open the navigation menu \u2192 <strong>Identity &amp; Security<\/strong> \u2192 <strong>Compartments<\/strong>.<\/li>\n<li>Click <strong>Create Compartment<\/strong>.<\/li>\n<li>Name: <code>lab-postgres<\/code><\/li>\n<li>Click <strong>Create Compartment<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>: You have a dedicated compartment to hold all lab resources.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create a VCN with subnets<\/h3>\n\n\n\n<p>You can use the <strong>VCN Wizard<\/strong> for speed.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Networking<\/strong> \u2192 <strong>Virtual Cloud Networks<\/strong>.<\/li>\n<li>Ensure you are in the <code>lab-postgres<\/code> compartment.<\/li>\n<li>Click <strong>Start VCN Wizard<\/strong>.<\/li>\n<li>Choose a wizard option that creates a VCN with subnets (for example, \u201cVCN with Internet Connectivity\u201d if you want a public subnet, or a custom VCN if you want fully private patterns).<\/li>\n<li>Name the VCN: <code>vcn-lab-postgres<\/code><\/li>\n<li>Create:\n   &#8211; <code>subnet-db-private<\/code> (private)\n   &#8211; <code>subnet-client<\/code> (private or public depending on your access approach)<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>: VCN and subnets exist.<\/p>\n\n\n\n<p><strong>Practical guidance<\/strong>:\n&#8211; If you choose a <strong>private client subnet<\/strong>, you will typically need OCI Bastion or VPN\/FastConnect to reach the client host.\n&#8211; For a beginner lab, a <strong>public client subnet<\/strong> with strict SSH restrictions can be simpler, but is less secure.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Create a Network Security Group (NSG) for the database<\/h3>\n\n\n\n<p>Using NSGs is a clean way to restrict access.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Networking \u2192 Virtual Cloud Networks \u2192 <code>vcn-lab-postgres<\/code><\/li>\n<li>Click <strong>Network Security Groups<\/strong> \u2192 <strong>Create NSG<\/strong><\/li>\n<li>Name: <code>nsg-postgres-db<\/code><\/li>\n<li>Create another NSG for the client (optional but recommended):\n   &#8211; Name: <code>nsg-postgres-client<\/code><\/li>\n<\/ol>\n\n\n\n<p>Add NSG rules:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In <code>nsg-postgres-db<\/code>, add an <strong>Ingress Rule<\/strong>:<\/li>\n<li>Source type: <strong>NSG<\/strong><\/li>\n<li>Source NSG: <code>nsg-postgres-client<\/code><\/li>\n<li>IP protocol: <strong>TCP<\/strong><\/li>\n<li>Destination port: <code>5432<\/code><\/li>\n<li>Description: \u201cAllow PostgreSQL from client NSG\u201d<\/li>\n<\/ul>\n\n\n\n<p><strong>Expected outcome<\/strong>: Only instances in the client NSG can connect to the DB on port 5432.<\/p>\n\n\n\n<p><strong>If your service uses a different default port<\/strong>: use the port defined in the DB system details (verify in Console once created).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Provision the OCI Database with PostgreSQL DB system<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Navigate to <strong>Databases<\/strong> (or <strong>Oracle Database<\/strong> section) and locate <strong>OCI Database with PostgreSQL<\/strong> in the Console. The exact menu location can vary\u2014use Console search for \u201cPostgreSQL\u201d.<\/li>\n<li>Click <strong>Create DB System<\/strong> (wording may differ).<\/li>\n<li>Select:\n   &#8211; Compartment: <code>lab-postgres<\/code>\n   &#8211; VCN: <code>vcn-lab-postgres<\/code>\n   &#8211; Subnet: <code>subnet-db-private<\/code>\n   &#8211; NSG: <code>nsg-postgres-db<\/code><\/li>\n<li>Choose:\n   &#8211; PostgreSQL version (select what is offered; <strong>verify supported versions<\/strong>)\n   &#8211; Shape (choose the smallest suitable for lab)\n   &#8211; Storage (minimum allowed)<\/li>\n<li>Set admin credentials:\n   &#8211; Admin username (as allowed by the service)\n   &#8211; Admin password (store securely)<\/li>\n<li>Configure backups\/maintenance:\n   &#8211; Enable backups if available by default; set minimal retention for lab\n   &#8211; Set a maintenance window if the service supports it<\/li>\n<\/ol>\n\n\n\n<p>Click <strong>Create<\/strong>.<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>:\n&#8211; DB system enters <strong>Provisioning<\/strong> state.\n&#8211; After several minutes, it becomes <strong>Available\/Active<\/strong> (state names vary).\n&#8211; You will have a private endpoint (IP\/hostname) in the DB system details.<\/p>\n\n\n\n<p><strong>Verification<\/strong>:\n&#8211; Open the DB system details page and note:\n  &#8211; Endpoint hostname\/IP\n  &#8211; Port\n  &#8211; Database name (if shown)\n  &#8211; OCID (for audit\/tracking)<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Create a Compute instance to run <code>psql<\/code><\/h3>\n\n\n\n<p>Create a small Linux VM that can reach the private DB subnet.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Compute<\/strong> \u2192 <strong>Instances<\/strong> \u2192 <strong>Create instance<\/strong><\/li>\n<li>Name: <code>vm-psql-client<\/code><\/li>\n<li>Compartment: <code>lab-postgres<\/code><\/li>\n<li>Placement: same region\/VCN<\/li>\n<li>Networking:\n   &#8211; VCN: <code>vcn-lab-postgres<\/code>\n   &#8211; Subnet: <code>subnet-client<\/code>\n   &#8211; NSG: <code>nsg-postgres-client<\/code><\/li>\n<li>SSH keys: upload your public key<\/li>\n<li>Create the instance.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>: Instance becomes <strong>Running<\/strong> and has:\n&#8211; Private IP\n&#8211; Public IP (only if subnet is public and you assigned one)<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Install PostgreSQL client tools (<code>psql<\/code>) on the VM<\/h3>\n\n\n\n<p>SSH to the VM:<\/p>\n\n\n\n<pre><code class=\"language-bash\">ssh -i &lt;path-to-private-key&gt; opc@&lt;VM_PUBLIC_IP&gt;\n<\/code><\/pre>\n\n\n\n<p>Install <code>psql<\/code>. Commands vary by OS image:<\/p>\n\n\n\n<p><strong>Oracle Linux \/ RHEL-like<\/strong> (package names differ; verify repos):<\/p>\n\n\n\n<pre><code class=\"language-bash\">sudo dnf -y install postgresql\npsql --version\n<\/code><\/pre>\n\n\n\n<p><strong>Ubuntu\/Debian<\/strong>:<\/p>\n\n\n\n<pre><code class=\"language-bash\">sudo apt-get update\nsudo apt-get -y install postgresql-client\npsql --version\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>: <code>psql --version<\/code> prints a version string.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7: Connect to OCI Database with PostgreSQL<\/h3>\n\n\n\n<p>From the VM, connect using the DB endpoint:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export PGHOST=\"&lt;DB_PRIVATE_ENDPOINT_OR_HOSTNAME&gt;\"\nexport PGPORT=\"5432\"\nexport PGUSER=\"&lt;ADMIN_USERNAME&gt;\"\nexport PGDATABASE=\"&lt;DB_NAME_IF_REQUIRED&gt;\"\npsql\n<\/code><\/pre>\n\n\n\n<p>If prompted, enter the password.<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>: You get a <code>psql<\/code> prompt, similar to:<\/p>\n\n\n\n<pre><code class=\"language-text\">psql (xx.x)\nType \"help\" for help.\n\nPGDATABASE=&gt;\n<\/code><\/pre>\n\n\n\n<p><strong>If connection fails<\/strong>, proceed to Troubleshooting below.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 8: Create a schema and table, then insert data<\/h3>\n\n\n\n<p>In <code>psql<\/code>, run:<\/p>\n\n\n\n<pre><code class=\"language-sql\">CREATE SCHEMA IF NOT EXISTS lab;\n\nCREATE TABLE IF NOT EXISTS lab.todos (\n  id bigserial PRIMARY KEY,\n  title text NOT NULL,\n  done boolean NOT NULL DEFAULT false,\n  created_at timestamptz NOT NULL DEFAULT now()\n);\n\nINSERT INTO lab.todos (title) VALUES\n  ('connect to OCI Database with PostgreSQL'),\n  ('create a table'),\n  ('validate insert\/select');\n\nSELECT * FROM lab.todos ORDER BY id;\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>: You see 3 rows returned.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 9: Create a least-privilege app user (recommended)<\/h3>\n\n\n\n<p>Still in <code>psql<\/code>, create an application role:<\/p>\n\n\n\n<pre><code class=\"language-sql\">CREATE ROLE app_user LOGIN PASSWORD 'REPLACE_WITH_STRONG_PASSWORD';\n\nGRANT USAGE ON SCHEMA lab TO app_user;\nGRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA lab TO app_user;\n\nALTER DEFAULT PRIVILEGES IN SCHEMA lab\nGRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO app_user;\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>: <code>app_user<\/code> can access only the <code>lab<\/code> schema tables (as granted).<\/p>\n\n\n\n<p><strong>Verify<\/strong> by reconnecting:<\/p>\n\n\n\n<pre><code class=\"language-bash\">psql \"host=$PGHOST port=$PGPORT dbname=$PGDATABASE user=app_user password=REPLACE_WITH_STRONG_PASSWORD sslmode=require\"\n<\/code><\/pre>\n\n\n\n<p>Then:<\/p>\n\n\n\n<pre><code class=\"language-sql\">SELECT count(*) FROM lab.todos;\n<\/code><\/pre>\n\n\n\n<p><strong>Note<\/strong>: <code>sslmode=require<\/code> is a common PostgreSQL client setting. Whether TLS is required\/available depends on service configuration\u2014verify in OCI docs for OCI Database with PostgreSQL.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>Use this checklist:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>DB system state<\/strong> in Console is Available\/Active.<\/li>\n<li>From the VM:\n   &#8211; <code>nc -vz &lt;DB_ENDPOINT&gt; 5432<\/code> (if <code>nc<\/code> is installed) connects successfully:\n     <code>bash\n     nc -vz \"$PGHOST\" \"$PGPORT\"<\/code><\/li>\n<li><code>psql<\/code> connection succeeds with admin user.<\/li>\n<li>Table creation and insert\/select work.<\/li>\n<li>App user has limited access.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: \u201cconnection timed out\u201d or \u201cno route to host\u201d<\/h4>\n\n\n\n<p>Likely network path is blocked.<\/p>\n\n\n\n<p>Check:\n&#8211; DB and VM are in the <strong>same VCN<\/strong> (or connected VCNs with routing).\n&#8211; NSG rule allows inbound TCP 5432 from <code>nsg-postgres-client<\/code> to <code>nsg-postgres-db<\/code>.\n&#8211; Subnet route tables and security lists are not blocking.\n&#8211; You used the <strong>private endpoint<\/strong> (if DB is private-only).<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: \u201cpassword authentication failed\u201d<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Verify username\/password.<\/li>\n<li>Confirm you\u2019re using the correct database name if required.<\/li>\n<li>If you rotated credentials, ensure you updated environment variables.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: \u201cpsql: command not found\u201d<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install the PostgreSQL client package for your OS.<\/li>\n<li>Verify PATH.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: TLS\/SSL errors<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If you used <code>sslmode=require<\/code>, try <code>sslmode=prefer<\/code> to test behavior.<\/li>\n<li>Confirm service TLS requirements in official docs; do not disable TLS in production without a documented risk acceptance.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid ongoing charges, delete resources in reverse order:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Delete the <strong>Compute instance<\/strong> <code>vm-psql-client<\/code>.<\/li>\n<li>Delete the <strong>OCI Database with PostgreSQL DB system<\/strong> (confirm backup retention implications).<\/li>\n<li>Delete NSGs (<code>nsg-postgres-db<\/code>, <code>nsg-postgres-client<\/code>).<\/li>\n<li>Delete the VCN <code>vcn-lab-postgres<\/code> (wizard-created resources may include gateways and route tables).<\/li>\n<li>Optionally delete the compartment <code>lab-postgres<\/code> (only if it contains nothing else).<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>: No billable lab resources remain.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Put the database in a <strong>private subnet<\/strong> with no public IP.<\/li>\n<li>Keep application and database tiers in the <strong>same region<\/strong> to minimize latency and cost.<\/li>\n<li>Use <strong>separate subnets<\/strong> for app and data tiers; apply distinct NSGs.<\/li>\n<li>Consider a <strong>connection pooler<\/strong> (e.g., PgBouncer on Compute\/OKE) for workloads with many short-lived connections (verify supportability and design carefully).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>compartments<\/strong> to isolate environments (dev\/stage\/prod).<\/li>\n<li>Grant least privilege:<\/li>\n<li>Separate \u201cDB system admins\u201d from \u201cnetwork admins\u201d where possible.<\/li>\n<li>Use OCI <strong>tags<\/strong> (defined tags) for ownership and lifecycle:<\/li>\n<li><code>env=dev|stage|prod<\/code><\/li>\n<li><code>owner=team-name<\/code><\/li>\n<li><code>cost-center=...<\/code><\/li>\n<li>Enable and regularly review <strong>OCI Audit<\/strong> events for database resource changes.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Right-size compute and storage; avoid oversized always-on instances for dev.<\/li>\n<li>Use budgets and alerts.<\/li>\n<li>Reduce backup retention for non-production.<\/li>\n<li>Delete old DB systems; don\u2019t keep abandoned environments running.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use proper indexing and query planning (standard PostgreSQL best practices).<\/li>\n<li>Track connection counts; use pooling if needed.<\/li>\n<li>Plan for storage growth and vacuum behavior (bloat is a common PostgreSQL cost\/perf issue).<\/li>\n<li>Benchmark with production-like data and queries.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Define RPO\/RTO targets and confirm what the service provides vs what you must implement.<\/li>\n<li>Test restore procedures regularly (backup != recovery until tested).<\/li>\n<li>Use application-level resilience:<\/li>\n<li>Retries with jitter<\/li>\n<li>Connection re-establishment after failover\/maintenance events<\/li>\n<li>Consider DR patterns (e.g., periodic logical backups to Object Storage) based on business requirements\u2014verify service-native DR options if available.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create alarms for:<\/li>\n<li>Storage utilization thresholds<\/li>\n<li>CPU saturation<\/li>\n<li>Connection limits<\/li>\n<li>Replication\/HA health if relevant and exposed (verify)<\/li>\n<li>Centralize logs and define retention aligned with compliance.<\/li>\n<li>Maintain runbooks for:<\/li>\n<li>Restore<\/li>\n<li>Credential rotation<\/li>\n<li>Performance incidents<\/li>\n<li>Planned maintenance<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Naming convention example:<\/li>\n<li><code>pg-&lt;app&gt;-&lt;env&gt;-&lt;region&gt;-01<\/code><\/li>\n<li>Enforce tagging via governance policies where possible.<\/li>\n<li>Track resource ownership and on-call rotation mapping.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI IAM<\/strong> controls who can create, modify, and delete DB systems and related resources.<\/li>\n<li><strong>Database roles<\/strong> control who can access schemas\/tables and what SQL operations they can run.<\/li>\n<li>Keep these separate:<\/li>\n<li>Cloud admins (IAM)<\/li>\n<li>DB admins (PostgreSQL roles)<\/li>\n<li>App users (least privilege)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>In transit<\/strong>: Prefer TLS connections from clients to PostgreSQL. Verify how OCI Database with PostgreSQL manages server certificates and how to enforce TLS.<\/li>\n<li><strong>At rest<\/strong>: Managed services typically encrypt storage at rest. Verify encryption guarantees and whether customer-managed keys (CMK) via OCI Vault are supported.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Avoid public endpoints for databases whenever possible.<\/li>\n<li>Restrict inbound database port access to:<\/li>\n<li>App subnet CIDRs<\/li>\n<li>Specific NSGs (preferred)<\/li>\n<li>VPN\/FastConnect CIDRs for corporate access<\/li>\n<li>Use OCI Bastion for administrative access to private networks.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do not store DB passwords in code or container images.<\/li>\n<li>Use a secret manager pattern:<\/li>\n<li>OCI Vault Secrets (common OCI approach)<\/li>\n<li>Kubernetes secrets with envelope encryption (if on OKE)<\/li>\n<li>Rotate credentials periodically and after incidents.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable <strong>OCI Audit<\/strong> by default (OCI records many API events automatically; verify your tenancy\u2019s audit configuration).<\/li>\n<li>Log database access appropriately (within PostgreSQL logging capabilities exposed by the service\u2014verify).<\/li>\n<li>Forward logs to a SIEM if required.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Validate:<\/li>\n<li>Data residency (region)<\/li>\n<li>Retention (backups\/logs)<\/li>\n<li>Encryption requirements<\/li>\n<li>Access review and least privilege<\/li>\n<li>Use compartments and policies to align with compliance boundaries.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Allowing <code>0.0.0.0\/0<\/code> inbound to port 5432.<\/li>\n<li>Using the admin DB user for applications.<\/li>\n<li>No monitoring\/alerts for storage growth or suspicious changes.<\/li>\n<li>Not testing restore procedures.<\/li>\n<li>Exposing database endpoints to public subnets unnecessarily.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Private subnet + NSG allow-listing<\/li>\n<li>Bastion or VPN\/FastConnect access<\/li>\n<li>Separate admin vs application DB roles<\/li>\n<li>Enforced TLS where supported<\/li>\n<li>Regular backup restore tests<\/li>\n<li>Tagged resources + budgets + audit reviews<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<blockquote>\n<p>Treat this section as a checklist of common managed-PostgreSQL constraints. Confirm the exact behavior of OCI Database with PostgreSQL in the official docs for your region\/version.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Known limitations (typical for managed PostgreSQL)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Restricted superuser privileges<\/strong>: Managed services often limit <code>SUPERUSER<\/code> and OS-level operations.<\/li>\n<li><strong>Extension support<\/strong>: Not all PostgreSQL extensions may be available.<\/li>\n<li><strong>Parameter constraints<\/strong>: Some <code>postgresql.conf<\/code> settings may be locked or require a service workflow to change.<\/li>\n<li><strong>Maintenance events<\/strong>: Patching may require restarts or brief downtime.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas and limits<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Max number of DB systems per region\/compartment<\/li>\n<li>Max OCPU and storage per DB system<\/li>\n<li>Connection limits based on instance resources<\/li>\n<li>Backup retention constraints<\/li>\n<\/ul>\n\n\n\n<p>Check OCI limits in Console and request increases if needed.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Regional constraints<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Service may not be available in every OCI region.<\/li>\n<li>Certain features may roll out region-by-region.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing surprises<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Backup storage accumulation (long retention + large databases)<\/li>\n<li>Egress costs for exporting data or cross-region replication patterns<\/li>\n<li>Over-provisioned compute kept running in dev\/stage<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compatibility issues<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>PostgreSQL version differences compared to your source system<\/li>\n<li>Extensions required by your application not supported<\/li>\n<li>Differences in default parameter values<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational gotchas<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Misconfigured NSGs\/security lists causing intermittent connectivity<\/li>\n<li>DNS\/private hostname resolution issues between subnets\/VCNs<\/li>\n<li>Connection storms from serverless or autoscaled app tiers without pooling<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Migration challenges<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Large migrations require careful planning:<\/li>\n<li>Logical dump\/restore time<\/li>\n<li>Cutover windows<\/li>\n<li>Data validation<\/li>\n<li>Consider tooling (pg_dump\/pg_restore, logical replication, etc.) and confirm what\u2019s supported in the managed environment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Vendor-specific nuances<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI compartment\/IAM model is powerful but can be unfamiliar.<\/li>\n<li>Resource deletion can be blocked by dependencies (NSGs, VCN components).<\/li>\n<li>Naming and navigation in the OCI Console varies by service maturity\u2014use Console search when in doubt.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Nearest services in Oracle Cloud<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Oracle Autonomous Database<\/strong>: Managed Oracle database with automation; not PostgreSQL, but sometimes considered if you want Oracle-managed relational with strong automation and Oracle features.<\/li>\n<li><strong>Oracle Database Cloud Service \/ Exadata Database Service<\/strong>: Oracle Database (not PostgreSQL) for enterprise Oracle workloads.<\/li>\n<li><strong>HeatWave MySQL<\/strong>: Managed MySQL (not PostgreSQL), often used when MySQL compatibility is required.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Similar services in other clouds<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AWS RDS for PostgreSQL<\/strong><\/li>\n<li><strong>Azure Database for PostgreSQL<\/strong><\/li>\n<li><strong>Google Cloud SQL for PostgreSQL<\/strong><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Open-source \/ self-managed alternatives<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>PostgreSQL on OCI Compute (VMs) with self-managed replication, backups, and monitoring.<\/li>\n<li>PostgreSQL on Kubernetes (stateful sets) \u2014 generally higher ops burden and risk unless you have strong platform maturity.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Comparison table<\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>OCI Database with PostgreSQL<\/strong><\/td>\n<td>Teams wanting managed PostgreSQL on Oracle Cloud<\/td>\n<td>OCI-native networking\/IAM, reduced ops, standard PostgreSQL tooling<\/td>\n<td>Managed constraints (extensions\/parameters), feature set varies by region<\/td>\n<td>You run apps on OCI and want managed PostgreSQL<\/td>\n<\/tr>\n<tr>\n<td>PostgreSQL on OCI Compute (self-managed)<\/td>\n<td>Full control workloads<\/td>\n<td>Full OS\/db control, any extensions, custom HA<\/td>\n<td>High ops burden, patching\/backup\/HA are your job<\/td>\n<td>You need capabilities not supported by managed service<\/td>\n<\/tr>\n<tr>\n<td>Oracle Autonomous Database<\/td>\n<td>Highly automated Oracle DB workloads<\/td>\n<td>Strong automation, performance features (Oracle)<\/td>\n<td>Not PostgreSQL; migration may be non-trivial<\/td>\n<td>You can use Oracle DB and want maximum automation<\/td>\n<\/tr>\n<tr>\n<td>HeatWave MySQL<\/td>\n<td>MySQL workloads + analytics acceleration<\/td>\n<td>MySQL compatibility, integrated analytics patterns<\/td>\n<td>Not PostgreSQL<\/td>\n<td>You need MySQL or HeatWave features<\/td>\n<\/tr>\n<tr>\n<td>AWS RDS\/Azure DB\/GCP Cloud SQL for PostgreSQL<\/td>\n<td>Multi-cloud or other-cloud-first orgs<\/td>\n<td>Mature ecosystems, integrated services<\/td>\n<td>Different IAM\/networking models; cross-cloud latency if apps on OCI<\/td>\n<td>Your apps are primarily in those clouds<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: Internal platform standardizes PostgreSQL for application teams<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: A large enterprise has dozens of teams running PostgreSQL on VMs with inconsistent patching, backups, and security controls.<\/li>\n<li><strong>Proposed architecture<\/strong>:<\/li>\n<li>Each business unit gets its own OCI compartment.<\/li>\n<li>OCI Database with PostgreSQL DB systems deployed into private subnets.<\/li>\n<li>Access via NSGs; admin access via OCI Bastion.<\/li>\n<li>Centralized monitoring\/logging; budgets per compartment.<\/li>\n<li>CI\/CD uses Terraform to provision DB systems and app schemas (where appropriate).<\/li>\n<li><strong>Why this service was chosen<\/strong>:<\/li>\n<li>Standard managed PostgreSQL with OCI governance controls (IAM, compartments, audit).<\/li>\n<li>Reduced operational variability and faster provisioning for teams.<\/li>\n<li><strong>Expected outcomes<\/strong>:<\/li>\n<li>Improved security posture (private networking, least privilege)<\/li>\n<li>Consistent backup policies and restore tests<\/li>\n<li>Lower operational toil and fewer outages caused by patching drift<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: SaaS MVP needs reliable relational storage<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: A startup building an MVP needs PostgreSQL quickly, without hiring a DBA.<\/li>\n<li><strong>Proposed architecture<\/strong>:<\/li>\n<li>One OCI Database with PostgreSQL instance in a private subnet.<\/li>\n<li>App hosted on OCI Compute or OKE.<\/li>\n<li>Connection pooling to handle spiky traffic.<\/li>\n<li>Automated backups enabled; basic monitoring alarms configured.<\/li>\n<li><strong>Why this service was chosen<\/strong>:<\/li>\n<li>Fast setup, managed operations, and predictable connectivity in OCI.<\/li>\n<li><strong>Expected outcomes<\/strong>:<\/li>\n<li>Faster shipping with fewer operational tasks<\/li>\n<li>Reasonable baseline security without complex infrastructure<\/li>\n<li>Clear upgrade path as traffic grows (scale shape\/storage; verify scaling capabilities)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<p>1) <strong>Is OCI Database with PostgreSQL \u201creal PostgreSQL\u201d?<\/strong><br\/>\nIt is designed to provide PostgreSQL databases as a managed service. Version support and extension availability vary\u2014verify supported PostgreSQL versions and extensions in the official docs.<\/p>\n\n\n\n<p>2) <strong>Do I get superuser access?<\/strong><br\/>\nManaged database services typically restrict superuser and OS access. Verify the privilege model and allowed extensions\/parameters in the OCI docs.<\/p>\n\n\n\n<p>3) <strong>Can I deploy the database with no public internet exposure?<\/strong><br\/>\nYes, by placing the DB system in a private subnet and restricting access with NSGs\/security lists. This is the recommended approach for production.<\/p>\n\n\n\n<p>4) <strong>How do backups work?<\/strong><br\/>\nThe service generally provides automated backups and restore options. Confirm backup schedule, retention, costs, and restore types (full vs point-in-time) in the official docs.<\/p>\n\n\n\n<p>5) <strong>Can I use TLS to encrypt connections?<\/strong><br\/>\nTLS is a common requirement for production. Verify how OCI Database with PostgreSQL handles certificates and whether TLS is enforced by default or configurable.<\/p>\n\n\n\n<p>6) <strong>What monitoring is available?<\/strong><br\/>\nOCI Monitoring typically provides metrics and alarms. Verify which PostgreSQL-specific metrics are exposed (connections, storage, CPU, etc.).<\/p>\n\n\n\n<p>7) <strong>How do I connect from on-premises?<\/strong><br\/>\nUse OCI VPN or FastConnect into the VCN, then allow traffic from on-prem CIDRs\/NSGs to the DB port.<\/p>\n\n\n\n<p>8) <strong>Is it suitable for production OLTP?<\/strong><br\/>\nYes, if the service meets your HA, backup, and performance requirements. Validate RPO\/RTO, maintenance behavior, and scaling constraints.<\/p>\n\n\n\n<p>9) <strong>Can I run read replicas?<\/strong><br\/>\nReplica support is service-specific. Verify whether OCI Database with PostgreSQL supports read replicas, how many, and billing.<\/p>\n\n\n\n<p>10) <strong>Can I scale compute and storage?<\/strong><br\/>\nManaged services often allow scaling, but the method (online vs requiring restart) varies. Verify supported scaling operations and downtime expectations.<\/p>\n\n\n\n<p>11) <strong>How do I manage migrations into OCI Database with PostgreSQL?<\/strong><br\/>\nCommon approaches include <code>pg_dump\/pg_restore<\/code> or logical replication-based migration. Confirm compatibility constraints (extensions, roles) before migrating.<\/p>\n\n\n\n<p>12) <strong>What is the shared responsibility model here?<\/strong><br\/>\nOCI manages infrastructure and service operations defined by the product; you manage schema design, queries, access roles, data correctness, and application-side resilience.<\/p>\n\n\n\n<p>13) <strong>How do I restrict who can create\/modify DB systems?<\/strong><br\/>\nUse OCI IAM policies and compartments. Define separate groups for database admins vs network admins and follow least privilege.<\/p>\n\n\n\n<p>14) <strong>Does it support private DNS?<\/strong><br\/>\nOCI provides private DNS capabilities in VCNs. Whether the DB system provides a private hostname or IP-only endpoint may vary\u2014verify in your DB system details.<\/p>\n\n\n\n<p>15) <strong>How do I avoid runaway costs in dev\/test?<\/strong><br\/>\nUse small shapes, minimal storage, short retention, budgets\/alerts, and automatic cleanup of unused environments.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn OCI Database with PostgreSQL<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official documentation<\/td>\n<td>OCI Database with PostgreSQL docs (search landing) \u2013 https:\/\/docs.oracle.com\/iaas\/<\/td>\n<td>Primary source for features, limits, networking, backups, and operations (use site search for \u201cOCI Database with PostgreSQL\u201d).<\/td>\n<\/tr>\n<tr>\n<td>Official product page<\/td>\n<td>Oracle Cloud PostgreSQL service page \u2013 https:\/\/www.oracle.com\/cloud\/database\/postgresql\/<\/td>\n<td>High-level overview, positioning, and links to docs.<\/td>\n<\/tr>\n<tr>\n<td>Official pricing page<\/td>\n<td>Oracle Cloud Price List \u2013 https:\/\/www.oracle.com\/cloud\/price-list\/<\/td>\n<td>Authoritative SKU pricing by region\/service; search for \u201cOCI Database with PostgreSQL\u201d.<\/td>\n<\/tr>\n<tr>\n<td>Pricing calculator<\/td>\n<td>OCI Cost Estimator \u2013 https:\/\/www.oracle.com\/cloud\/costestimator.html<\/td>\n<td>Build a region-accurate estimate without guessing.<\/td>\n<\/tr>\n<tr>\n<td>CLI documentation<\/td>\n<td>OCI CLI install and use \u2013 https:\/\/docs.oracle.com\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/td>\n<td>Automate provisioning and operations via CLI where supported.<\/td>\n<\/tr>\n<tr>\n<td>Architecture center<\/td>\n<td>OCI Architecture Center \u2013 https:\/\/docs.oracle.com\/solutions\/<\/td>\n<td>Reference architectures for networking, HA patterns, observability, and security controls.<\/td>\n<\/tr>\n<tr>\n<td>Security best practices<\/td>\n<td>OCI Security documentation \u2013 https:\/\/docs.oracle.com\/iaas\/Content\/Security\/Concepts\/security.htm<\/td>\n<td>Guidance on IAM, network security, encryption, and operational controls.<\/td>\n<\/tr>\n<tr>\n<td>Observability<\/td>\n<td>OCI Monitoring overview \u2013 https:\/\/docs.oracle.com\/iaas\/Content\/Monitoring\/Concepts\/monitoringoverview.htm<\/td>\n<td>Learn metrics, alarms, and operational monitoring patterns.<\/td>\n<\/tr>\n<tr>\n<td>Auditing<\/td>\n<td>OCI Audit overview \u2013 https:\/\/docs.oracle.com\/iaas\/Content\/Audit\/Concepts\/auditoverview.htm<\/td>\n<td>Track API actions for governance and investigations.<\/td>\n<\/tr>\n<tr>\n<td>Tutorials\/labs<\/td>\n<td>Oracle Cloud tutorials \u2013 https:\/\/www.oracle.com\/cloud\/cloud-native\/tutorials\/<\/td>\n<td>Hands-on labs; verify PostgreSQL-specific labs availability.<\/td>\n<\/tr>\n<tr>\n<td>Community learning<\/td>\n<td>Oracle Cloud Infrastructure blog \u2013 https:\/\/blogs.oracle.com\/cloud-infrastructure\/<\/td>\n<td>Product updates and practical guides; validate details against docs.<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>DevOpsSchool.com<\/strong><br\/>\n&#8211; <strong>Suitable audience<\/strong>: DevOps engineers, SREs, platform teams, developers<br\/>\n&#8211; <strong>Likely learning focus<\/strong>: Cloud operations, DevOps practices, automation; may include Oracle Cloud and database operations topics (verify course catalog)<br\/>\n&#8211; <strong>Mode<\/strong>: Check website<br\/>\n&#8211; <strong>Website<\/strong>: https:\/\/www.devopsschool.com\/<\/p>\n<\/li>\n<li>\n<p><strong>ScmGalaxy.com<\/strong><br\/>\n&#8211; <strong>Suitable audience<\/strong>: DevOps\/SCM practitioners, build\/release engineers<br\/>\n&#8211; <strong>Likely learning focus<\/strong>: CI\/CD, SCM, automation, operations foundations (verify current offerings)<br\/>\n&#8211; <strong>Mode<\/strong>: Check website<br\/>\n&#8211; <strong>Website<\/strong>: https:\/\/www.scmgalaxy.com\/<\/p>\n<\/li>\n<li>\n<p><strong>CLoudOpsNow.in<\/strong><br\/>\n&#8211; <strong>Suitable audience<\/strong>: Cloud engineers, operations teams<br\/>\n&#8211; <strong>Likely learning focus<\/strong>: Cloud operations, reliability, monitoring, cost basics (verify catalog)<br\/>\n&#8211; <strong>Mode<\/strong>: Check website<br\/>\n&#8211; <strong>Website<\/strong>: https:\/\/cloudopsnow.in\/<\/p>\n<\/li>\n<li>\n<p><strong>SreSchool.com<\/strong><br\/>\n&#8211; <strong>Suitable audience<\/strong>: SREs, production engineers, platform engineering teams<br\/>\n&#8211; <strong>Likely learning focus<\/strong>: Reliability engineering, incident response, observability (verify catalog)<br\/>\n&#8211; <strong>Mode<\/strong>: Check website<br\/>\n&#8211; <strong>Website<\/strong>: https:\/\/sreschool.com\/<\/p>\n<\/li>\n<li>\n<p><strong>AiOpsSchool.com<\/strong><br\/>\n&#8211; <strong>Suitable audience<\/strong>: Operations teams, SREs, monitoring\/observability engineers<br\/>\n&#8211; <strong>Likely learning focus<\/strong>: AIOps concepts, monitoring analytics, operations automation (verify catalog)<br\/>\n&#8211; <strong>Mode<\/strong>: Check website<br\/>\n&#8211; <strong>Website<\/strong>: https:\/\/aiopsschool.com\/<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>RajeshKumar.xyz<\/strong><br\/>\n&#8211; <strong>Likely specialization<\/strong>: DevOps\/cloud guidance and training resources (verify current scope)<br\/>\n&#8211; <strong>Suitable audience<\/strong>: Beginners to intermediate engineers<br\/>\n&#8211; <strong>Website<\/strong>: https:\/\/rajeshkumar.xyz\/<\/p>\n<\/li>\n<li>\n<p><strong>devopstrainer.in<\/strong><br\/>\n&#8211; <strong>Likely specialization<\/strong>: DevOps tooling, CI\/CD, cloud fundamentals (verify offerings)<br\/>\n&#8211; <strong>Suitable audience<\/strong>: DevOps engineers and students<br\/>\n&#8211; <strong>Website<\/strong>: https:\/\/www.devopstrainer.in\/<\/p>\n<\/li>\n<li>\n<p><strong>devopsfreelancer.com<\/strong><br\/>\n&#8211; <strong>Likely specialization<\/strong>: Freelance DevOps consulting\/training platform (verify current services)<br\/>\n&#8211; <strong>Suitable audience<\/strong>: Teams seeking hands-on guidance<br\/>\n&#8211; <strong>Website<\/strong>: https:\/\/www.devopsfreelancer.com\/<\/p>\n<\/li>\n<li>\n<p><strong>devopssupport.in<\/strong><br\/>\n&#8211; <strong>Likely specialization<\/strong>: DevOps support and operational troubleshooting (verify scope)<br\/>\n&#8211; <strong>Suitable audience<\/strong>: Operations teams needing practical help<br\/>\n&#8211; <strong>Website<\/strong>: https:\/\/www.devopssupport.in\/<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>cotocus.com<\/strong><br\/>\n&#8211; <strong>Likely service area<\/strong>: Cloud\/DevOps consulting (verify exact practice areas)<br\/>\n&#8211; <strong>Where they may help<\/strong>: Cloud architecture, migrations, operational readiness<br\/>\n&#8211; <strong>Consulting use case examples<\/strong>: Designing VCN + private DB connectivity; setting up monitoring\/alerts; implementing IaC pipelines<br\/>\n&#8211; <strong>Website<\/strong>: https:\/\/cotocus.com\/<\/p>\n<\/li>\n<li>\n<p><strong>DevOpsSchool.com<\/strong><br\/>\n&#8211; <strong>Likely service area<\/strong>: DevOps and cloud consulting\/training services (verify offerings)<br\/>\n&#8211; <strong>Where they may help<\/strong>: Platform engineering practices, CI\/CD, operational processes<br\/>\n&#8211; <strong>Consulting use case examples<\/strong>: Building standardized environment provisioning; governance\/tagging; SRE runbooks<br\/>\n&#8211; <strong>Website<\/strong>: https:\/\/www.devopsschool.com\/<\/p>\n<\/li>\n<li>\n<p><strong>DEVOPSCONSULTING.IN<\/strong><br\/>\n&#8211; <strong>Likely service area<\/strong>: DevOps consulting services (verify scope)<br\/>\n&#8211; <strong>Where they may help<\/strong>: Automation, deployment pipelines, monitoring and incident response<br\/>\n&#8211; <strong>Consulting use case examples<\/strong>: Database connectivity patterns for OKE; secure admin access via Bastion; cost governance for dev\/test environments<br\/>\n&#8211; <strong>Website<\/strong>: https:\/\/devopsconsulting.in\/<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before OCI Database with PostgreSQL<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>PostgreSQL fundamentals:<\/li>\n<li>SQL, indexes, transactions, isolation<\/li>\n<li>Roles and privileges<\/li>\n<li>Backup\/restore concepts (logical vs physical)<\/li>\n<li>OCI fundamentals:<\/li>\n<li>Compartments, IAM users\/groups\/policies<\/li>\n<li>VCNs, subnets, route tables, NSGs\/security lists<\/li>\n<li>Basic observability: Monitoring, Logging, Audit<\/li>\n<li>Linux basics for client\/jump host operations:<\/li>\n<li>SSH, package managers, networking tools (<code>nc<\/code>, <code>dig<\/code>, <code>curl<\/code>)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Advanced PostgreSQL operations:<\/li>\n<li>Query tuning, <code>EXPLAIN<\/code>, indexing strategies<\/li>\n<li>Autovacuum tuning and bloat management<\/li>\n<li>Reliability engineering:<\/li>\n<li>RPO\/RTO design and restore testing<\/li>\n<li>Incident response and runbooks<\/li>\n<li>Infrastructure as Code:<\/li>\n<li>Terraform for OCI (verify provider support for OCI Database with PostgreSQL resources)<\/li>\n<li>Security hardening:<\/li>\n<li>Secret management patterns with OCI Vault<\/li>\n<li>Network segmentation and zero-trust approaches<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud Engineer \/ Cloud Administrator (OCI)<\/li>\n<li>DevOps Engineer \/ Platform Engineer<\/li>\n<li>Site Reliability Engineer (SRE)<\/li>\n<li>Database Engineer (PostgreSQL)<\/li>\n<li>Solutions Architect<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (if available)<\/h3>\n\n\n\n<p>Oracle certification offerings change. Verify current Oracle Cloud certification paths on the official Oracle certification site:\n&#8211; https:\/\/education.oracle.com\/certification<br\/>\nLook for OCI architect\/associate tracks and database-related training that aligns with managed database operations.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Build a 3-tier app on OCI (Compute\/OKE + OCI Database with PostgreSQL) with private networking.<\/li>\n<li>Implement automated provisioning with Terraform and enforce tagging\/budgets.<\/li>\n<li>Create a backup\/restore drill runbook and execute monthly restore tests in a staging environment.<\/li>\n<li>Add a connection pooler and measure effect on latency and connection counts.<\/li>\n<li>Migrate a sample dataset from self-managed PostgreSQL to OCI Database with PostgreSQL and validate data integrity.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AD (Availability Domain)<\/strong>: A physically isolated data center within an OCI region (availability model varies by region).<\/li>\n<li><strong>Compartment<\/strong>: OCI logical container for organizing and isolating resources for governance and access control.<\/li>\n<li><strong>DB system<\/strong>: The managed database deployment unit in OCI Database with PostgreSQL.<\/li>\n<li><strong>IAM (Identity and Access Management)<\/strong>: OCI service for authentication\/authorization via users, groups, dynamic groups, and policies.<\/li>\n<li><strong>NSG (Network Security Group)<\/strong>: Virtual firewall rules applied to VNICs\/resources for granular network access control.<\/li>\n<li><strong>Security List<\/strong>: Subnet-level firewall rules (older model than NSGs; still used).<\/li>\n<li><strong>VCN (Virtual Cloud Network)<\/strong>: Your private network in Oracle Cloud.<\/li>\n<li><strong>Private subnet<\/strong>: Subnet without direct inbound internet connectivity; typically no public IPs for resources.<\/li>\n<li><strong>Bastion<\/strong>: Managed service\/pattern for secure administrative access to private resources without exposing them publicly.<\/li>\n<li><strong>RPO<\/strong>: Recovery Point Objective\u2014maximum tolerable data loss measured in time.<\/li>\n<li><strong>RTO<\/strong>: Recovery Time Objective\u2014maximum tolerable downtime duration.<\/li>\n<li><strong>Egress<\/strong>: Outbound data transfer from OCI to the internet or other regions\/providers (can incur costs).<\/li>\n<li><strong>Least privilege<\/strong>: Security principle of granting only the minimum permissions needed.<\/li>\n<li><strong>Connection pooling<\/strong>: Reusing database connections to avoid overhead and reduce DB connection exhaustion.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>OCI Database with PostgreSQL is Oracle Cloud\u2019s managed PostgreSQL offering in the <strong>Data Management<\/strong> category. It provides a PostgreSQL endpoint backed by OCI-managed infrastructure, integrating with OCI networking, IAM, monitoring, and auditing so you can spend more time on data modeling and application development and less on host operations.<\/p>\n\n\n\n<p>It matters because it offers a practical middle ground: PostgreSQL compatibility and ecosystem with cloud-managed lifecycle workflows. The key cost drivers are always-on compute, provisioned storage, and backup retention; the key security controls are private subnet placement, NSG allow-listing, least-privilege IAM, and strong credential\/secret handling.<\/p>\n\n\n\n<p>Use OCI Database with PostgreSQL when you want managed PostgreSQL tightly integrated with Oracle Cloud. Avoid it when you need unrestricted superuser\/OS control or niche PostgreSQL features not supported by the managed service. Next, deepen skills by automating provisioning (Terraform\/CLI), building monitoring\/alarms, and running regular restore drills to validate operational readiness.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Data Management<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[68,62],"tags":[],"class_list":["post-888","post","type-post","status-publish","format-standard","hentry","category-data-management","category-oracle-cloud"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/888","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=888"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/888\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}