OCIGetting Startedbeginner

Getting Started with Oracle Cloud

Set up your OCI account, create compartments, launch your first compute instance, and configure object storage.

CloudToolStack Team20 min readPublished Mar 14, 2026

Prerequisites

An Oracle Cloud account (free tier available)
Basic understanding of cloud computing concepts

Welcome to Oracle Cloud Infrastructure

Oracle Cloud Infrastructure (OCI) is Oracle's second-generation cloud platform, built from the ground up to deliver high performance, strong security isolation, and competitive pricing. Unlike many cloud providers that evolved from consumer services, OCI was designed specifically for enterprise workloads, offering bare-metal compute, off-box network virtualization, and a flat network architecture that delivers consistent low-latency performance.

OCI stands out with its generous Always Free tier that never expires, including two AMD-based compute instances, up to four ARM Ampere A1 instances with 24 GB of memory, two Autonomous Databases, 200 GB of block storage, 10 GB of object storage, and many other services. This makes OCI an excellent platform for learning, personal projects, and even lightweight production workloads at zero cost.

This guide walks you through creating your OCI account, understanding the core organizational structure (tenancy, compartments, regions), launching your first compute instance, creating object storage buckets, and cleaning up resources. Every step includes OCI CLI commands and console instructions so you can follow along regardless of your preferred workflow.

OCI Always Free Tier

OCI's Always Free tier includes two AMD Micro instances (1/8 OCPU, 1 GB RAM each), up to 4 ARM Ampere A1 cores and 24 GB RAM (configurable across instances), two Autonomous Databases (20 GB each), 200 GB total block volume storage, 10 GB object storage, 10 TB/month outbound data transfer, load balancer, and more. These resources never expire and remain free even after the 30-day trial period. Always Free resources are subject to availability in your home region.

Creating Your OCI Account

To create an OCI account, visit cloud.oracle.com and click "Sign Up." You will need a valid email address, a phone number for verification, and a credit or debit card. Oracle will not charge your card for Always Free resources, and during the 30-day trial you receive $300 in free credits to explore paid services.

Key Decisions During Sign-Up

Home Region: During account creation, you must select a home region. This is important because your Identity and Access Management (IAM) resources, including users, groups, and policies, are created in the home region. You cannot change your home region after account creation. Choose a region close to you geographically, such asus-ashburn-1, us-phoenix-1, eu-frankfurt-1, orap-tokyo-1. Always Free resources are only available in your home region.

Cloud Account Name: This becomes your tenancy name and appears in the URL you use to sign in (e.g., https://cloud.oracle.com/?tenant=your-tenancy). Choose something meaningful and keep it short.

Home Region Cannot Be Changed

Once you select your home region during account creation, it cannot be changed. Your IAM resources are permanently anchored to this region. If you need to operate in a different region, you can subscribe to additional regions later, but your identity configuration will always live in the home region. Choose carefully based on where your primary workloads will run.

Understanding the OCI Console

After signing in at cloud.oracle.com, you land on the OCI Console dashboard. The console is organized around a hamburger menu (three horizontal lines) in the top-left corner, which expands into a comprehensive navigation panel organized by service category: Compute, Networking, Storage, Databases, and more.

The top bar includes your region selector (you can subscribe to multiple regions), the Cloud Shell icon (a terminal icon that opens a browser-based CLI), the notifications bell, and your user profile menu. The Cloud Shell is particularly useful because it comes pre-configured with the OCI CLI, kubectl, Terraform, and other tools.

Key Console Concepts

Concept	Description	Analogy
Tenancy	Your top-level account and root compartment	Like an AWS account or Azure subscription
Compartment	A logical container for organizing resources	Like AWS resource groups or Azure resource groups
Region	A geographic area with one or more availability domains	Like AWS regions
Availability Domain (AD)	An isolated data center within a region	Like AWS Availability Zones
Fault Domain	A grouping of hardware within an AD for anti-affinity	Like AWS placement groups
OCID	Oracle Cloud Identifier, unique ID for every resource	Like AWS ARNs

Installing and Configuring the OCI CLI

The OCI Command Line Interface is a powerful tool for managing your OCI resources. While the Cloud Shell comes pre-configured, installing the CLI locally gives you faster access and the ability to script complex workflows.

bash

# Install the OCI CLI (works on macOS, Linux, Windows)
# The installer is interactive and will guide you through setup
bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)"

# On macOS with Homebrew
brew install oci-cli

# Verify installation
oci --version
# e.g., 3.41.0

# Run the setup wizard to configure your CLI
oci setup config
# This will prompt you for:
#   - User OCID (found in Console > Profile > User settings)
#   - Tenancy OCID (found in Console > Profile > Tenancy)
#   - Region (e.g., us-ashburn-1)
#   - Path for your API signing key

# The wizard generates an API key pair and creates ~/.oci/config
# Upload the PUBLIC key to your user profile in the Console:
# Console > Profile > User settings > API Keys > Add API Key

# Test the configuration
oci iam region list --output table

Use OCI Cloud Shell for Quick Tasks

If you do not want to install the CLI locally, use OCI Cloud Shell. Click the terminal icon in the top-right of the console to open a browser-based terminal with the OCI CLI, kubectl, Terraform, Python, and other tools pre-installed and pre-authenticated. Cloud Shell includes 5 GB of persistent home directory storage and is free for all tenancies.

Creating Your First Compartment

Compartments are the fundamental organizational unit in OCI. Every resource must belong to a compartment, and compartments control access through IAM policies. Think of compartments as folders in a file system: they can be nested, and permissions flow down from parent to child. The root compartment is your tenancy itself.

Best practice is to never create resources directly in the root compartment. Instead, create purpose-specific compartments for your projects, teams, or environments.

bash

# List existing compartments
oci iam compartment list \
  --compartment-id-in-subtree true \
  --query 'data[].{name:name, id:id, "lifecycle-state":"lifecycle-state"}' \
  --output table

# Create a compartment for your first project
oci iam compartment create \
  --compartment-id <your-tenancy-ocid> \
  --name "my-first-project" \
  --description "Compartment for learning OCI"

# Save the compartment OCID for later use
export C=ocid1.compartment.oc1..aaaa...

# Verify the compartment was created
oci iam compartment get --compartment-id $C

Launching Your First Compute Instance

OCI Compute provides virtual machines and bare-metal servers. For the Always Free tier, you can create two AMD Micro instances (VM.Standard.E2.1.Micro) or up to four ARM-based Ampere A1 instances (VM.Standard.A1.Flex) with a total of 4 OCPUs and 24 GB of memory. ARM instances offer excellent performance per dollar and are ideal for many workloads including web servers, development environments, and containerized applications.

Choosing an Image and Shape

An image is the operating system template (like an AMI in AWS). OCI provides platform images for Oracle Linux, Ubuntu, CentOS, and Windows Server. Ashape defines the number of CPUs and amount of memory. Flex shapes let you choose the exact OCPU and memory configuration you need.

bash

# List available shapes in your compartment
oci compute shape list \
  --compartment-id $C \
  --query 'data[].{shape:shape, ocpus:ocpus, "memory-gb":"memory-in-gbs"}' \
  --output table

# Find the latest Oracle Linux 8 image
oci compute image list \
  --compartment-id $C \
  --operating-system "Oracle Linux" \
  --operating-system-version "8" \
  --shape "VM.Standard.E2.1.Micro" \
  --sort-by TIMECREATED \
  --sort-order DESC \
  --query 'data[0].{id:id, name:"display-name"}' \
  --output table

# Get the availability domain name
AD=$(oci iam availability-domain list \
  --query 'data[0].name' --raw-output)

# Create an SSH key pair (if you do not have one)
ssh-keygen -t rsa -b 2048 -f ~/.ssh/oci_key -N ""

# Launch an Always Free compute instance
oci compute instance launch \
  --compartment-id $C \
  --availability-domain $AD \
  --shape "VM.Standard.E2.1.Micro" \
  --image-id <oracle-linux-image-ocid> \
  --subnet-id <your-subnet-ocid> \
  --ssh-authorized-keys-file ~/.ssh/oci_key.pub \
  --display-name "my-first-instance" \
  --assign-public-ip true

# Wait for the instance to reach RUNNING state
oci compute instance get \
  --instance-id <instance-ocid> \
  --query 'data."lifecycle-state"'

# Get the public IP address
oci compute instance list-vnics \
  --instance-id <instance-ocid> \
  --query 'data[0]."public-ip"' --raw-output

Always Free Instance Availability

Always Free shapes (VM.Standard.E2.1.Micro and VM.Standard.A1.Flex) are subject to capacity availability in your home region. If you receive an "Out of capacity" error, try a different availability domain or try again later. Some regions have higher demand than others. The Ampere A1 (ARM) shapes are particularly popular and may be harder to provision in busy regions. Consider trying during off-peak hours.

Connecting to Your Instance

bash

# Connect via SSH (Oracle Linux uses "opc" as the default user)
ssh -i ~/.ssh/oci_key opc@<public-ip>

# Once connected, explore the instance
uname -a                      # Check kernel info
cat /etc/oracle-release       # Check Oracle Linux version
free -h                       # Check available memory
df -h                         # Check disk space
curl -s http://169.254.169.254/opc/v1/instance/ | python3 -m json.tool
# Instance metadata endpoint (similar to AWS metadata service)

# Install a web server
sudo dnf install -y nginx
sudo systemctl enable --now nginx
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload

# Verify Nginx is running
curl http://localhost

Understanding OCI Networking Basics

Every compute instance runs inside a Virtual Cloud Network (VCN). When you create your tenancy, OCI does not create a default VCN for you (unlike AWS). You need to create one before launching instances. A VCN is a software-defined network in OCI that closely resembles a traditional on-premises network with its own CIDR block, subnets, route tables, and security rules.

The easiest way to get started is to use the "Start VCN Wizard" in the console, which creates a VCN with a public subnet, a private subnet, an internet gateway, a NAT gateway, and a service gateway with all the appropriate route rules and security lists pre-configured.

bash

# Create a VCN manually
oci network vcn create \
  --compartment-id $C \
  --cidr-blocks '["10.0.0.0/16"]' \
  --display-name "my-first-vcn" \
  --dns-label "myfirstvcn"

# Create an internet gateway
oci network internet-gateway create \
  --compartment-id $C \
  --vcn-id <vcn-ocid> \
  --display-name "my-igw" \
  --is-enabled true

# Create a public subnet
oci network subnet create \
  --compartment-id $C \
  --vcn-id <vcn-ocid> \
  --cidr-block "10.0.1.0/24" \
  --display-name "public-subnet" \
  --dns-label "pubsub" \
  --prohibit-public-ip-on-vnic false

# Add a route rule for internet access
oci network route-table update \
  --rt-id <default-route-table-ocid> \
  --route-rules '[{"destination":"0.0.0.0/0","destinationType":"CIDR_BLOCK","networkEntityId":"<igw-ocid>"}]' \
  --force

Creating Object Storage Buckets

OCI Object Storage is a high-performance, scalable storage service for unstructured data. It is similar to AWS S3 and supports standard and infrequent access storage tiers, as well as archive storage for long-term retention. The Always Free tier includes 10 GB of standard object storage and 10 GB of infrequent access storage.

bash

# Get your namespace (unique to your tenancy)
NAMESPACE=$(oci os ns get --query 'data' --raw-output)
echo "Namespace: $NAMESPACE"

# Create a bucket
oci os bucket create \
  --compartment-id $C \
  --namespace $NAMESPACE \
  --name "my-first-bucket" \
  --storage-tier "Standard" \
  --public-access-type "NoPublicAccess"

# Upload a file
echo "Hello from OCI Object Storage!" > hello.txt
oci os object put \
  --namespace $NAMESPACE \
  --bucket-name "my-first-bucket" \
  --file hello.txt \
  --name "hello.txt"

# List objects in the bucket
oci os object list \
  --namespace $NAMESPACE \
  --bucket-name "my-first-bucket" \
  --query 'data[].{name:name, size:size, "time-created":"time-created"}' \
  --output table

# Download a file
oci os object get \
  --namespace $NAMESPACE \
  --bucket-name "my-first-bucket" \
  --name "hello.txt" \
  --file downloaded.txt

# Create a Pre-Authenticated Request (PAR) for temporary access
oci os preauthenticated-request create \
  --namespace $NAMESPACE \
  --bucket-name "my-first-bucket" \
  --name "temp-access" \
  --access-type "ObjectRead" \
  --object-name "hello.txt" \
  --time-expires "2026-12-31T23:59:59Z"

Object Storage Namespaces

Every OCI tenancy has a unique Object Storage namespace that is auto-generated during account creation. The namespace serves as a top-level container for all your buckets and ensures global uniqueness. Unlike AWS S3 where bucket names must be globally unique, OCI bucket names only need to be unique within your namespace. This means you can use simple, descriptive bucket names like "backups" or "logs" without worrying about name collisions with other tenancies.

Working with OCI Resource Tags

Tags are key-value pairs that help you organize, track, and manage your OCI resources. OCI supports two types of tags: free-form tags (ad-hoc key-value pairs) and defined tags (structured tags with namespaces and predefined keys). Defined tags provide more control and can be used in IAM policies for tag-based access control.

bash

# Add free-form tags when creating a resource
oci compute instance launch \
  --compartment-id $C \
  --freeform-tags '{"Environment": "dev", "Project": "learning", "Owner": "jane"}'
  # ... other required parameters

# Update tags on an existing instance
oci compute instance update \
  --instance-id <instance-ocid> \
  --freeform-tags '{"Environment": "dev", "CostCenter": "12345"}'

# Create a tag namespace for defined tags
oci iam tag-namespace create \
  --compartment-id $C \
  --name "project-tags" \
  --description "Tags for project resources"

# Create a tag key definition
oci iam tag create \
  --tag-namespace-id <namespace-ocid> \
  --name "Environment" \
  --description "Deployment environment" \
  --is-cost-tracking true

Monitoring and Observability

OCI provides built-in monitoring through the Monitoring service, which collects metrics from your resources automatically. You can view CPU utilization, memory usage, network throughput, and disk I/O for your compute instances without installing any agents. The OCI Console provides dashboards, and you can create alarms to get notified when metrics exceed thresholds.

bash

# List available metrics for compute instances
oci monitoring metric list \
  --compartment-id $C \
  --namespace "oci_computeagent" \
  --query 'data[].{name:name, namespace:namespace}' \
  --output table

# Query CPU utilization for the last hour
oci monitoring metric-data summarize-metrics-data \
  --compartment-id $C \
  --namespace "oci_computeagent" \
  --query-text 'CpuUtilization[1h]{resourceId = "<instance-ocid>"}.mean()'

# Create an alarm for high CPU usage
oci monitoring alarm create \
  --compartment-id $C \
  --display-name "high-cpu-alarm" \
  --metric-compartment-id $C \
  --namespace "oci_computeagent" \
  --query-text 'CpuUtilization[5m].mean() > 80' \
  --severity "WARNING" \
  --destinations '["<topic-ocid>"]' \
  --is-enabled true \
  --body "CPU utilization exceeds 80% for 5 minutes"

# List your alarms
oci monitoring alarm list \
  --compartment-id $C \
  --query 'data[].{name:"display-name", severity:severity, "lifecycle-state":"lifecycle-state"}' \
  --output table

Cleaning Up Resources

Unlike Always Free resources (which incur no charges), any resources provisioned during your 30-day free trial using trial credits will start incurring charges once the trial ends. It is essential to clean up resources you no longer need. Always Free resources can remain running indefinitely.

Clean Up Trial Resources Before Day 30

Your 30-day trial includes $300 in free credits. When the trial ends, any paid resources (non-Always Free) that are still running will start charging your credit card. OCI will send warning emails as your trial nears its end, but it is your responsibility to terminate or downgrade resources. Always Free resources (like VM.Standard.E2.1.Micro instances) will continue running at no cost.

bash

# Terminate a compute instance
oci compute instance terminate \
  --instance-id <instance-ocid> \
  --preserve-boot-volume false \
  --force

# Delete an object storage bucket (must be empty first)
# Delete all objects in the bucket
oci os object bulk-delete \
  --namespace $NAMESPACE \
  --bucket-name "my-first-bucket" \
  --force

# Delete the bucket
oci os bucket delete \
  --namespace $NAMESPACE \
  --bucket-name "my-first-bucket" \
  --force

# Delete VCN resources (order matters!)
# 1. Delete subnets
oci network subnet delete --subnet-id <subnet-ocid> --force
# 2. Delete internet gateway
oci network internet-gateway delete --ig-id <igw-ocid> --force
# 3. Delete the VCN
oci network vcn delete --vcn-id <vcn-ocid> --force

# List all running instances to verify cleanup
oci compute instance list \
  --compartment-id $C \
  --lifecycle-state RUNNING \
  --query 'data[].{name:"display-name", id:id, shape:shape}' \
  --output table

# Check for remaining block volumes
oci bv volume list \
  --compartment-id $C \
  --lifecycle-state AVAILABLE \
  --query 'data[].{name:"display-name", "size-gb":"size-in-gbs"}' \
  --output table

# Delete the compartment (only if empty)
oci iam compartment delete --compartment-id $C --force

OCI vs Other Cloud Providers

Feature	OCI	AWS	Azure	GCP
Free Tier	Always Free (never expires)	12-month free + always free	12-month free + always free	90-day trial + always free
Free Compute	2 AMD + 4 ARM cores / 24 GB	750 hrs t2.micro (12 months)	750 hrs B1S (12 months)	1 e2-micro (always free)
Data Egress	10 TB/month free	100 GB/month free	100 GB/month free	200 GB/month free
Organization	Compartments	Accounts + OUs	Subscriptions + Resource Groups	Projects + Folders
Network Model	Off-box (non-oversubscribed)	Overlay network	Overlay network	Andromeda (SDN)

What to Learn Next

Now that you have your first OCI project running, you have a solid foundation to explore more advanced topics. Here are recommended next steps:

IAM and Security: Learn about identity domains, compartment policies, and how to create fine-grained access controls for your resources.

Networking: Dive deeper into VCN architecture, security lists vs network security groups, DRG for multi-VCN connectivity, and FastConnect for hybrid cloud.

Databases: Explore Autonomous Database, which provides a self-driving, self-securing, and self-repairing database service with two Always Free instances.

Kubernetes: Learn OKE (Oracle Kubernetes Engine) for container orchestration with managed control planes and virtual node pools.

Infrastructure as Code: Use the OCI Terraform provider to define your infrastructure as code, enabling repeatable and version-controlled deployments.

OCI IAM, Compartments & Policies OCI VCN Networking Deep Dive Autonomous Database on OCI

Key Takeaways

1OCI organizes resources into compartments for access control and billing isolation.
2Flex shapes let you customize CPU and memory independently for cost optimization.
3OCI Always Free tier includes 2 AMD or 4 Ampere ARM instances permanently.
4Object Storage supports Standard, Infrequent Access, and Archive tiers.

Frequently Asked Questions

Does OCI have a free tier?

Yes, OCI offers an Always Free tier that never expires, including 2 AMD Compute instances, up to 4 Ampere ARM instances (24 GB RAM total), 200 GB block storage, 20 GB object storage, and an Autonomous Database. This is more generous than most other cloud providers' free tiers.

How do OCI compartments differ from AWS accounts or Azure subscriptions?

Compartments are logical containers within a single OCI tenancy that organize resources and control access through IAM policies. Unlike AWS accounts or Azure subscriptions, compartments can be nested up to 6 levels deep and resources can be moved between compartments without recreation.

Written by CloudToolStack Team

Cloud engineers and architects with hands-on experience across AWS, Azure, and GCP. We write guides based on real-world production patterns, not just documentation rewrites.

Disclaimer: This guide is for educational purposes. Cloud services change frequently; always refer to official documentation for the latest information. AWS, Azure, and GCP are trademarks of their respective owners.