Does this tool connect to my OCI account?

No. This tool runs entirely in your browser and generates configuration JSON that you can copy and paste into your infrastructure-as-code templates, CLI commands, or cloud console. It never connects to any cloud account or sends data externally.

Are the generated configurations production-ready?

The tool produces syntactically valid configurations based on current OCI service specifications. Always review generated configs against your organization security policies and test in a non-production environment before deploying.

OCI Service Gateway Config Builder

NetworkingOCI

Build Service Gateway route rule configurations for private access to OCI services.

Last verified: May 2026

OCI Service Gateway Configuration

Build Service Gateway route rule configurations for private access to OCI services from VCN subnets.

Required Fields

compartmentIdvcnIddisplayNameservices

{
  "compartmentId": "ocid1.compartment.oc1..aaaaaaaexample",
  "vcnId": "ocid1.vcn.oc1.iad.aaaaaaaexample",
  "displayName": "prod-service-gateway",
  "description": "Service gateway for private access to OCI services",
  "services": [
    {
      "serviceId": "ocid1.service.oc1.iad.aaaaaaaexample-objectstorage",
      "serviceName": "OCI IAD Object Storage"
    },
    {
      "serviceId": "ocid1.service.oc1.iad.aaaaaaaexample-allservices",
      "serviceName": "All IAD Services In Oracle Services Network"
    }
  ],
  "routeTableId": "ocid1.routetable.oc1.iad.aaaaaaaexample",
  "routeRules": [
    {
      "destinationType": "SERVICE_CIDR_BLOCK",
      "destination": "oci-iad-objectstorage",
      "description": "Route Object Storage traffic through service gateway"
    },
    {
      "destinationType": "SERVICE_CIDR_BLOCK",
      "destination": "all-iad-services-in-oracle-services-network",
      "description": "Route all OCI service traffic through service gateway"
    }
  ],
  "blockTraffic": false,
  "freeformTags": {
    "environment": "production",
    "team": "networking"
  }
}

Generated Output

Output will appear here...

See It in Action

Your team's VMs constantly upload to OCI Object Storage. Without a Service Gateway, this traffic egresses through the NAT Gateway — adding $0.045/GB processing fee plus internet routing latency. The builder generates: a Service Gateway with the all-services CIDR enabled, route table updates pointing the OCI services CIDR to the gateway. After deploy, Object Storage traffic stays on OCI's internal network (free + faster). For a workload doing 5 TB/month of uploads, that's $225/month in NAT processing fees eliminated.

What This Tool Does

Build Service Gateway route rule configurations for private access to OCI services. This tool helps OCI engineers generate valid configurations quickly without consulting documentation, reducing errors and accelerating infrastructure deployment. All processing runs in your browser with no data sent to external servers.

Technical Details

The builder constructs OCI Service Gateway configurations: service gateway resource (compartment, VCN reference), service CIDR labels to enable (`all-<region>-services-in-oracle-services-network` for all OCI services, or specific service labels like `objectstorage` for narrow access), and route rules in the VCN's route tables directing service traffic to the gateway. Output is generated as oci network service-gateway commands and Terraform oci_core_service_gateway + oci_core_route_table resources.

Common Use Cases

1Generating oci service gateway configurations for new infrastructure deployments.
2Validating existing configurations against best practices before applying changes.
3Learning OCI service configuration patterns through interactive examples.
4Accelerating infrastructure-as-code development by producing correct JSON/YAML starting points.

Common Questions

Does this tool connect to my OCI account?: No. This tool runs entirely in your browser and generates configuration JSON that you can copy and paste into your infrastructure-as-code templates, CLI commands, or cloud console. It never connects to any cloud account or sends data externally.
Are the generated configurations production-ready?: The tool produces syntactically valid configurations based on current OCI service specifications. Always review generated configs against your organization security policies and test in a non-production environment before deploying.

Expert Tips

TIP

Service Gateway is FREE — both the gateway resource and the data flowing through it. This is dramatically different from AWS PrivateLink (charges per VPC endpoint + data processed) or Azure Private Endpoint. Always use Service Gateway for VCN-to-OCI-services traffic; never route via the public internet.

TIP

Service Gateway routes traffic to OCI services WITHIN the same region. For cross-region access (e.g., Object Storage in another region), traffic uses the public internet unless you set up FastConnect public peering. Plan your service access architecture accordingly.

TIP

Add Service Gateway routes for Object Storage by default in every production VCN. Without it, Object Storage uploads/downloads from your VMs traverse the internet path — adding latency and exposing data to public internet routing. The Service Gateway path is private + faster.

Related Learning Guides

OCI VCN Networking Deep Dive25 min read
OCI DNS & Traffic Management22 min read

Was this tool helpful?

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.