Oracle Cloud Infrastructure (OCI) Startup Guide

The Aviatrix cloud network solution consists of two components, the controller and gateways, both of which are cloud VMs. Gateways are launched from the controller console to specific VCNs. This guide helps you to launch the gateway in OCI. Make sure you follow the instructions to also subscribe to the Aviatrix Companion Gateway described in this guide.


Currently we only support deploying the Controller in AWS. The preferred approach is to launch the Controller from the AWS Marketplace as a metered AMI by following the AWS Startup Guide. The Aviatrix Controller is multi cloud, multi subscription and multi region capable. Launching the Controller in AWS can also enable you to deploy gateways in OCI,

1. Prepare your account in OCI

Create an OCI account

Create an OCI account if you do not already have one.

Set up your account

Although you can use default account and root compartment, it is recommended that you follow this doc to create your own user, group, and compartment with the right policy. For more detail, refer to Setting Up Your Tenancy

2. Access the Controller

After the Controller instance is in a running state in AWS, you can access the Controller via a browser by https://Controller_public_IP, where Controller_public_IP is the static public IP address of the Controller.

The initial password is the private IP address of the instance.

Follow the steps to go through an initial setup phase to download the latest software. After the latest software is downloaded, re-login again to go through the onboarding process.

3. Onboarding

The purpose of onboarding is to help you setup an account on the Aviatrix Controller that corresponds to an OCI account with compartment policies so that the Controller can launch gateways using OCI APIs. For on-boarding the OCI account in the Aviatrix controller, we need following four pieces of information: User OCID, Tenancy OCID, Compartment OCID, API Private Key File.


  • Login to your OCI console and go to the Navigation Menu (3 bars on top left)->Identity->Users
  • Identify the IAM User who will be making the API calls and copy the User OCID

Tenancy OCID

  • Login to your OCI console and go to the Navigation Menu (3 bars on top left) Administration->Tenancy Details
  • Copy the Tenancy OCID

Compartment OCID

  • Login to your OCI console and go to the Navigation Menu (3 bars on top left) Identity->Compartments
  • Choose the compartment and copy the Compartment OCID

Please note that if you have multiple compartments, choose one that has right set of policies which are required for Aviatrix to work. The best practice is to create a separate compartment for your operations and assign right policies to it.


If you already have an existing RSA key pair in .pem format, you can use that as well. However, please note that this key pair is not the SSH key that is used to access compute instances. Both the private key and public key must be in PEM format (not SSH-RSA format). If you do not have an existing RSA key pair, you can follow the aforementioned steps from the terminal in your laptop to generate the API key

  1. Generate an API Signing Key: If you’re using Windows, you’ll need to install “Git Bash for Windows” and run the following commands with that tool. Mac and Linux users can run the following commands on their terminal
    1. Create a. oci directory to store the credentials: mkdir ~/ .oci
    2. Generate the private key without passphrase: openssl genrsa -out ~/.oci/oci_api_key.pem 2048
    3. Change the key settings, so that only you can read the file: chmod go-rwx ~/.oci/oci_api_key.pem
    4. Generate the Public Key: openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem
    5. Copy the contents of the public key in clipboard locally in your computer: cat ~/.oci/oci_api_key_public.pem | pbcopy. Note: You may have to install pbcopy, if it is not already installed on your system. Alternatively, you can also open the public key file on the terminal and copy the file from there
  2. Upload the Public Key in the console:
    1. Sign in to the OCI console
    2. Login to your OCI console and go to the Navigation Menu (3 bars on top left)Identity->Users
    3. Choose the right User who will be making the API call
    4. Click Add Public Key
    5. Paste the contents of the PEM public key and click Add. Once you complete this, you will see the Key’s fingerprint

For more details, please refer to Required Keys and OCIDs

Once you have the above info, please go to Aviatrix Controller->Accounts->Access Accounts->New Account and fill the required information. Please note that you should upload the Private Key file in the Aviatrix controller (which is different than the one you put in the OCI console). You can find that key in the folder where you generated the key in the above steps (.oci folder in above example)

Congratulations on finishing your onboarding. Please go ahead to the “Useful Tools” menu at the main navigation on the left panel, and select Create a VPC -> +Create to create a VCN in OCI. Enjoy!