oraclecloud-core-workflow-b
Build OCI networking from scratch — VCN, subnets, gateways, and security rules. Use when creating a new VCN, debugging connectivity issues, or setting up security lists and NSGs. Trigger with "oci networking", "vcn setup", "security list", "nsg rules", "oci subnet".
Best use case
oraclecloud-core-workflow-b is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Build OCI networking from scratch — VCN, subnets, gateways, and security rules. Use when creating a new VCN, debugging connectivity issues, or setting up security lists and NSGs. Trigger with "oci networking", "vcn setup", "security list", "nsg rules", "oci subnet".
Teams using oraclecloud-core-workflow-b should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/oraclecloud-core-workflow-b/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How oraclecloud-core-workflow-b Compares
| Feature / Agent | oraclecloud-core-workflow-b | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Build OCI networking from scratch — VCN, subnets, gateways, and security rules. Use when creating a new VCN, debugging connectivity issues, or setting up security lists and NSGs. Trigger with "oci networking", "vcn setup", "security list", "nsg rules", "oci subnet".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# OCI Networking — VCN, Subnets & Security Rules
## Overview
Build a working OCI network from scratch using the Python SDK. OCI networking (VCN, subnets, security lists, NSGs, gateways) has more moving parts than AWS VPC. A misconfigured security list silently drops traffic with no error — just timeouts. This skill creates a complete network topology with public and private subnets, internet and NAT gateways, route tables, and Network Security Groups (NSGs).
**Purpose:** Build a production-ready VCN with proper routing and security rules that actually works on first deploy.
## Prerequisites
- **OCI Python SDK** — `pip install oci`
- **Config file** at `~/.oci/config` with fields: `user`, `fingerprint`, `tenancy`, `region`, `key_file`
- **IAM policy** — `Allow group Developers to manage virtual-network-family in compartment <name>`
- **Python 3.8+**
## Instructions
### Step 1: Create the VCN
```python
import oci
config = oci.config.from_file("~/.oci/config")
network = oci.core.VirtualNetworkClient(config)
vcn = network.create_vcn(
oci.core.models.CreateVcnDetails(
compartment_id=config["tenancy"],
display_name="app-vcn",
cidr_blocks=["10.0.0.0/16"],
dns_label="appvcn",
)
).data
print(f"VCN created: {vcn.id}")
```
### Step 2: Create Internet Gateway and NAT Gateway
The internet gateway handles inbound/outbound traffic for public subnets. The NAT gateway gives private subnets outbound-only internet access.
```python
# Internet Gateway (for public subnets)
igw = network.create_internet_gateway(
oci.core.models.CreateInternetGatewayDetails(
compartment_id=config["tenancy"],
vcn_id=vcn.id,
display_name="app-igw",
is_enabled=True,
)
).data
# NAT Gateway (for private subnets — outbound only)
nat = network.create_nat_gateway(
oci.core.models.CreateNatGatewayDetails(
compartment_id=config["tenancy"],
vcn_id=vcn.id,
display_name="app-nat",
)
).data
print(f"IGW: {igw.id}\nNAT: {nat.id}")
```
### Step 3: Create Route Tables
```python
# Public route table — all traffic via internet gateway
public_rt = network.create_route_table(
oci.core.models.CreateRouteTableDetails(
compartment_id=config["tenancy"],
vcn_id=vcn.id,
display_name="public-rt",
route_rules=[
oci.core.models.RouteRule(
network_entity_id=igw.id,
destination="0.0.0.0/0",
destination_type="CIDR_BLOCK",
)
],
)
).data
# Private route table — all traffic via NAT gateway
private_rt = network.create_route_table(
oci.core.models.CreateRouteTableDetails(
compartment_id=config["tenancy"],
vcn_id=vcn.id,
display_name="private-rt",
route_rules=[
oci.core.models.RouteRule(
network_entity_id=nat.id,
destination="0.0.0.0/0",
destination_type="CIDR_BLOCK",
)
],
)
).data
```
### Step 4: Create Network Security Group (NSG)
**Use NSGs instead of security lists.** NSGs attach to VNICs (per-instance) while security lists apply to entire subnets. NSGs are easier to manage and the OCI-recommended approach.
```python
nsg = network.create_network_security_group(
oci.core.models.CreateNetworkSecurityGroupDetails(
compartment_id=config["tenancy"],
vcn_id=vcn.id,
display_name="app-nsg",
)
).data
# Add ingress rules — SSH, HTTP, HTTPS
rules = [
oci.core.models.AddSecurityRuleDetails(
direction="INGRESS",
protocol="6", # TCP
source="0.0.0.0/0",
source_type="CIDR_BLOCK",
tcp_options=oci.core.models.TcpOptions(
destination_port_range=oci.core.models.PortRange(min=port, max=port)
),
description=desc,
)
for port, desc in [(22, "SSH"), (80, "HTTP"), (443, "HTTPS")]
]
# Add egress rule — allow all outbound
rules.append(
oci.core.models.AddSecurityRuleDetails(
direction="EGRESS",
protocol="all",
destination="0.0.0.0/0",
destination_type="CIDR_BLOCK",
description="Allow all outbound",
)
)
network.add_network_security_group_security_rules(
network_security_group_id=nsg.id,
add_network_security_group_security_rules_details=oci.core.models.AddNetworkSecurityGroupSecurityRulesDetails(
security_rules=rules
),
)
print(f"NSG created with {len(rules)} rules: {nsg.id}")
```
### Step 5: Create Public and Private Subnets
```python
identity = oci.identity.IdentityClient(config)
ad = identity.list_availability_domains(compartment_id=config["tenancy"]).data[0].name
# Public subnet
public_subnet = network.create_subnet(
oci.core.models.CreateSubnetDetails(
compartment_id=config["tenancy"],
vcn_id=vcn.id,
display_name="public-subnet",
cidr_block="10.0.1.0/24",
route_table_id=public_rt.id,
dns_label="pubsub",
prohibit_public_ip_on_vnic=False, # Allow public IPs
)
).data
# Private subnet
private_subnet = network.create_subnet(
oci.core.models.CreateSubnetDetails(
compartment_id=config["tenancy"],
vcn_id=vcn.id,
display_name="private-subnet",
cidr_block="10.0.2.0/24",
route_table_id=private_rt.id,
dns_label="privsub",
prohibit_public_ip_on_vnic=True, # No public IPs
)
).data
print(f"Public subnet: {public_subnet.id}")
print(f"Private subnet: {private_subnet.id}")
```
### Step 6: Verify Connectivity
```python
# List all subnets in the VCN to confirm setup
subnets = network.list_subnets(
compartment_id=config["tenancy"],
vcn_id=vcn.id
).data
for s in subnets:
print(f"{s.display_name} | {s.cidr_block} | Public IPs: {not s.prohibit_public_ip_on_vnic}")
```
## Output
Successful completion produces:
- A VCN with a /16 CIDR block and DNS resolution enabled
- Internet gateway (public traffic) and NAT gateway (private outbound)
- Separate route tables for public and private subnets
- An NSG with SSH (22), HTTP (80), and HTTPS (443) ingress rules
- Public and private subnets with correct routing
## Error Handling
| Error | Code | Cause | Solution |
|-------|------|-------|----------|
| Not authorized | 404 NotAuthorizedOrNotFound | Missing IAM policy for virtual-network-family | Add policy: `Allow group X to manage virtual-network-family in compartment Y` |
| CIDR overlap | 400 InvalidParameter | Subnet CIDR conflicts with existing subnet | Use non-overlapping /24 blocks within the VCN /16 range |
| Limit exceeded | 400 LimitExceeded | VCN or subnet limit reached | Check limits in Console > Governance > Limits; request increase |
| Silent traffic drop | N/A | Security list or NSG missing ingress rule | Check NSG rules — OCI drops unmatched traffic with no ICMP unreachable |
| Not authenticated | 401 NotAuthenticated | Bad API key or config | Verify `~/.oci/config` key_file and fingerprint |
| Rate limited | 429 TooManyRequests | Too many API calls | Add backoff; OCI does not return Retry-After header |
**Debugging silent drops:** If traffic times out, check in this order: (1) NSG ingress rules, (2) security list rules, (3) route table entries, (4) gateway exists and is enabled. OCI applies security lists AND NSGs — traffic must pass both.
## Examples
**Quick VCN list via CLI:**
```bash
oci network vcn list \
--compartment-id <OCID> \
--query "data[*].{Name:\"display-name\",CIDR:\"cidr-blocks\"}" \
--output table
```
**Check NSG rules for debugging:**
```python
rules = network.list_network_security_group_security_rules(
network_security_group_id=nsg.id
).data
for r in rules:
print(f"{r.direction} | {r.protocol} | {r.source or r.destination} | {r.description}")
```
## Resources
- [VCN Overview](https://docs.oracle.com/en-us/iaas/Content/) — networking concepts and best practices
- [Python SDK Reference](https://docs.oracle.com/en-us/iaas/tools/python/latest/) — VirtualNetworkClient API
- [CLI Reference](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cliconcepts.htm) — `oci network` commands
- [Terraform OCI Provider](https://registry.terraform.io/providers/oracle/oci/latest/docs) — infrastructure as code
- [Known Issues](https://docs.oracle.com/en-us/iaas/Content/knownissues.htm) — current networking issues
## Next Steps
After networking is in place, launch instances with `oraclecloud-core-workflow-a` (use the subnet IDs from Step 5), or set up monitoring with `oraclecloud-query-transform` to watch network traffic metrics.Related Skills
calendar-to-workflow
Converts calendar events and schedules into Claude Code workflows, meeting prep documents, and standup notes. Use when the user mentions calendar events, meeting prep, standup generation, or scheduling workflows. Trigger with phrases like "prep for my meetings", "generate standup notes", "create workflow from calendar", or "summarize today's schedule".
workhuman-core-workflow-b
Workhuman core workflow b for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman core workflow b".
workhuman-core-workflow-a
Workhuman core workflow a for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman core workflow a".
wispr-core-workflow-b
Wispr Flow core workflow b for voice-to-text API integration. Use when integrating Wispr Flow dictation, WebSocket streaming, or building voice-powered applications. Trigger: "wispr core workflow b".
wispr-core-workflow-a
Wispr Flow core workflow a for voice-to-text API integration. Use when integrating Wispr Flow dictation, WebSocket streaming, or building voice-powered applications. Trigger: "wispr core workflow a".
windsurf-core-workflow-b
Execute Windsurf's secondary workflow: Workflows, Memories, and reusable automation. Use when creating reusable Cascade workflows, managing persistent memories, or automating repetitive development tasks. Trigger with phrases like "windsurf workflow", "windsurf automation", "windsurf memories", "cascade workflow", "windsurf slash command".
windsurf-core-workflow-a
Execute Windsurf's primary workflow: Cascade Write mode for multi-file agentic coding. Use when building features, refactoring across files, or performing complex code tasks. Trigger with phrases like "windsurf cascade write", "windsurf agentic coding", "windsurf multi-file edit", "cascade write mode", "windsurf build feature".
webflow-core-workflow-b
Execute Webflow secondary workflows — Sites management, Pages API, Forms submissions, Ecommerce (products/orders/inventory), and Custom Code via the Data API v2. Use when managing sites, reading pages, handling form data, or working with Webflow Ecommerce products and orders. Trigger with phrases like "webflow sites", "webflow pages", "webflow forms", "webflow ecommerce", "webflow products", "webflow orders".
webflow-core-workflow-a
Execute the primary Webflow workflow — CMS content management: list collections, CRUD items, publish items, and manage content lifecycle via the Data API v2. Use when working with Webflow CMS collections and items, managing blog posts, team members, or any dynamic content. Trigger with phrases like "webflow CMS", "webflow collections", "webflow items", "create webflow content", "manage webflow CMS", "webflow content management".
veeva-core-workflow-b
Veeva Vault core workflow b for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva core workflow b".
veeva-core-workflow-a
Veeva Vault core workflow a for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva core workflow a".
vastai-core-workflow-b
Execute Vast.ai secondary workflow: multi-instance orchestration, spot recovery, and cost optimization. Use when running distributed training, handling spot preemption, or optimizing GPU spend across multiple instances. Trigger with phrases like "vastai distributed training", "vastai spot recovery", "vastai multi-gpu", "vastai cost optimization".