How Not to Get Your Oracle Cloud Free Tier Account Terminated

The Oracle Cloud Free Tier offers users the opportunity to try out the platform's services at no cost and for no time limit, but many users have found their accounts terminated due to violations of the Oracle Acceptable Use Policy [pdf]. This is often the result of users not fully understanding the policy, which is broad in scope and covers a wide range of activities. As a result, users may unknowingly break the rules and find themselves in violation of the policy.

Why is the Oracle Cloud Free Tier so Valuable?

1. Because it offers a lot more free resources as compared to the other major cloud providers (AWS, GCP, Azure)
2. Besides a $300 credit they also offer a generous ALWAYS FREE tier

For example, Oracle offers users the ability to run up to 4 virtual servers with 4 public static IP addresses (that can be reserved) and 200 GB of storage that can be split between these 4 servers, as well as a total of 26 GB of RAM and 26 virtual CPUs.  Additionally, it offers unlimited ingress data and 10 TB/month egress data. This level of resources and services is not commonly found in other cloud providers' free tiers, making Oracle's offering particularly attractive to users.

Technically speaking, you can have up to 6 free servers (compute instances) but because every server uses a minimum of 50GB and you are given 200GB, you can only create four at time. Here is the full list of always free resources: https://www.oracle.com/cloud/free/#always-free

What's Egress Data & Why is it so Important?

Imagine you have a box and you want to put things in it and take things out. When you put things in, that's like "ingress" data. And when you take things out, that's like "egress" data. The box in this case is the server you have on the cloud. It is important to monitor the amount of data that is being transferred in and out of the server, as it can affect the performance and the cost of using the server.

If you have a server running that is connected to the Internet and you use it to serve/host your website, you should pay close attention to its usage as to not incur extra charges with your payment method on file.

For example, when someone visits your website, the device that person is using (phone, laptop etc.) makes a request to the server that is serving/hosting your website. The request will usually say:

• send me the front page
• or send me the contact us page
• or the gallery page

If you have many images or other elements on these pages, they could go up in size considerably. Most web pages are under 1MB but I've seen many that are up to 10MB in size.

• 1MB is 0.001 of a GB
• 1GB is 1000MB

GCP (Google Cloud Platform), a service that is similar to the Oracle Cloud, offers only one always free server and only 1GB of egress data per month (10.000 times less than Oracle). AWS & Azure do not offer any free egress data for their always free servers.

Can anyone create an account?

Yes, anyone that has a valid credit/debit card can create an account but as the free offering became more and more popular, registration has been difficult for some. From what I've personally read online, some users in Asian, African and South American countries are the ones having difficulties. Others in Europe, UK, US & Canada have not reported them as often.

The bottom line is: if you can get an Oracle Cloud Free Tier account, you are lucky and should be careful not getting it terminated.

Idle Compute Instances

 Important

Reclamation of Idle Compute Instances

Idle Always Free compute instances may be reclaimed by Oracle. Oracle will deem virtual machine and bare metal compute instances as idle if, during a 7-day period, the following are true:

• CPU utilization for the 95th percentile is less than 10%
• Network utilization is less than 10%
• Memory utilization is less than 10% (applies to A1 shapes only)

Why Would Oracle Terminate an Account?

As this is a free offering, measures have to be set to prevent abuse. 

The first section is called: "USE OF THE SERVICES"

It is actually quite broad and because of that, it's easy to break. Let's see what each point means:

(a) use the Services to harass any person; cause damage or injury to any person or property; publish any material that is false, defamatory, harassing or obscene; violate privacy rights; promote bigotry, racism, hatred or harm; send unsolicited bulk e-mail, junk mail, spam or chain letters; infringe property rights; or otherwise violate applicable laws, ordinances or regulations;

Right from the start if you host any public facing service, you could be in trouble. For example:

if you have a blog and you make a post that says "X did that" or "X is not good" or "X had a baby" and someone sees it and considers it to be FALSE MATERIAL, they could report you.

if you / or someone else you gave access to your blog/website uploads a picture that they don't own the copyright to, again you risk of being reported and terminated (think DMCA).

violate applicable laws, ordinances or regulations. There are 195 countries, many with their own local laws, regs. Again, you wouldn't even know you are breaking

(b) perform or disclose any benchmarking or availability testing of the Services;

Don't run stress tests and don't share the results.

(c) perform or disclose any performance or vulnerability testing of the Services without Oracle’s prior written approval, or perform or disclose network discovery, port and service identification, vulnerability scanning, password cracking or remote access testing of the Services;

Same as the above but related to penetration testing (finding exploits).

(d) use the Services to perform cyber currency or crypto currency mining

Don't engage in any crypto activity mining.

In addition to other rights that we have in this Agreement and Your order, we have the right to take remedial action if the Acceptable Use Policy is violated, and such remedial action may include, without limitation, removing or disabling access to material that violates the policy

This is the last part, which basically says they will limit/delete/disable your instances if you break any of the above. Notice there is nothing about account termination here. That is in section 9 " TERM AND TERMINATION".

Here is point 3, from section 9.

We may suspend Your or Your Users’ access to, or use of, the Services if we believe that (a) there is a significant threat to the functionality, security, integrity, or availability of the Services or any content, data, or applications in the Services; (b) You or Your Users are accessing or using the Services to commit an illegal act; or (c) there is a violation of the Acceptable Use Policy.

It's here at point (c) that they mention terminating your account for breaking the AUP. But there is more here.

(a) there is a significant threat to the functionality, security, integrity, or availability of the Services or any content, data, or applications in the Services;

What I think this means is that:

if you somehow install some packages that could have vulnerabilities, you could get flagged and terminated

if someone is ddosing your server, again, terminated

(b) You or Your Users are accessing or using the Services to commit an illegal act

Point B seems straightforward but it's again quite broad.

Copying text, images from the web that you don't have a license to is illegal. Will they be able to detect it? Maybe not, but if someone does report you, they will investigate.

Hosting a VPN/Proxy for your or your friends? Are they accessing illegal content? Their IP (your server's ip) will be logged and maybe reported. Bam: terminated

There are a lot more scary use cases in this document, there are 19 total points. You should read it all if you care about your account. For example is section 3. "OWNERSHIP RIGHTS AND RESTRICTIONS".

There they talk about 3rd party content, data modifications by you or your users. It's scary. Third party content is defined in section 19 "Third Party Content":

means all software, data, text, images, audio, video, photographs and other content and material, in any format, that are obtained or derived from third party sources outside of Oracle that You may access through, within, or in conjunction with Your use of, the Services. Examples of Third Party Content include data feeds from social network services, rss feeds from blog posts, Oracle data marketplaces and libraries, dictionaries, and marketing data. Third Party Content includes third-party sourced materials accessed or obtained by Your use of the Services or any Oracle-provided tools.

By the way, this document " ORACLE CLOUD SERVICES AGREEMENT " applies to both paid and always free services. It applies to the whole of OCI.

I personally have had servers deleted, as how many others here too but fortunately my account was not terminated. I didn't notice at the time, but what they deleted was a Mail Server that was used in production, had cronjobs, apis, etc. It was public.

Other things you shouldn't do:

don't use it as backup for other servers, they don't like this.

don't setup cronjobs (recurring triggers) that happen too often or at the same exact time. make them execute randomly, not at an exact time. If you do do this, use it only for a week tops. That's what you would do if you wanted to test your setup, right? You are not using it for production.

don't do automated scraping of websites, or if you do, use proxies and again at random times.

don't run minecraft or other game servers. someone could just use the game chat to write some profanity, or do something racist. if someone reports it, your terminated.

Conclusion:

Yes, this is quite the paranoid guide but better safe than sorry. Legal documents are sometimes intentionally broad in order to cover extreme edge cases and always rule in the favor of the party creating the document, regardless if the offending action was in bad faith or not.

The Oracle Cloud Always Free Tier is an amazing offering but you shouldn't use it for production.

From the cloud services agreement, the Acceptable Use Policy is defined as:

1.3 You may not, and may not cause or permit others to: (a) use the Services to harass any person; cause damage or injury to any person or property; publish any material that is false, defamatory, harassing or obscene; violate privacy rights; promote bigotry, racism, hatred or harm; send unsolicited bulk e-mail, junk mail, spam or chain letters; infringe property rights; or otherwise violate applicable laws, ordinances or regulations; (b) perform or disclose any benchmarking or availability testing of the Services; (c) perform or disclose any performance or vulnerability testing of the Services without Oracle’s prior written approval, or perform or disclose network discovery, port and service identification, vulnerability scanning, password cracking or remote access testing of the Services; or (d) use the Services to perform cyber currency or crypto currency mining ((a) through (d) collectively, the “Acceptable Use Policy”). In addition to other rights that we have in this Agreement and Your order, we have the right to take remedial action if the Acceptable Use Policy is violated, and such remedial action may include, without limitation, removing or disabling access to material that violates the policy.