After adding a public subnet in a VCN, to allow VM build executors access the resources and services (such as a VM-based Database) running in the VCN's private subnet, configure the private subnet's security rules to allow incoming traffic from the public subnet used by VM executors.

1. Sign in to Oracle Cloud Console.
2. In the upper-left corner, click Navigation Menu .
3. Select Networking and select Virtual Cloud Networks.
4. On the Virtual Cloud Networks page, click the VCN.
5. Under Resources, click Security Lists, and then click the private subnet's security list.
6. Click Add Ingress Rules.
   If you want to modify an existing rule, click the Actions icon (three dots), and then select Edit.
7. In Source Type, select CIDR.
8. In Source CIDR, enter the VM executor's public subnet's CIDR range.
9. In Destination Port Range, enter the service's port number.
10. (Optional) In Description, add a description.
11. Click Add Ingress Rules.
12. If required, repeat steps 6-11 for each service's port.