Help Center> Identity and Access Management> User Guide> Agencies> Cloud Service Delegation
View PDF

Cloud Service Delegation

HUAWEI CLOUD services interwork with each other, and some cloud services are dependent on other services. To delegate a cloud service to access other services and perform resource O&M, create an agency for the service.

IAM provides two methods to create a cloud service agency:

  1. Creating a cloud service agency on the IAM console

    Take a Graph Engine Service (GES) agency as an example. The agency allows GES to call other cloud services, for example, to bind your EIP to the primary load balancer when a failover occurs.

    Figure 1 Cloud service delegation
  2. Automatically creating a cloud service agency to use certain resources

    The following takes Scalable File Service (SFS) as an example to describe the procedure for automatically creating a cloud service agency:

    1. Go to the SFS console.
    2. On the Create File System page, enable static data encryption.
    3. A dialog box is displayed requesting you to confirm the creation of an SFS agency. After you click OK, the system automatically creates an SFS agency with KMS CMKFullAccess permissions for the current project. With the agency, SFS can obtain KMS keys for encrypting or decrypting file systems.
    4. You can view the agency in the agency list on the IAM console.

Creating a Cloud Service Agency on the IAM Console

  1. Log in to the IAM console.
  2. On the IAM console, choose Agencies from the navigation pane, and click Create Agency.
  3. Enter an agency name.

    Figure 2 Cloud service agency name

  4. Select the Cloud service agency type, and then select a service.
  5. Select a validity period.
  6. (Optional) Enter a description for the agency to facilitate identification.
  7. Click Next.
  8. Select the permissions to be assigned to the agency, click Next, and specify the authorization scope.
  9. Click OK.

Related Operations

  • Modifying an agency

    To change the permissions of a cloud service agency, click Modify in the row containing the agency.

    • You can change the cloud service, validity period, description, and permissions of cloud service agencies, but you cannot change the agency name and type.
    • Modifying the permissions may affect the usage of certain functions of cloud services. Exercise caution when performing this operation.
  • Deleting an agency

    To delete an agency, click Delete in the row containing the agency and click Yes.

Parent topic: Agencies