Updated on 2024-11-26 GMT+08:00

SCM Authorization

If your certificate has been uploaded to Cloud Certificate Manager (CCM) of Huawei Cloud, you can enable SCM authorization so that you can directly obtain the certificate content when configuring certificates on CDN.

Constraints

  1. IAM users can enable SCM authorization only when they have the following permissions.

    Associated Cloud Service

    Permission

    IAM

    • iam:roles:listRoles
    • iam:roles:createRole
    • iam:agencies:listAgencies
    • iam:agencies:createAgency
    • iam:permissions:grantRoleToAgencyOnDomain

    CDN

    • cdn:configuration:modifyChargeMode
    • CDN ReadOnlyAccess

    SCM

    scm:cert:list

  2. After creating an agency, IAM users can configure certificates for domain names when they have the following permissions.
    • cdn:configuration:modifyHttpsConf
    • cdn:configuration:modifyOriginConfInfo

Enabling SCM Authorization

  1. Log in to Huawei Cloud console. Choose Service List > Content Delivery & Edge Computing > Content Delivery Network.

    The CDN console is displayed.

  2. In the navigation pane, choose Domains.
  3. In the upper right corner of the page, click Enable SCM Authorization.
    Figure 1 Cloud resource authorization
  4. Click OK. The system creates an agency named CDNAccessScm for you on the IAM console. CDN now has the permission to list your SCM certificates and export certificate details.
    • Do not delete this agency. Otherwise, CDN cannot obtain certificate content when you configure an HTTPS certificate.