Help Center/ Identity and Access Management/ FAQs/ User Groups and Permissions Management/ How Do I Grant Cloud Service Permissions in the Cloud Alliance Regions to IAM Users?
Updated on 2024-04-25 GMT+08:00

How Do I Grant Cloud Service Permissions in the Cloud Alliance Regions to IAM Users?

Symptom

The administrator has enabled cloud services in the CN-Hong Kong, AP-Singapore, CN East-Shanghai1, LA-Sao Paulo1, LA-Mexico City1, LA-Mexico City2, AF-Johannesburg, or LA-Santiago cloud alliance region, and need to authorize IAM users to use cloud services in this region.

Users access cloud services in the cloud alliance region as virtual users authorized through federated authentication. They are not real users who exist in the cloud service system, and need to be authorized in the Huawei Cloud's default regions and the CN-Hong Kong, AP-Singapore, CN East-Shanghai1, LA-Sao Paulo1, LA-Mexico City1, LA-Mexico City2, AF-Johannesburg, or LA-Santiago cloud alliance region, respectively.

Prerequisites

  • You have created an IAM user in a default region of Huawei Cloud and added the user to a user group. For example, you have created IAM user User-001 and added them to user group UserGroup-001. For details, see Creating an IAM User and Adding Users to or Removing Users from a User Group.
  • If this is the first time to grant cloud service permissions for IAM users in the cloud alliance regions, you need to use an account rather than an IAM user with administrator permissions to perform authorization operations.

Procedure

  1. Log in to Huawei Cloud as an administrator, click on the console homepage, and select the CN-Hong Kong, AP-Singapore, CN East-Shanghai1, LA-Sao Paulo1, LA-Mexico City1, LA-Mexico City2, AF-Johannesburg, or LA-Santiago region.
  2. On the console, choose Management & Governance > Identity and Access Management.
  3. On the IAM console, choose User Groups from the navigation pane, and click Create User Group in the upper right corner to create a group with the same name (UserGroup-001).
  4. On the User Groups page, click Modify in the row that contains the user group created in 3.
  5. In the Group Permissions area, click Attach Policy in the row that contains the target region for user authorization, select desired permissions, and click OK.

    The permissions assigned to this group will also apply to IAM users in the user group in Huawei Cloud.

  6. Click OK to complete the authorization for IAM users in the CN-Hong Kong, AP-Singapore, CN East-Shanghai1, LA-Sao Paulo1, LA-Mexico City1, LA-Mexico City2, AF-Johannesburg, or LA-Santiago cloud alliance region.

After the authorization is complete, log in to the Huawei Cloud console as an IAM user. Select the CN-Hong Kong, AP-Singapore, CN East-Shanghai1, LA-Sao Paulo1, LA-Mexico City1, LA-Mexico City2, AF-Johannesburg, or LA-Santiago cloud alliance region and use cloud resources based on the assigned permissions.