Agency Authentication
By creating an agency, you can delegate another account to manage your resources based on assigned permissions. After a trust relationship is established, the delegated party can use the delegating account name (cli-agency-domain-name)/ID (cli-agency-domain-id), agency name (cli-agency-name), and the delegated party's authentication information (token or AK/SK) to get authenticated when calling APIs to manage and use resources of the delegating party.
To use this authentication mode, the delegating party must create an agency for the delegated party. If you are the delegating party, create an agency on the IAM console by referring to Account Delegation. If you are the delegated party, only you and users in the admin group can manage the delegated resources. To assign a common IAM user to manage the resources, authorize the user by referring to Assigning Permissions to an IAM User (by a Delegated Party).
As the delegated party, when calling APIs to manage and use the cloud services and resources of the delegating party, use an AK/SK (access key or temporary security credentials) or a token for authentication.
- AK/SK (delegated party's) authentication
- Access key (permanent AK/SK)
hcloud ECS NovaListServers --cli-region="eu-west-101" --project_id="4ff018c3******************f31948" --cli-agency-domain-id=13534326******************5cf67b --cli-agency-name=****** --cli-access-key=8NVT************KIOV --cli-secret-key=VHMQjoC**************************lsk3cGf
- Temporary security credentials (temporary AK/SK and SecurityToken)
hcloud ECS NovaListServers --cli-region="eu-west-101" --project_id="4ff018c3******************f31948" --cli-agency-domain-id=13534326******************5cf67b --cli-agency-name=****** --cli-access-key=5FSU************607T --cli-secret-key=VoyjgLh**************************qRc8pSq --cli-security-token=******
- Access key (permanent AK/SK)
- Token (cli-x-auth-token) authentication
hcloud ECS NovaListServers --cli-region="eu-west-101" --project_id="4ff018c3******************f31948" --cli-agency-domain-id=13534326******************5cf67b --cli-agency-name=****** --cli-x-auth-token=******
- Account (cli-username, cli-password, and cli-domain) authentication
hcloud ECS NovaListServers --cli-region="eu-west-101" --project_id="4ff018c3******************f31948" --cli-agency-domain-name=q******2 --cli-agency-name=****** --cli-username=s******1 --cli-password=****** --cli-domain=s******1
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.