What Is IAM?
Huawei Cloud Identity and Access Management (IAM) provides permissions management to help you securely control access to your cloud services and resources.
IAM is free of charge. You pay only for the cloud resources in your account.
The new IAM console is being rolled out progressively at the account level. If you do not yet have access to the new IAM console, you can enable the Organizations service and Resource Access Manager (RAM) service to start managing identity policy permissions on the new IAM console. This document is the new version of the IAM documentation corresponding to the new IAM console. Unless otherwise specified, the IAM console mentioned in this document refers to the new IAM console. For more information about the differences between the old and new consoles, see Differences Between the Old and New IAM Consoles.
Advantages
Fine-grained access control for Huawei Cloud resources
When you successfully sign up for Huawei Cloud, your account is automatically created. This account serves as the owner of resources and the entity responsible for billing usage. The account root user has full access permissions for your cloud services and resources and is able to access all Huawei Cloud services.
If you purchase multiple Huawei Cloud resources, such as Elastic Cloud Servers (ECSs), Elastic Volume Services (EVSs), and Bare Metal Servers (BMSs), for different teams or applications in your enterprise, you can use your account to create IAM users for the team members or applications and grant them permissions required to complete specific tasks. The IAM users use their own usernames and passwords to log in to Huawei Cloud IAM users enable fine-grained permission control when multiple users collaborate on the same account.
Cross-account resource access delegation
If you purchase multiple Huawei Cloud resources, you can delegate another account to manage some of your resources for efficient O&M.
For example, if you want a professional managed service provider (MSP) to help you manage resources, you can use the trust agency function of IAM to delegate the resources to the MSP. You can modify or cancel the trust agency anytime. In the following figure, account A is the delegating party, and account B is the delegated party.
Access Methods
You can access IAM using either of the following methods:
- Management console
Access IAM through the management console ─ a browser-based visual interface. For details, see Accessing the IAM Console.
- REST APIs
Access IAM using REST APIs in a programmable way. For details, see API Reference.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
