Agency
Description
- Agency
Huawei Cloud servicesServices on the cloud platform interwork with each other, and some cloud services are dependent on other services. To delegate a cloud service to access other services and perform resource O&M, create an agency for the service.
IAM provides two methods to create a trust agency:
- Manually creating a cloud service agency on the IAM console
- Automatically creating a cloud service agency to use certain resources
- ECS agency example
Figure 1 shows the process flow of how applications on the ECS use the temporary AK/SK to access the database service:
- Applications communicate with the ECS metadata service. The ECS metadata service obtains the temporary AK/SK from IAM and returns them to the applications.
- The applications send the temporary AK/SK to the database service. The database service checks the validity of the AK/SK and allows access only after the verification is successful.
To enable the ECS to obtain the temporary AK/SK of an agency, do as follows:
- Create a cloud service agency with permissions delegated to ECS.
On the IAM console, create an agency for the cloud service ECS. Then configure the permissions and scope for the agency.
- Associate the agency with the ECS.
On the ECS console, associate the created agency with the ECS. Only one agency can be configured for an ECS.
- Obtain the temporary AK/SK of the agency.
After the association is successful, the ECS obtains the permissions assigned to the agency. Applications on the ECS can obtain the temporary AK/SK of the agency and communicate with Huawei Cloud services based on the assigned permissions in the authorized scope.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
