Help Center> Identity and Access Management> User Guide (Kuala Lumpur Region)> User Guide> Account Security Settings> Critical Operation Protection
Updated on 2022-08-18 GMT+08:00
View PDF

Critical Operation Protection

Only an administrator can configure critical operation protection, and IAM users can only view the configurations. If an IAM user needs to modify the configurations, the user can request the administrator to perform the modification or grant the required permissions.

Federated users do not need to verify their identity when performing critical operations.

Login Protection

After login protection is enabled, you and IAM users created using your account will need to enter a verification code in addition to the username and password during login. Enable this function for account security.

For the account, only the account administrator can enable login protection for it. For IAM users, both the account administrator and other administrators can enable this feature for the users.

  • (Administrator) Enabling login protection for an IAM user

    To enable login protection for an IAM user, go to the Users page and choose More > Security Settings in the row that contains the IAM user. In the Login Protection area on the displayed Security Settings tab, click next to Verification Method, and select a verification method from SMS, email, or virtual MFA device.

  • Enabling login protection for your account

    To enable login protection, click the Critical Operations tab on the Account Security Settings page, click Enable next to Login Protection, select a verification method, enter the verification code, and click OK.

Operation Protection

  • Enabling operation protection

    After operation protection is enabled, you and IAM users created using your account need to enter a verification code when performing a critical operation, such as deleting an ECS. This function is enabled by default. To ensure resource security, keep it enabled.

    The verification is valid for 15 minutes and you don't need to be verified again when performing critical operations within the validity period.

  1. Go to the Account Security Settings page.
  2. Click the Critical Operations tab on the Account Security Settings page, click Enable next to Operation Protection, select Enable, and click OK.
  3. Select Enable.

    • Self-verification: You or IAM users themselves perform verification when performing a critical operation.
    • Verification by another person: The specified person completes verification when you or IAM users perform a critical operation. Only SMS and email verification are supported.

  4. Click OK.
  • Disabling operation protection

If operation protection is disabled, you and IAM users created using your account do not need to enter a verification code when performing a critical operation.

  1. Go to the Account Security Settings page.
  2. Click the Critical Operations tab on the Account Security Settings page, and click Change in the Operation Protection row.
  3. Select Disable and click OK.
  4. Enter a verification code.
  5. Click OK.
  • Each cloud service defines its own critical operations.
  • When IAM users created using your account perform a critical operation, they will be prompted to choose a verification method from email, SMS, and virtual MFA device.
    • If a user is only associated with a mobile number, only SMS verification is available.
    • If a user is only associated with an email address, only email verification is available.
    • If a user is not associated with an email address, mobile number, or virtual MFA device, the user will need to associate at least one of them before the user can perform any critical operations.
  • Email or SMS verification codes may not be received due to communication errors. You are advised to use a virtual MFA device.
  • If operation protection is enabled, IAM users need to enter a verification code when performing a critical operation. The verification code is sent to the mobile number or email address bound to the IAM users.