- What's New
- Service Overview
- User Guide
- Template Reference
-
API Reference
- Before You Start
-
API
- Calling APIs
-
Stacks
- Listing Events of a Stack
- Obtaining Stack Metadata
- Listing Stacks
- Creating a Stack
- Obtaining a Stack Template
- Listing Stack Resources
- Listing Stack Outputs
- Continuing to Deploy a Stack
- Deploying a Stack
- Deleting a Stack
- Updating a Stack
- Deleting a Stack with Conditions
- Continuing to Roll Back a Stack
- Execution Plans
- Template Analysis
- Template Management
-
Stack Sets
- Listing Stack Sets
- Creating a Stack Set
- Obtaining a Stack Set Template
- Listing Stack Set Operations
- Obtaining Metadata of a Stack Set
- Listing Stack Instances
- Creating Stack Instances
- Deleting Stack Instance Deprecated
- Updating Stack Instances
- Deleting Stack Instances
- Deploying a Stack Set
- Deleting a Stack Set
- Updating a Stack Set
- Obtaining Metadata of a Stack Set Operation
- Obtaining a Stack Instance
- Customized Providers
- Resource Formation - Hook
- Resource Formation - Module Management
- Permissions and Supported Actions
- Appendix
- Change History
- FAQs
- Videos
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- Stack Management
- CTS
-
Template Reference
- Template Introduction
-
List of Elements
- Resource Indexes
- AOS.Stack
- CCE.Addon.AutoScaler
- CCE.Cluster
- CCE.HelmRelease
- CCE.NodePool
- CCE.Pod
- CCE.Storage.OBS
- CCE.Storage.SFS
- DCS.Redis
- ECS.CloudServer
- ECS.KeyPair
- NAT.Instance
- NAT.SNatRule
- OBS.Bucket
- RDS.MySQL
- SFS.FileSystem
- ULB.Healthmonitor
- ULB.Listener
- ULB.LoadBalancer
- ULB.Member
- ULB.Pool
- VPC.EIP
- VPC.SecurityGroup
- VPC.SecurityGroupRule
- VPC.Subnet
- VPC.VPC
-
Data Structure
- AOS.BatchItem
- Basic.KeyValuePair
- Basic.Label
- Basic.LabelSelector
- Basic.NameAndSecretValue
- Basic.NameKeyPair
- Basic.NameValuePair
- CCE.Addon.AutoScaler.Node
- CCE.DataVolume
- CCE.HelmChart
- CCE.Labels
- CCE.NodePool
- CCE.PublicIP
- DCS.InstanceBackupPolicy
- DCS.PeriodicalBackupPlan
- ECS.DataVolume
- ECS.EIP
- ECS.ExtendParam
- ECS.MountedVolumes
- ECS.NICS
- ECS.Personality
- ECS.PublicIP
- ECS.RootVolume
- ECS.SecurityGroup
- ECS.ServerTags
- ECS.VolumeExtendParam
- K8S.PodSecurityContext
- K8S.SecurityContext.SeLinuxOptions
- MySQL.DBUser
- MySQL.DataBase
- MySQL.DataStore
- RDS.BackupStrategy
- RDS.HA.Mysql
- RDS.Volume
- ULB.StickySession
- VPC.BandWidth
- VPC.PublicIP
- Appendix
- FAQs
- Change History
-
API Reference (ME-Abu Dhabi Region)
- Before You Start
- API Overview
- Calling APIs
-
API
- Creating a Template
- Querying a Template List
- Updating a Template
- Deleting a Template
- Downloading a Template
- Querying a Template
- Querying the Input Parameters of a Template
- Creating a Stack
- Deleting a Stack
- Executing a Stack Lifecycle
- Querying a Stack List
- Querying a Stack
- Querying a Stack Element List
- Querying a Stack Element
- Querying a Stack Output
- Querying Stack Input
- Querying the Execution Record of a Stack
- Querying a Stack Execution Record List
- Appendix
- Change History
-
API Reference (Kuala Lumpur Region)
- Before You Start
-
API
- Calling APIs
-
Stacks
- Listing Events of a Stack
- Obtaining Stack Metadata
- Listing Stacks
- Creating a Stack
- Obtaining a Stack Template
- Listing Stack Resources
- Listing Stack Outputs
- Continuing to Deploy a Stack
- Deploying a Stack
- Deleting a Stack
- Updating a Stack
- Deleting a Stack with Conditions
- Continuing to Roll Back a Stack
- Execution Plans
- Template Analysis
- Template Management
-
Stack Sets
- Listing Stack Sets
- Creating a Stack Set
- Obtaining a Stack Set Template
- Listing Stack Set Operations
- Obtaining Metadata of a Stack Set
- Listing Stack Instances
- Creating Stack Instances
- Deleting Stack Instance Deprecated
- Updating Stack Instances
- Deploying a Stack Set
- Deleting Stack Instances
- Deleting a Stack Set
- Updating a Stack Set
- Obtaining Metadata of a Stack Set Operation
- Obtaining a Stack Instance
- Appendix
- Change History
- User Guide (Kuala Lumpur Region)
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Show all
Copied.
IAM Agency
By creating an agency, you can share your resources with another account, or delegate an individual or team to manage your resources. You do not need to share your security credentials (the password and access keys) with the delegated party. Instead, the delegated party can log in with its own account credentials and then switches the role to your account and manage your resources.
With RFS, you can create a stack to bind an agency with a provider and update the binding relationship by updating the stack.
RFS uses an agency only in resource operation requests, such as creating a stack (triggering deployment), creating an execution plan, deploying a stack, and deleting a stack. The agency applies only to resource operations performed by the bound provider. If the permissions provided by the agency are insufficient, resource operations may fail.
Procedure
- Log in to the IAM console.
- On the IAM console, choose Agencies from the navigation pane on the left, and click Create Agency in the upper right corner.
Figure 1 Creating an agency
- Enter an agency name.
- Click Next. The Authorize Agency page is displayed. You can grant permissions to the agency on this page.
Figure 3 Agency authorization
- Filter specific permissions and grant them to the agency.
Figure 4 Selecting policies
You can determine the permissions to be granted to an agency. Huawei Cloud best practices do not advise you to automatically create agencies with the Tenant Administrator permission for users. The best practice is to grant management permissions (including read and write operations) to resources that may be used in a stack.
- Set the authorization scope. You can select All resources or Region-specific projects.
Figure 5 Authorization scope
- Click OK. The agency is created.
Figure 6
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot