Identity Authentication and Access Control

Identity Authentication

You can use Identity and Access Management (IAM) to control access to your Direct Connect resources. IAM permissions define which actions on your cloud resources are allowed or denied. After creating an IAM user, the administrator needs to add it to a user group and grant the permissions required by Direct Connect to the user group. Then, all users in this group automatically inherit the granted permissions.

For details, see Permissions.

Access Control

A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted within a VPC. After a security group is created, you can create various access rules for the security group, and these rules will apply to all cloud resources added to this security group.

Your account automatically comes with a default security group. The default security group allows all outbound traffic, denies all inbound traffic, and allows all traffic between cloud resources in the group. Your cloud resources in this security group can communicate with each other already without adding additional rules. For details about the default security group rules, see Default Security Groups and Security Group Rules.

In addition, Huawei Cloud allows you to manage security groups and security group rules, including

• Creating, viewing, deleting, modifying, cloning, and adding security groups
• Adding, copying, modifying, deleting, importing, and exporting security group rules
• Quickly adding multiple security group rules
• Viewing and changing security groups of ECSs
• Adding cloud resources to or removing cloud resources from security groups

You can define access control rules for a security group. Then ECSs that will be added to this security group will be protected. For details, see Security Group.