What Is IAM?
Huawei Cloud Identity and Access Management (IAM) provides permissions management to help you securely control access to your cloud services and resources.
IAM is free of charge. You pay only for the cloud resources in your account.
Advantages
Fine-grained access control for Huawei Cloud resources
When you successfully register with Huawei Cloud, your account is automatically created. Your account owns resources and pays for the use of these resources. Your account has full access permissions for your cloud services and resources.
If you purchase multiple Huawei Cloud resources, such as Elastic Cloud Servers (ECSs), Elastic Volume Services (EVSs), and Bare Metal Servers (BMSs), for different teams or applications in your enterprise, you can use your account to create IAM users for the team members or applications and grant them permissions required to complete specific tasks. The IAM users use their own usernames and passwords to log in to Huawei Cloud and access resources in your account.
In addition to IAM, you can use Enterprise Management to control access to cloud resources. Enterprise Management supports more fine-grained permissions management and enterprise project management. You can choose either IAM or Enterprise Management to suit your requirements. For details, see What Are the Differences Between IAM and Enterprise Management?
Cross-account resource access delegation
If you purchase multiple Huawei Cloud resources, you can delegate another account to manage some of your resources for efficient O&M.
For example, you can create an agency for a professional O&M company to enable the company to manage specific resources with the company's own account. If the delegation changes, you can modify or revoke the delegated permissions at any time. In the following figure, account A is the delegating party, and account B is the delegated party.
Federated access to Huawei Cloud with existing enterprise accounts (identity federation)
If your enterprise has an identity system, you can create an identity provider (IdP) in IAM to provide single sign-on (SSO) access to Huawei Cloud for employees in your enterprise. The identity provider establishes a trust relationship between your enterprise and Huawei Cloud, allowing the employees to access Huawei Cloud using their existing accounts.
Access Methods
You can access IAM using either of the following methods:
- Management console
Access IAM through the management console ─ a browser-based visual interface. For details, see Accessing the IAM Console.
- REST APIs
Access IAM using REST APIs in a programmable way. For details, see API Reference.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
