Updated on 2022-07-05 GMT+08:00

What Is IAM?

Identity and Access Management (IAM) is a basic service of HUAWEI CLOUD that provides permissions management to help you securely control access to your cloud services and resources.

IAM is free of charge. You pay only for the cloud resources in your account.

Advantages

Fine-grained access control for HUAWEI CLOUD resources

An account is created after you successfully register with HUAWEI CLOUD. Your account has full access permissions for your cloud services and resources and makes payments for the use of these resources.

If you purchase multiple resources on HUAWEI CLOUD, such as Elastic Cloud Servers (ECSs), Elastic Volume Services (EVSs), and Bare Metal Servers (BMSs), for different teams or applications in your enterprise, you can create IAM users for the team members or applications and grant them permissions required to complete tasks. The IAM users use their own usernames and passwords to log in to HUAWEI CLOUD and access resources in your account.

In addition to IAM, you can use Enterprise Management to control access to cloud resources. Enterprise Management supports more fine-grained permissions management and enterprise project management. You can choose either IAM or Enterprise Management to suit your requirements. For details, see What Are the Differences Between IAM and Enterprise Management?

Cross-account resource access delegation

If you purchase multiple resources on HUAWEI CLOUD, you can delegate another account to manage specific resources for efficient O&M.

For example, you create an agency for a professional O&M company to manage specific resources with the company's own account. You can cancel or modify the delegated permissions at any time if the delegation changes. In the following figure, account A is the delegating party, and account B is the delegated party.

Federated access to HUAWEI CLOUD with existing enterprise accounts

If your enterprise has an identity system, you can create an identity provider in IAM to provide single sign-on (SSO) access to HUAWEI CLOUD for employees in your enterprise. The identity provider establishes a trust relationship between your enterprise and HUAWEI CLOUD, allowing the employees to access HUAWEI CLOUD using their existing accounts.

Access Methods

You can access IAM using either of the following methods:

  • Management console

    Access IAM through the management console ─ a browser-based visual interface. For details, see Accessing the IAM Console.

  • REST APIs

    Access IAM using REST APIs in a programmable way. For details, see API Reference.