What Is IAM?
Identity and Access Management (IAM) is a basic service of HUAWEI CLOUD that provides permissions management to help you securely control access to your cloud services and resources.
IAM is free of charge. You pay only for the cloud resources in your account.
Fine-grained access control for HUAWEI CLOUD resources
An account is created after you successfully register with HUAWEI CLOUD. Your account has full access permissions for your cloud services and resources and makes payments for the use of these resources.
If you purchase multiple resources on HUAWEI CLOUD, such as Elastic Cloud Servers (ECSs), Elastic Volume Services (EVSs), and Bare Metal Servers (BMSs), for different teams or applications in your enterprise, you can create IAM users for the team members or applications and grant them permissions required to complete tasks. The IAM users use their own usernames and passwords to log in to HUAWEI CLOUD and access resources in your account.
In addition to IAM, you can use Enterprise Management to control access to cloud resources. Enterprise Management supports more fine-grained permissions management and enterprise project management. You can choose either IAM or Enterprise Management to suit your requirements. For details, see What Are the Differences Between IAM and Enterprise Management?
Cross-account resource access delegation
If you purchase multiple resources on HUAWEI CLOUD, you can delegate another account to manage specific resources for efficient O&M.
For example, you create an agency for a professional O&M company to manage specific resources with the company's own account. You can cancel or modify the delegated permissions at any time if the delegation changes. In the following figure, account A is the delegating party, and account B is the delegated party.
Federated access to HUAWEI CLOUD with existing enterprise accounts
If your enterprise has an identity system, you can create an identity provider in IAM to provide single sign-on (SSO) access to HUAWEI CLOUD for employees in your enterprise. The identity provider establishes a trust relationship between your enterprise and HUAWEI CLOUD, allowing the employees to access HUAWEI CLOUD using their existing accounts.
You can access IAM using either of the following methods:
- Management console
Access IAM through the management console ─ a browser-based visual interface. For details, see Accessing the IAM Console.
- REST APIs
Access IAM using REST APIs in a programmable way. For details, see API Reference.
Was this page helpful?Provide feedback
For any further questions, feel free to contact us through the chatbot.Chatbot