Identity Authentication and Access Control

Identity Authentication

When you access GeminiDB, the system authenticates your identity using two authentication modes: password and IAM.

• Password authentication

  When you want to manage your instances on the GeminiDB console, you need to log in to the console first using your account name and password.

• IAM authentication

  You can use Identity and Access Management (IAM) to provide fine-grained control over GeminiDB permissions. IAM provides identity authentication, permissions management, and access control, helping you efficiently manage access to your Huawei Cloud resources. You can create IAM users and use them to manage GeminiDB resources. When you log in using an IAM user, password authentication is required. For details, see Step 2: Create IAM Users and Log In.

Access Control

• Permissions control

  If you need to assign different permissions to different employees in your enterprise to access your instance resources, IAM is a good choice. For details, see Permissions.

• VPCs and subnets

  A VPC is a logically isolated, configurable, and manageable virtual network. It helps improve the security of cloud resources and simplifies network deployment. You can define security groups, virtual private networks (VPNs), IP address ranges, and bandwidth for a VPC. This makes it easy for you to manage and configure private networks and improves network security.

  A subnet provides dedicated network resources that are logically isolated from other networks for security.

  For details, see Creating a VPC.

• Security groups

  A security group is a logical group. It provides access control policies for ECSs and GeminiDB instances that have the same security protection requirements and are mutually trusted. To ensure database security and reliability, you need to configure security group rules to allow specified IP addresses and ports to access your GeminiDB instances.

  For details, see Configuring Security Group Rules.