Help Center/ Relational Database Service/ Service Overview/ Security/ Identity Authentication and Access Control
Updated on 2024-12-20 GMT+08:00

Identity Authentication and Access Control

Identity Authentication

When you access RDS, the system authenticates your identity using a password or IAM.

  • Password verification

    To manage your instance, you need to use Data Admin Service (DAS) to log in to your instance. The login is successful only after your account and password are verified.

  • IAM verification

    You can use Identity and Access Management (IAM) to provide fine-grained control over RDS permissions. IAM provides identity authentication, permissions management, and access control, helping you efficiently manage access to your Huawei Cloud resources. IAM users can use RDS resources only after their accounts and passwords are verified. For details, see Step 2: Create IAM Users and Log In.

Access Control

  • Permissions control

    If you need to assign different permissions to different employees in your enterprise to access your instance resources, IAM is a good choice. For details, see Permissions.

  • VPCs and subnets

    A VPC is a logically isolated, configurable, and manageable virtual network. It helps improve the security of cloud resources and simplifies network deployment. You can define security groups, virtual private networks (VPNs), IP address segments, and bandwidth for a VPC. This facilitates internal network configuration and management and allows you to change your network in a secure and convenient manner.

    A subnet provides dedicated network resources that are logically isolated from other networks for security.

    For details, see Creating a VPC.

  • Security groups

    A security group is a logical group that provides access control policies for the ECSs and RDS instances that have the same security protection requirements and are mutually trusted within a VPC. To ensure database security and reliability, you need to configure security group rules to allow only specific IP addresses and ports to access your RDS instances.

    For details, see Configuring a Security Group Rule.