Identity Authentication and Access Control

Identity Authentication

Identity and Access Management (IAM) enables you to easily manage users and control their access to Huawei Cloud services and resources.

You can use IAM to control access to your VPC resources. IAM permissions define which actions on your cloud resources are allowed or denied.

After creating an IAM user, the administrator needs to add it to a user group and grant the permissions required by VPC to the user group. Then, all users in this group automatically inherit the granted permissions.

• IAM Functions
• Permissions

Access Control

• Security Groups

  A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted within a VPC. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group.

  You can create and delete security groups, add, replicate, modify, delete, import or export security group rules, view or change the security group of an ECS, and add ECSs to or remove them from a security group.

  You can define access rules for a security group. Then these rules will apply to all cloud resources added to this security group.

  For details, see Security Group Overview.

• Network ACLs

  A network ACL is an optional layer of security for your subnets. You can associate one or more subnets with a network ACL to control traffic in and out of the subnets.

  You can create, view, modify, delete, enable, disable network ACLs, associate subnets with or disassociate them from network ACLs, add, modify, change the sequence of, enable, disable, and delete network ACL rules.

  You can define network ACL rules to control traffic in and out of the subnets.

  For details, see Network ACL Overview.