- What's New
- Service Overview
- Getting Started
-
User Guide
- Permissions Management
- Managing Organizations
- Managing OUs
- Managing Accounts
-
Managing SCPs
- Overview of an SCP
- Enabling or Disabling the SCP Type
- Creating an SCP
- Modifying or Deleting an SCP
- Attaching or Detaching an SCP
- Example SCPs
- System-defined SCPs
- Cloud Services for Using SCPs
- Regions for Using SCPs
-
Actions Supported by SCP-based Authorization
- Compute
- Storage
- Networking
- Containers
- Analytics
- Content Delivery & Edge Computing
- Databases
- Security & Compliance
- Internet of Things
- Middleware
- Developer Services
- Business Applications
-
Management & Governance
- Simple Message Notification (SMN)
- Log Tank Service (LTS)
- Identity and Access Management (IAM)
- Security Token Service (STS)
- Resource Formation Service (RFS)
- IAM Identity Center
- Organizations
- Resource Access Manager (RAM)
- Enterprise Project Management Service (EPS)
- Tag Management Service (TMS)
- Config
- IAM Access Analyzer
- Cloud Trace Service (CTS)
- Resource Governance Center (RGC)
- Application Operations Management (AOM)
- Cloud Eye (CES)
- IAM Identity Broker
- User Support
- Migration
- Managing Tag Policies
- Managing Trusted Services
- Managing Tags
- CTS Auditing
- Adjusting Quotas
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
APIs
- Managing Organizations
- Managing OUs
-
Managing Accounts
- Creating an Account
- Listing Accounts in an Organization
- Closing an Account
- Getting Account Information
- Updating an Account
- Removing the Specified Account
- Moving an Account
- Inviting an Account to Join an Organization
- Querying Account Creation Requests in Specified State
- Querying Account Creation Status
- Querying CloseAccount Requests in Specified State
- Managing Invitations
- Managing Trusted Services
- Managing Delegated Administrators
- Managing Policies
-
Managing Tags
- Listing Tags for the Specified Resource
- Adding Tags to the Specified Resource
- Removing Tags from the Specified Resource
- Listing Tags for the Specified Resource Type
- Adding Tags to the Specified Resource Type
- Deleting Tags with the Specified Key from the Specified Resource Type
- Querying Resource Instances by Resource Type and Tag
- Querying Number of Resource Instances by Resource Type and Tag
- Querying Resource Tags
- Others
- Permissions and Supported Actions
- Appendixes
- Change History
- FAQs
- General Reference
Copied.
Enabling Trusted Services to Provide Organization-wide Capabilities
Scenarios
A trusted service is a Huawei Cloud service that is entrusted by Organizations to provide organization-wide capabilities. The management account can enable a cloud service as a trusted service with Organizations. Each trusted service has access to the information about the OUs and member accounts in your organization and also can manage the entire organization.
The following uses Config as an example to describe how to use a trusted service, including how to enable trusted access and create an organization compliance rule of Last Login Check.
Procedure
Step |
Description |
---|---|
|
|
Enable trusted access for Config. |
|
Use organization-wide capabilities to create organization rules in Config. |
Preparations
- Create an organization and add multiple member accounts to the organization. For details, see Using Organizations to Manage Multiple Accounts.
- Enable the resource recorder so that the organization rule to be created can apply to the resources collected by the resource recorder.
- Top up your account.
Organizations is a free service. You will not be billed for using Organizations-related functions.
Ensure that your account balance is sufficient. If your account is frozen due to arrears, you cannot perform any write operations on the Organizations console. For details about how to top up your account, see Topping Up an Account.
Step 1: Enable Trusted Access
- Log in to the management console as the organization administrator or using the management account, and navigate to the Organizations console.
- In the navigation pane, choose Services.
- On the Services page, locate Config and click Enable Access in the Operation column.
- Click OK in the displayed dialog box.
Step 2: Create Organization Rules
As Config is now a trusted service with Organizations, you can use organization-wide capabilities in Config. This step provides an example of how to use Config to create organization rules.
The following example only focuses on key parameter settings. You can retain the default values of other parameters. For details about Config organization rules, see Organization Rules.
- Log in to the management console as an organization administrator or the delegated administrator of Config.
- Click
in the upper left corner. In the service list, choose Management & Governance > Config.
- In the navigation pane, choose Resource Compliance.
- Under Organization Rules, click Add Rule.
- On the Basic Configurations page, select the iam-user-last-login-check policy and click Next.
- On the Configure Rule Parameters page, retain the default value Organization for Destination, and click Next.
- On the Confirm page, review and confirm the rule parameter settings, and click Submit.
NOTE:
The organization rule you created will appear in the rule list of every member account in the organization. The rule name will have the prefix "Org-".
Only the account that created the rule can modify and delete it. The member accounts can evaluate the rule, view the result, and access the details.
Follow-up Operations
For more information about trusted services integrable with Organizations and how to specify a delegated administrator, see Managing Trusted Services.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot