Updated on 2024-04-11 GMT+08:00

Concepts

  1. Administrator and target accounts

    Administrator account: A Huawei Cloud account used to create stack sets. For stack sets with service-managed permissions, use either the management account of the organization or a delegated administrator account as the administrator account. You can manage stack sets by logging in to the administrator account in which you creates them.

    Target account: An account used to create, update, or delete one or more stacks in a stack set. To use a stack set to create stacks in a target account, build a trust relationship between the administrator and target accounts first.

  2. Stack set permission models

    Self-managed permissions: When using this permissions model, create IAM roles required by stack sets for deployment across accounts and Huawei Cloud regions. These roles are indispensable for establishing a trust relationship between the account used to manage stack sets and the account to which you deploy stack instances. Self-managed permissions allow stack sets to be deployed to any Huawei Cloud account in which you have permissions to create IAM roles.

  3. Agency name

    Administration agency: RFS uses this agency to obtain permissions that a member account grants to a management account. This agency is created in an administrator account and must have the iam:tokens:assume permission to obtain the managed agency credential.

    Managed agency: RFS uses this agency to obtain permissions required for deploying resources. This agency is created in a target account. The agency type is account and the delegated account is the administrator account.