Concepts
- Administrator and target accounts
Administrator account: A Huawei Cloud account used to create stack sets. For stack sets with service-managed permissions, use either the management account of the organization or a delegated administrator account as the administrator account. You can manage stack sets by logging in to the administrator account in which you creates them.
Target account: An account used to create, update, or delete one or more stacks in a stack set. To use a stack set to create stacks in a target account, build a trust relationship between the administrator and target accounts first.
- Stack set permission models
Self-managed permissions: When using this permissions model, create IAM roles required by stack sets for deployment across accounts and Huawei Cloud regions. These roles are indispensable for establishing a trust relationship between the account used to manage stack sets and the account to which you deploy stack instances. Self-managed permissions allow stack sets to be deployed to any Huawei Cloud account in which you have permissions to create IAM roles.
- Agency name
Administration agency: RFS uses this agency to obtain permissions that a member account grants to a management account. This agency is created in an administrator account and must have the iam:tokens:assume permission to obtain the managed agency credential.
Managed agency: RFS uses this agency to obtain permissions required for deploying resources. This agency is created in a target account. The agency type is account and the delegated account is the administrator account.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
