Help Center/
Well-Architected Framework/
Well-Architected Framework and Practices/
Security Pillar/
Infrastructure Security/
SEC03 Permission Management/
SEC03-04 Securely Sharing Resources
Updated on 2025-05-22 GMT+08:00
SEC03-04 Securely Sharing Resources
In large enterprises, resources often need to be securely shared across various organizational units, departments, and teams.
- Risk level
Medium
- Key strategies
- Large enterprises typically comprise multiple organizational units and accounts, necessitating resource sharing across these accounts. Secure resource sharing must adhere to the following practices:
- Use resource tags: Classify and label resources using tags to facilitate efficient management and policy application.
- Share resources only with trusted entities: Employ Service Control Policies (SCPs) to restrict account permissions within an organization, ensuring that resources are shared exclusively within the defined organizational boundaries.
- Establish specific service accounts for accessing shared resources.
- Related cloud services and tools
- Organizations
- Resource Access Manager (RAM): Provides secure cross-account resource sharing capabilities. If you manage multiple Huawei Cloud accounts, you can create resources once in a central account and use RAM to share these resources with other accounts, eliminating the need for redundant resource creation in each account.
Parent topic: SEC03 Permission Management
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
