Creating a User and Authorizing the User to Use Huawei Cloud Astro Zero
Use IAM to implement fine-grained permissions control for your Huawei Cloud Astro Zero resources. With IAM, you can:
- Create IAM users for employees. In this way, each IAM user has a unique security credential to use Huawei Cloud Astro Zero resources.
- Grant only the permissions required for users to perform a specific task.
- Entrust a Huawei account or cloud service to perform efficient O&M on your Huawei Cloud Astro Zero resources.
Scenario
An account is created after you sign up for Huawei Cloud. Your account has full access permissions for your resources and you can make payments for the use of these resources. For security purposes, create an IAM user and grant the user with the Astro Zero Instance ManageAccess and Astro Zero IAM User QueryAccess system policies. With these policies, the IAM user can purchase Huawei Cloud Astro Zero instances, or add other IAM users under the same account to Huawei Cloud Astro Zero and grant them the administrator or developer permissions.

Prerequisites
Before assigning permissions to a user group, learn about the system policies, for details, see Permissions Management. For the permissions of other services, see System-defined Permissions.
Creating an IAM User and Granting Permissions
IAM users with the Astro Zero Instance ManageAccess and Astro Zero IAM User QueryAccess permissions can purchase instances and add other IAM users of the same Huawei Cloud account to Huawei Cloud Astro Zero. If the IAM user only needs to create instances and does not need to add other users to Huawei Cloud Astro Zero, only the Astro Zero Instance ManageAccess permission needs to be assigned to the user group. For details about the system policies, see Permissions Management.
- Log in to the IAM console.
- Create a user group and grant permissions to it.
- Choose User Groups and click Create User Group.
- Enter the user group name and click OK.
- In the user group list, click Authorize next to the created user group.
- Select the Astro Zero Instance ManageAccess and Astro Zero IAM User QueryAccess system policies and click Next.
Figure 2 Granting required permissions to a user group
- Select the authorization scope and click OK.
Figure 3 Assigning permissions to the user group to which an IAM user belongs (Setting the min. authorization scope)
- Create an IAM user and add the user to a user group.
- Choose User Groups and click Create User Group.
- Configure basic user information and click Next.
For details about the parameters, see Creating an IAM User.
- Select the user group created in 2 and click Create User.
- Use the IAM user added in 3 to log in to Huawei Cloud Astro Zero and apply for a free instance or purchase a commercial instance.
- Log in to the Huawei Cloud Astro Zero console using an IAM account.
Figure 4 Logging in as an IAM user
- Apply for a free instance or purchase a commercial instance of Huawei Cloud Astro Zero by referring to the operations in Applying for Free Trial and Purchasing Commercial Instances.
- Log in to the Huawei Cloud Astro Zero console using an IAM account.
Adding Other IAM Users Under the Same Account to Huawei Cloud Astro Zero and Granting the System Administrator Permissions to Them
Ensure that the IAM user to be added has the Astro Zero IAM User QueryAccess and Astro Zero Instance ViewAccess permissions. Astro Zero Instance ViewAccess allows users to view Huawei Cloud Astro Zero instances. Astro Zero IAM User QueryAccess allows users to view the IAM users to be added. For details about the system policies, see Permissions Management.
- Log in to the Huawei Cloud Astro Zero console as the IAM user created in Creating an IAM User and Granting Permissions.
- On the Huawei Cloud Astro Zero console, click Access Homepage. The application development page is displayed.
- Click
in the upper left corner of the page and choose Environments > Environment Configuration.
- In the navigation pane, choose User Security > Users and click Add IAM User.
- On the Add IAM User page, select the target user and click Next Step.
- Select System Administrator Profile to add the system administrator permission to the IAM user.
System Administrator Profile grants users full permissions.
Figure 5 Selecting System Administrator Profile - Click the save button and return to the user list page.
The added IAM user is displayed in the user list, and its profile is System Administrator Profile.
Figure 6 Viewing the added user
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot