Help Center> Content Delivery Network> User Guide> Domain Name Settings> OBS Authorization
Updated on 2024-02-18 GMT+08:00
View PDF

OBS Authorization

If you configure a Huawei Cloud OBS private bucket as the origin server, enable OBS authorization so that CDN can pull content from your private bucket.

Procedure

  1. Log in to Huawei Cloud console. Choose Service List > Content Delivery & Edge Computing > Content Delivery Network.

    The CDN console is displayed.

  2. In the navigation pane, choose Domains.
  3. In the upper right corner of the Domains page, click Enable OBS Authorization.

  1. Click Authorize. The system creates an agency named CDNAccessPrivateOBS for you on the IAM console. CDN now has the read-only permission to access your private OBS buckets.
    • Do not delete the CDNAccessPrivateOBS agency. Otherwise, CDN cannot pull resources from OBS private buckets.

If files in your OBS bucket are encrypted using KMS, assign the KMS Administrator permissions to the CDNAccessPrivateOBS agency so that CDN can read and accelerate the encrypted files.

  1. (Optional) Assign the KMS Administrator permissions to the CDNAccessPrivateOBS agency.
    1. Log in to Huawei Cloud console. Choose Service List > Management & Government > Identity and Access Management to access the IAM console.
    2. In the navigation pane, choose Agencies.

    3. On the Agencies page, click Authorize in the Operation column of the row containing CDNAccessPrivateOBS.

      The Select Policy/Role page is displayed.

    4. In the upper right corner of the table, search for KMS Administrator, select this role, and click Next.
    5. Set Scope to Region-specific projects and select the region based on the region of the OBS bucket.
    6. Click OK.

FAQ

  1. When an OBS Private Bucket Is Used as the Origin Server, Agency Creation for OBS Fails
Parent topic: Domain Name Settings