Help Center> VPC Endpoint> User Guide> Permissions Management> Creating a User and Granting VPC Endpoint Permissions
Updated on 2024-05-15 GMT+08:00

Creating a User and Granting VPC Endpoint Permissions

Use IAM to implement fine-grained permissions control over your VPC Endpoint resources. With IAM, you can:

  • Create IAM users for employees based on your enterprise's organizational structure. Each IAM user has their own security credentials for accessing VPC Endpoint resources.
  • Grant only the permissions required for users to perform a specific task.
  • Entrust a HUAWEI ID or a cloud service to perform efficient O&M on your VPC Endpoint resources.

If your HUAWEI ID does not need individual IAM users, skip this section.

This section describes the process flow for granting permissions (see Figure 1).

Prerequisites

You must learn about permissions (see Permissions) supported by VPC Endpoint and choose policies or roles according to your requirements. To grant permissions for other services, learn about all System Permissions supported by IAM.

Process Flow

Figure 1 Process for granting VPC Endpoint permissions
  1. Create a user group and assign it permissions.

    On the IAM console, create a user group and attach the VPCEndpoint Administrator policy to the group.

  2. Create an IAM user and add it to the created user group.

    Create an IAM user and add it to the user group created in 1.

  3. Log in as the IAM user and verify permissions.

    In the authorized region, perform the following operations:

    • On the Service List page, choose VPC Endpoint. Click Buy VPC Endpoint in the upper right corner. If you can buy a VPC endpoint, the VPCEndpoint Administrator policy has already taken effect.
    • Choose another service from Service List. If a message appears indicating that you have insufficient permissions to access the service, the VPCEndpoint Administrator policy has already taken effect.