Enabling Trusted Services to Provide Organization-wide Capabilities
Scenarios
A trusted service is a Huawei Cloud service that is entrusted by Organizations to provide organization-wide capabilities. The management account can enable a cloud service as a trusted service with Organizations. Each trusted service has access to the information about the OUs and member accounts in your organization and also can manage the entire organization.
The following uses Config as an example to describe how to use a trusted service, including how to enable trusted access and create an organization compliance rule of Last Login Check.
Procedure
|
Step |
Description |
|---|---|
|
|
|
Enable trusted access for Config. |
|
|
Use organization-wide capabilities to create organization rules in Config. |
Preparations
- Create an organization and add multiple member accounts to the organization. For details, see Using Organizations to Manage Multiple Accounts.
- Enable the resource recorder so that the organization rule to be created can apply to the resources collected by the resource recorder.
- Top up your account.
Organizations is a free service. You will not be billed for using Organizations-related functions.
Ensure that your account balance is sufficient. If your account is frozen due to arrears, you cannot perform any write operations on the Organizations console. For details about how to top up your account, see Topping Up an Account.
Step 1: Enable Trusted Access
- Log in to the management console as the organization administrator or using the management account, and navigate to the Organizations console.
- In the navigation pane, choose Services.
- On the Services page, locate Config and click Enable Access in the Operation column.
- Click OK in the displayed dialog box.
Step 2: Create Organization Rules
As Config is now a trusted service with Organizations, you can use organization-wide capabilities in Config. This step provides an example of how to use Config to create organization rules.
The following example only focuses on key parameter settings. You can retain the default values of other parameters. For details about Config organization rules, see Organization Rules.
- Log in to the management console as an organization administrator or the delegated administrator of Config.
- Click
in the upper left corner. In the service list, choose Management & Governance > Config. - In the navigation pane, choose Resource Compliance.
- Under Organization Rules, click Add Rule.
- On the Basic Configurations page, select the iam-user-last-login-check policy and click Next.
- On the Configure Rule Parameters page, retain the default value Organization for Destination, and click Next.
- On the Confirm page, review and confirm the rule parameter settings, and click Submit.
The organization rule you created will appear in the rule list of every member account in the organization. The rule name will have the prefix "Org-".
Only the account that created the rule can modify and delete it. The member accounts can evaluate the rule, view the result, and access the details.
Follow-up Operations
For more information about trusted services integrable with Organizations and how to specify a delegated administrator, see Managing Trusted Services.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
