Access Control for AS
Identity Authentication
Identity and Access Management (IAM) provides identity authentication, permissions management, and access control, helping you securely manage access to your Huawei Cloud resources.
With IAM, you can use your account to create IAM users, and assign permissions to the users to control their access to specific resources. For example, you can assign permissions to allow some software developers to use AS resources but disallow them to delete or perform any high-risk operations on the resources.
Access Control
AS supports access control by using IAM permissions, IAM projects, enterprise projects, critical operation protection, and security groups.
|
Method |
Description |
Reference |
|---|---|---|
|
Permissions control through IAM |
By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions. |
|
|
IAM projects and enterprise projects |
Both IAM projects and enterprise projects can be managed by one or more user groups. You can authorize a user group by applying policies to it. Then users inherit permissions defined by the policies. |
|
|
Critical operation protection |
After critical operation protection is enabled, identity authentication is required when you delete an AS group. |
|
|
Security groups |
A security group is a collection of access control rules for ECSs that have the same security requirements and are mutually trusted. After a security group is created, you can add different access rules to the security group, and these rules will apply to all ECSs added to this security group. Your account automatically comes with a default security group that allows all outbound traffic and denies all inbound traffic. Your ECSs in the security group can communicate with each other without the need to add rules. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
