How Do I Create an IAM Agency?
Scenarios
During cross-region image replication, an agency is required to verify cloud service permissions in the destination region. So, create a cloud service agency before the replication.
Background
An agency is a trusted relationship established between you and other Huawei Cloud accounts or cloud services. If you have purchased multiple types of cloud resources on Huawei Cloud, you can create an agency through IAM to establish this trusted relationship with a company or cloud service for secure and efficient O&M on certain types of your resources.
Procedure
- Log in to the management console.
- In the upper right corner of the page, click the username and select Identity and Access Management.
- In the navigation pane, choose Agencies.
- Click Create Agency.
- Set the following parameters:
- Agency Name: Enter an agency name, for example, ims_copy_image_agency.
Figure 1 Creating an agency
- Agency Type: Select Cloud service.
- Cloud Service: This parameter is available only if you select Cloud service for Agency Type. Select Image Management Service (IMS) from the drop-down list.
- Validity Period: Select Unlimited.
- Description: This parameter is optional. You can enter "Delegates with IMS cross-region replication permissions".
- Agency Name: Enter an agency name, for example, ims_copy_image_agency.
- Click OK. In the displayed dialog box, click Authorize. Select the permissions to be granted to the agency based on the image type.
Figure 2 Granting permissions to an agency
- Click Next and specify the authorization scope.
Figure 3 Specifying the authorization scope
- Click OK.
Figure 4 New agency
If the Tenant Administrator or IMS Administrator role is in the permission list, you are advised to delete them to avoid risks caused by excessive permissions. IMS provides fine-grained system policies to allow you to minimize permissions. For example, if the permissions of the agent for cross-region image replication are excessive, you are advised to grant only permissions in the following table.
Table 1 Permissions required for cross-region image replication Scenario
System-defined Policy
Cross-region replication of a system or data disk image
IMS CrossCopyAgencyPolicy
Cross-region replication of a full-ECS image
IMS CrossCopyAgencyCBRPolicy
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot