How Do I Create an IAM Agency?

Scenarios

During cross-region image replication, an agency is required to verify cloud service permissions in the destination region. So, create a cloud service agency before the replication.

Background

An agency is a trusted relationship established between you and other Huawei Cloud accounts or cloud services. If you have purchased multiple types of cloud resources on Huawei Cloud, you can create an agency through IAM to establish this trusted relationship with a company or cloud service for secure and efficient O&M on certain types of your resources.

Procedure

Log in to the management console.
In the upper right corner of the page, click the username and select Identity and Access Management.
In the navigation pane, choose Agencies.
Click Create Agency.
Set the following parameters:
- Agency Name: Enter an agency name, for example, ims_copy_image_agency.
  Figure 1 Creating an agency
- Agency Type: Select Cloud service.
- Cloud Service: This parameter is available only if you select Cloud service for Agency Type. Select Image Management Service (IMS) from the drop-down list.
- Validity Period: Select Unlimited.
- Description: This parameter is optional. You can enter "Delegates with IMS cross-region replication permissions".
Click OK. In the displayed dialog box, click Authorize. Select the permissions to be granted to the agency based on the image type.
Figure 2 Granting permissions to an agency
Click Next and specify the authorization scope.
Figure 3 Specifying the authorization scope

Click OK.

Figure 4 New agency

If the Tenant Administrator or IMS Administrator role is in the permission list, you are advised to delete them to avoid risks caused by excessive permissions. IMS provides fine-grained system policies to allow you to minimize permissions. For example, if the permissions of the agent for cross-region image replication are excessive, you are advised to grant only permissions in the following table.

**Table 1** Permissions required for cross-region image replication
Scenario	System-defined Policy
Cross-region replication of a system or data disk image	IMS CrossCopyAgencyPolicy
Cross-region replication of a full-ECS image	IMS CrossCopyAgencyCBRPolicy

Parent topic: Accounts and Permissions

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot