All Documents
Current Document

Content is empty

If you don't find the content you expect, please try another search term


Introduction to IAM

Last updated:2021-10-29 17:57:41

Identity and Access Management (IAM) is a basic service provided by Kingsoft Cloud for managing user identities and resource access permissions. With IAM, you can manage access to Kingsoft Cloud services and resources in a secure and fine-grained manner.


Access permission management

IAM allows you to create and manage multiple IAM users under a Kingsoft Cloud account, and assign different resources and grant different operation permissions to one or more IAM users.

If multiple users in your enterprise need to collaboratively manage resources, IAM allows you to assign the minimum permissions to the users as required without sharing your Kingsoft Cloud account or password with them, thereby reducing the information security risks of your enterprise.

Fine-grained permission management

IAM allows you to grant different access permissions to different users for different resources. For example, you can grant the restart permission on a specific Kingsoft Cloud Elastic Compute (KEC) instance to only some of the IAM users.

Permission management by IAM group

You do not need to separately grant permissions to users. Instead, IAM allows you to create an IAM group, grant the corresponding permissions to the IAM group, and add users to the IAM group so that the users inherit the permissions of the IAM group. If the permissions of a user change, you can delete the user from the IAM group, or add the user to another IAM group to quickly grant the corresponding permissions to the user.

Resource authorization across Kingsoft Cloud accounts

If you need to authorize other enterprises to access specified resources of your enterprise, you can create and assign IAM roles to the enterprises. Then, the enterprises can assume the IAM roles and access the specified resources.

Account security policies

IAM allows you to configure login verification policies, password policies, and sensitive operation verification policies for IAM users to improve the security of user information and system data.

Federated identity authentication

If you have your own identity authentication system, you do not need to create a Kingsoft Cloud account. You can access Kingsoft Cloud through single sign-on (SSO) based on the identity provider (IdP) feature.

IAM access methods

You can access IAM in one of the following ways:

  • Console

    You can access IAM through a browser-based graphical user interface, namely, the IAM console.

  • API operations

    You can access IAM by calling the IAM API operations.

On this page
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen