Last updated：2020-07-19 00:07:28
We recommend that you enable MFA for your Kingsoft Cloud account and all IAM users. You can enable MFA for an IAM user on the details page of the IAM user in the IAM console.
For your Kingsoft Cloud account and IAM users, we recommend that you periodically change the login passwords and rotate AccessKeys. This ensures the security of cloud computing resources of your account even when the security certificate is leaked.
Configure a complex password, for example, a long password that mixes uppercase and lowercase letters and special characters.
In daily management of cloud resources, use the Kingsoft Cloud account to access Kingsoft Cloud as less as possible. Do not share the credentials with others. Instead, grant IAM users the required management permissions.
Least privilege is the basic principle of security design. It requires that users be authorized the minimum permissions necessary for their work to avoid overauthorization and reduce risks arising from account leak.
We recommend that you set conditions for policies to limit their applicable scenarios and enhance security. For example, specify conditions of IP addresses, regions, and time when you configure policies.
Revoke permissions that are no longer required by an IAM user in a timely manner.
We recommend that you do not authorize an IAM user to use the Kingsoft Cloud console and call APIs at the same time. Generally, you can assign an IAM user with a login password to an employee of your enterprise, and assign an IAM user with an AccessKey to a system or application.
The Kingsoft Cloud account has full permissions on all resources of the account, including console and API permissions. To avoid disastrous consequences that could result from the leakage of your AccessKey, we highly recommend that you do not create any AccessKey for your Kingsoft Cloud account. We recommend that your create AccessKeys for your IAM users and control operations through permission assignment.
To minimize risks, you must divide system permissions. When you use IAM, you must separate permissions for identity management, policy management, as well as operation and resource management. Create IAM users and attach different policies to them to separate permissions.
In addition to attaching policies to IAM users, you can group IAM users based on their functions and assign permissions to groups for centralized management You can attach policies to a group, and add or remove IAM users to or from a group according to real changes in your organization. All members in a group share the same permissions. An IAM user obtains the permissions immediately after it is added to a group.
Did you find the above information helpful?
Please give us your feedback.
Thank you for your feedback.