Last updated：2021-10-29 17:57:41
We recommend that you enable MFA for your Kingsoft Cloud account and all IAM users. You can enable MFA for an IAM user on the details page of the IAM user in the IAM console.
For your Kingsoft Cloud account and IAM users, we recommend that you periodically change the login passwords and rotate AccessKeys. This ensures the security of cloud computing resources of your account even when the security certificate is leaked.
Configure a complex password, for example, a long password that mixes uppercase and lowercase letters and special characters.
In daily management of cloud resources, use the Kingsoft Cloud account to access Kingsoft Cloud as less as possible. Do not share the credentials with others. Instead, grant IAM users the required management permissions.
Least privilege is the basic principle of security design. It requires that users be granted the minimum permissions necessary for their work to avoid over-authorization and reduce risks arising from account leakage.
We recommend that you set conditions for policies to limit their applicable scenarios and enhance security. For example, specify conditions of IP addresses, regions, and time when you configure policies.
Revoke permissions that are no longer required by an IAM user in a timely manner.
We recommend that you do not authorize an IAM user to use the Kingsoft Cloud console and call API operations at the same time. Generally, you can assign an IAM user with a login password and required permissions to an employee of your enterprise, and assign an IAM user with an AccessKey to a system or an application.
Your Kingsoft Cloud account has full permissions on your resources, including console and API permissions. To avoid disastrous consequences due to the leakage of your AccessKey, we recommend that you do not create an AccessKey for your Kingsoft Cloud account. We recommend that you create AccessKeys for your IAM users and grant IAM users required permissions to control operations.
To minimize risks, you must divide system permissions. When you use IAM, you must separate permissions for identity management, policy management, as well as operation and resource management. Create IAM users and attach different policies to them to separate permissions.
In addition to attaching policies to IAM users, you can group IAM users based on their features and grant permissions to groups for centralized management. You can attach policies to a group, and add or remove IAM users to or from the group based on the real changes in your organization. All members in the group share the same permissions. An IAM user obtains the permissions immediately after it is added to the group.
Did you find the above information helpful?
Please give us your feedback.
Thank you for your feedback.