All Documents

Current Document

Recommend

Container Engine Virtual Private Cloud Standard Storage Service

Content is empty

If you don't find the content you expect, please try another search term

Identity and Access Management

View more results

Document title with current keyword not found

Directory

Expand AllFold All Up

Networking
Security

Video Services
Data Analysis
- MapReduce (KMR)
- Kingsoft Cloud Log Service
Account Management
- Identity and Access Management
- Account Management

No products found with this keyword

Documentation

Identity and Access Management

Role Management

Use role

Use role

Last updated：2021-10-29 17:57:25

This topic describes how an IAM user uses the Kingsoft Cloud console and API to assume an IAM role whose trusted entity is a Kingsoft Cloud account.

Only IAM users can assume a role. A Kingsoft Cloud account cannot assume a role.

Prerequisites

You have created an IAM user. For more information, see Create an IAM user.
You have created an AccessKey for the IAM user. For more information, see Create an AccessKey for an IAM user.
You have granted permissions to the IAM user.
- You have attached the STSAssumeRoleAccess system policy to the IAM user. This policy specifies the permission to call the AssumeRole STS API operation.
  - For more information about how to grant permissions, see Grant permissions to an IAM user.

Assume an IAM role in the Kingsoft Cloud console

After you log in to the Kingsoft Cloud console as an IAM user by using SSO, you can assume an IAM role by switching your login identity to the role.

Log in to the Kingsoft Cloud console as an IAM user.
Move the pointer over the username in the upper-right corner.
In the shortcut menu that appears, click Identity switching.
On the Switch Role page, set Username and Role name.
Click Confirm.
- After the switching is complete, your login identity changes to the IAM role, and you have the permissions that are granted to the IAM role.
- The smaller value of the maximum session duration of the IAM role and login session validity period of the IAM user is used as the login session validity period of the IAM role.

Assume an IAM role by calling an API operation

An authorized IAM user can use an AccessKey to call the AssumeRole API operation to obtain the STS token of an IAM role.

On this page

Previous:Manage roles

Next:Create role

Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen

Feedback