检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Risk level High Key strategies Enable MFA-based login for accounts and IAM administrators (IAM users with administrator permissions) to prevent risks caused by login credential leakage.
Risk level High Key strategies Key operations on cloud services include high-risk operations (such as creating and deleting IAM users, restarting VMs, and changing security configurations), cost-sensitive operations (such as creating and deleting high-cost resources), and service-sensitive
Related services and tools You can use IAM to implement fine-grained permissions management to control resource access of users in a single account.
Use IAM agency to grant operation permissions to cloud services or other accounts. Related cloud services and tools DEW IAM Parent topic: SEC02 Identity Authentication
Limited routine operations: Create an IAM user and use it for routine management, rather than using accounts directly. Accounts should be used only for key operations, such as creating IAM users or modifying permissions.
The system establishes identity federation with IAM Identity Center, eliminating the need for separate federation with each account's IAM system. Related cloud services and tools IAM Identity Center IAM OneAccess Parent topic: SEC02 Identity Authentication
Related cloud services and tools IAM Parent topic: SEC03 Permission Management
Unified control policy management: Set service control policies (SCPs) for each organizational unit and member account to define the maximum permissions for IAM users (including administrators of member accounts) under that member account.
Monitor the last login time of IAM users to identify accounts that have been inactive for an extended period. For such accounts, manage their identity credentials and permissions in a timely manner. Related cloud services and tools IAM Parent topic: SEC03 Permission Management
Common security logs include host security logs, OS logs, bastion host logs, IAM logs, WAF attack logs, CFW logs, VPC flow logs, and DNS logs.
Security Services Security Services Security governance Identity and Access Management (IAM): Authenticates identities and securely manage access to your services and resources Organizations: Helps you govern multiple accounts within your organization.
Related cloud services and tools Virtual Private Cloud (VPC) Enterprise Project Management Service (EPS) Identity and Access Management (IAM) Huawei Cloud Landing Zone Organizations Resource Governance Center (RGC) Resource Access Manager (RAM) Parent topic: SEC01 Cloud Security Governance
Both an account and its IAM user can create IAM users to manage resources. The Huawei Cloud Enterprise Center allows multiple independent HUAWEI IDs to be associated with each other. Parent topic: Concepts
IAM Identity and Access Management (IAM) provides identity authentication and permissions management to help you securely control access to your cloud services and resources. IAM user You can use your account to create IAM users and assign permissions for specific resources.
An IAM user group is a collection of IAM users. User groups let you specify permissions for multiple users. It is recommended to grant permissions to user groups rather than individual users.