tencent cloud

Cloud Load Balancer

Release Notes and Announcements
CLB Release Notes
Product Announcements
Product Introduction
Overview
Strengths
Use Cases
Principles
Product Comparison
Use Limits
Service Regions and Service Providers
Purchase Guide
Billing Overview
Billing
CLB Resource Package
Purchase Methods
Payment Overdue
Product Attribute Selection
Getting Started
Getting Started with Domain Name-Based CLB
Getting Started with CLB
Getting Started with IPv6 CLB
Deploying Nginx on CentOS
Deploying Java Web on CentOS
Operation Guide
CLB Instance
CLB Listener
Real Server
Health Check
Certificate Management
Log Management
Monitoring and Alarm
Cloud Access Management
Classic CLB
Practical Tutorial
Deploy certificate to CLB (mutual authentication)
Enabling Gzip Compression & Testing
HTTPS Forwarding Configurations
Obtaining Real Client IPs
Best Practices for Configuring Load Balancing Monitoring Alerts
Implementing HA Across Multiple AZs
Load Balancing Algorithm Selection and Weight Configuration Examples
Configuring WAF protection for CLB listening domain names
Configure IAP to authenticate web access to the CLB domain and path
Configure IAP to authenticate programmatic access to CLB's domain and path
Ops Guide
Solution to Excessive Clients in TIME_WAIT Status
Load Balancer HTTPS Service Performance Test
Stress Testing FAQ
CLB Certificate Operation Permissions
Troubleshooting
UDP Health Check Exception
API Documentation
History
Introduction
API Category
Instance APIs
Listener APIs
Backend Service APIs
Target Group APIs
Redirection APIs
Other APIs
Classic CLB APIs
Load Balancing APIs
Making API Requests
Data Types
Error Codes
CLB API 2017
FAQs
Billing
CLB Configuration
Troubleshooting Health Check Issues
HTTPS
WS/WSS Protocol Support
HTTP/2 Protocol Support
Default Domain Name Blocking Prompt
Service Level Agreement
Contact Us
Glossary
DocumentationCloud Load BalancerOperation GuideCloud Access ManagementOverview

Overview

PDF
Focus Mode
Font Size
Last updated: 2024-01-04 14:34:05
If you use multiple Tencent Cloud services such as CLB, CVM, and TencentDB that are managed by different users sharing your Tencent Cloud account key, you may face the following problems:
Your key is shared by multiple users, leading to high risk of compromise.
You cannot limit the access permissions of other users, which poses a security risk due to potential faulty operations.
Cloud Access Management (CAM) is used to manage the access permissions to your Tencent Cloud resources. With CAM, you can use the identity management and policy management features to control which Tencent Cloud resources can be accessed by which sub-accounts.
For example, if you have multiple CLB instances under your account that are deployed in different projects, to manage access permissions and authorize resources, you can bind the admin of project A with an authorization policy, which states that only this admin can use the CLB resources under project A.
If you do not need to manage the access permission to CLB resources for sub-accounts, you can skip this chapter. This will not affect your understanding and usage of other parts in the documentation.

Basic Concepts in CAM

The root account authorizes sub-accounts by binding policies. The policy setting can be specific to the level of API, Resource, User/User Group, Allow/Deny, and Condition.
1. Account
Root account As the fundamental owner of Tencent Cloud resources, a root account acts as the basis for resource usage fee calculation and billing, and can be used to log in to Tencent Cloud services.
Sub-account A sub-account is created by the root account, and it has a specific ID and identity credential that can be used to log in to the Tencent Cloud Console. A root account can create multiple sub-accounts (users). A sub-account does not own any resources by default; instead, such resources should be authorized by its root account.
Identity credential This includes login credentials and access certificates. Login credential refers to the username and password. Access certificate refers to the TencentCloud API keys (SecretId and SecretKey).
2. Resources and permissions
Resource A resource is an object that is operated in Tencent Cloud service, such as a CVM instance and a VPC instance.
Permission Permission is an authorization to allow or forbid certain users to perform certain operations. By default, a root account has full access to all the resources under it, while a sub-account does not have access to any resources under its root account.
Policy Policy is the syntax rule used to define and describe one or multiple permissions. A root account performs authorization by associating policies with users/user groups.
For more information, please see CAM Overview.
Document Description
Link
Relationship between policy and user
Basic policy structure
More products that support CAM
Previous Topic: Alarming Metric DescriptionsNext Topic: Authorization Definition

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback