Criando uma IAM Agency delegando acesso a um serviço da Huawei Cloud
V1.0 - April 2026
| Version | Author | Description |
|---|---|---|
| V1.0 - 2026-04-30 | Gabriel Gutierrez 00817435 | Initial version |
Introduction
Ao criar uma IAM Agency no Console da Huawei Cloud, existem dois tipos de agency: Account, que delega acesso a outra conta da Huawei Cloud, e Cloud service, que delega acesso a um serviço da Huawei Cloud.
Ao selecionar Account, é necessário informar o nome da conta para a qual o acesso será delegado. No entanto, ao selecionar Cloud service, uma lista suspensa é exibida, permitindo selecionar o serviço da Huawei Cloud para qual o acesso será delegado. Cada item da lista suspensa é mapeado internamente para um nome de conta interno daquele serviço.
Ao usar o resource huaweicloud_identity_agency do Terraform para criar uma IAM Agency, o atributo delegated_domain_name exige que o nome da conta seja informado, independentemente do tipo de agency ser Account ou Cloud service.
O exemplo de código abaixo mostra como criar uma IAM Agency que delega a permissão OBS OperateAccess ao serviço ECS/BMS:
resource "huaweicloud_identity_agency" "example" {
name = "example-agency"
delegated_domain_name = "op_svc_ecs"
domain_roles = ["OBS OperateAccess"]
}
Nesse contexto, a próxima seção lista o valor que deve ser definido no atributo delegated_domain_name para cada serviço da Huawei Cloud ao qual o acesso pode ser delegado.
Nomes de conta de cada serviço da Huawei Cloud
| delegated_domain_name | Serviço da Huawei Cloud |
|---|---|
| op_svc_cad | Advanced Anti-DDoS (AAD) |
| op_svc_apm | Application Operations Management (AOM) |
| op_svc_cbc | Billing |
| op_svc_bcs | Blockchain Service |
| op_svc_cce | Cloud Container Engine (CCE) |
| op_svc_cdm | Cloud Data Migration (CDM) |
| op_svc_CloudIDE | CloudIDE |
| op_svc_CloudMesh | CloudMesh |
| op_svc_COC | Cloud Operations Center (COC) |
| op_svc_cph | Cloud Phone (CPH) |
| op_svc_cse | Cloud Search Engine (CSE) |
| op_svc_usearch | Cloud Search Service (CSS) |
| op_svc_CloudSite | CloudSite |
| op_svc_cs | Cloud Stream Service (CS) |
| op_svc_cloudtable | CloudTable |
| op_svc_CTS | Cloud Trace Service (CTS) |
| op_svc_CloudBuild | CodeArts Build |
| op_svc_CodeCheck | CodeArts Check |
| op_svc_CloudDeploy | CodeArts Deploy |
| op_svc_DevUC | CodeArtsDevUC |
| op_svc_CloudOctopus | CodeArtsOctopus (CloudOctopus) |
| op_svc_cpts | CodeArts PerfTest (CPTS) |
| op_svc_CloudPipeline | CodeArtsPipeline |
| op_svc_codehub | CodeArtsRepo |
| op_svc_eps | Config (RMS) |
| op_svc_cdn | Content Delivery Network (CDN) |
| op_svc_moderation | Content Moderation (Moderation) |
| op_svc_cs_container1 | CS_gray |
| op_svc_FABRIC0 | DataArtsFabric |
| op_svc_rds | Database Service (DBS) |
| op_svc_bigdata | Data Ingestion Service (DIS) |
| op_svc_dlv | Data Intelligence Infrastructure (DII) |
| op_svc_dlg | Data Lake Governance Center (DGC) |
| op_svc_uquery | Data Lake Insight (DLI) |
| op_svc_SDG | Data Security Center (DSC) |
| op_svc_dws | Data Warehouse Service (DWS) |
| op_svc_DWR | Data Workroom(DWR) |
| op_svc_dbss | Database Security Service (DBSS) |
| op_svc_dcs | Distributed Cache Service |
| op_svc_dms | Distributed Message Service (DMS) |
| op_svc_dlf | Data Lake Factory (DLF) |
| op_svc_ecs | Elastic Cloud Server (ECS) and Bare Metal Server (BMS) |
| op_svc_evs | Elastic Volume Service (EVS) |
| op_svc_EG | EventGrid (EG) |
| op_svc_cff | FunctionGraph |
| op_svc_GeoGenius | GeoGenius |
| op_svc_ges | Graph Engine Service (GES) |
| op_svc_HaydnCSF | HaydnCSF |
| op_svc_QuickBuy | HPC Service |
| op_svc_IdentityCenter | IAM Identity Center |
| op_svc_ims | Image Management Service (IMS) |
| op_svc_image | Image Recognition (Image) |
| op_svc_IDT | Industrial Digital Thread (IDT) |
| op_svc_IVM | Industry video management IVM |
| op_svc_ief | Intelligent EdgeFabric (IEF) |
| op_svc_IoTAnalytics | IoTA |
| op_svc_IoTDM | IoTDA |
| op_svc_IoTEdge | IoTEdge |
| op_svc_KooPhone | KooPhone service |
| op_svc_LakeFormation | LakeFormation |
| op_svc_mls | Machine Learning Service (MLS) |
| op_svc_MSGSMS | Message & SMS |
| op_svc_MgC | Migration Center(MgC) |
| op_svc_eiwizard | ModelArts |
| op_svc_mrs | MapReduce Service (MRS) |
| op_svc_obs | Object Storage Service (OBS) |
| op_svc_Octopus | Octopus |
| op_svc_ivehicle | OCTOPUS |
| op_svc_maas | Object Storage Migration Service (OMS) |
| op_svc_OROAS | OptVerse |
| op_svc_pEDACloud | PCB-Focused Electronic Design Automation Cloud Service (pEDACloud) |
| op_svc_res | Recommender System (RES) |
| op_svc_IAC | Resource Formation Service (RFS) |
| op_svc_romalink | ROMA |
| op_svc_ssa | SA |
| op_svc_SDRS | Business Recovery Service (SDRS) |
| op_svc_servicestage | ServiceStage |
| op_svc_OSM | ServiceTickets |
| op_svc_smn | Simple Message Notification (SMN) |
| op_svc_swr | SoftWare Repository for Container (SWR) |
| op_svc_waf | Web Application Firewall (WAF) |
| op_svc_workspace | Workspace |
Referências
- Huawei Cloud Identity and Access Management (IAM) - Delegating Another Service for Resource Management: https://support.huaweicloud.com/intl/en-us/usermanual-iam/iam_06_0004.html
huaweicloud_identity_agencyTerraform resource documentation: https://registry.terraform.io/providers/huaweicloud/huaweicloud/latest/docs/resources/identity_agency