This section contains concepts and tasks to help you securely control access to services and resources for your Eucalyptus cloud users.
Welcome to the IAM Guide. IAM is an acronymn for Identity Access Management. IAM is used for account management where cloud administrator establish accounts, users and their identities.
Work with IAM
The Eucalyptus IAM design provides more layers in the hierarchical organization of user identities, and more refined control over resource access. This complies with the Amazon AWS IAM service. There are a few Eucalyptus-specific extensions to meet the needs of enterprise customers.
Manage Identities Overview
Like IAM, the user identities in Eucalyptus are organized into Accounts. An account is the unit of resource usage accounting, and also a separate name space for many resources, for example, security groups, key pairs, users, and so on. Unique ID (UUID) or a unique name identifies an account. The account name is equivalent to IAM’s account alias. In Eucalyptus, the account name is used to manipulate accounts in most cases. However, to be compatible with AWS, the EC2 commands often use account ID to display resource ownership. There are command line tools to discover the correspondence of account ID with the account name. For example, euare-accountlist lists all the accounts with both their IDs and names.
Manage Users and Groups
You can also perform user authentication by integrating Eucalyptus with an existing LDAP or Active Directory. This information cannot be changed from Eucalyptus side when LDAP/AD integration is turned on. However, other Eucalyptus-specific information about user, group and account is still stored within the local database of Eucalyptus, including certificates, secret keys and attached policies.
IAM Guide History
This section contains information about changes to the IAM documentation in this release.