We are pleased to release Identity and Access Management (IAM) functionality to our platform. Starting today it is possible to create API keys restricted to specific services and API operations, fine tuning “who can access what”.
From having a key capable of using only one of the Exoscale services as e.g. Compute, down to having a key capable of only act on specific API commands, e.g. listing Instances, Exoscale’s IAM allows you to be in full control of your Infrastructure, delivering to your team keys that do exactly the right thing and only that.
For Object Storage (and in future for other services too), an IAM API key can even be scoped to an exact resource, in order to give selective access to a specific bucket – would that be with through all or a subset of commands.
The IAM service, as most of our products, can be operated as usual through all our tools: web portal, CLI and directly via our API.
To get started with IAM have a look at the documentation.
Note that selective Object Storage bucket access control can be currently operated only via the API and the latest release of our CLI (1.10.0), and will be available in our web portal during the next weeks.
IAM is a fundamental cornerstone for more features on Exoscale, and we have plans to build more fine grained permissions, access and security features on top of it. Stay tuned, follow us on Twitter or via our Changelog!