Using IAM Policies with vSphere – Articles

Learn how to connect your vSphere with OVHcloud IAM.

This will allow you to:

Log in to your vSphere using an OVHcloud account.
Manage your users' rights levels through IAM policies.

Requirements

you have an OVHcloud account
you know how to manage account users
you know how to configure policies for IAM

Instructions

Enabling OVHcloud IAM does not deactivate your existing Hosted Private Cloud users. You can still use them to connect directly to the different elements of your Hosted Private Cloud, without going through IAM.

OVHcloud IAM is not available for environments with advanced security and certification options (PCI-DSS, HIPAA).

Enable IAM on your server

You can enable the IAM option on your Hosted Private Cloud from the OVHcloud API. Execute the following call:

POST /dedicatedCloud/{serviceName}/iam/enable

This operation may take up to 30 minutes.

Create IAM roles

Once the option is activated, IAM roles are created by default and can be used in OVHcloud IAM access policies.

You can create new roles by executing the following call:

POST /dedicatedCloud/{serviceName}/iam/addRole

The management of vSphere permissions for each IAM role is carried out as for any other Hosted Private Cloud user, via the API or from the OVHcloud Control Panel.

Once this process is finished, two new users/roles will be created in your PCC environment: iam-admin and iam-auditor. These roles determine what a user can do in vSphere and more roles may be added in the future.
You can see them in the OVHcloud Control Panel by clicking Hosted Private Cloud, then your PCC environment, and then on the Users tab.