Through the delegation trust feature, you can delegate your operational permissions to more professional and efficient accounts or cloud services. These accounts or cloud services can then perform daily resource management tasks on your behalf based on the assigned permissions.
Note:
Only the primary account of eSurfing Cloud can be delegated; IAM sub-users cannot be delegated.
Taking Account A's delegation of Account B to manage certain resources within Account A as an example, the principle and method of delegation are explained. Account A is the delegating party, and Account B is the delegated party.
Step 1: Account A creates a delegation.
Figure: Delegating party creates a delegation.
Step 2: (Optional) Account B assigns delegation permissions.
1. Create a user group (e.g., Agency) and grant the user group a permission policy for managing delegations.
2. Create a user and add the user (Job) to the user group (Agency).
Figure: Grant Delegated Permissions to the Delegated Party
Step 3: Account B or its IAM users manage the delegated resources according to the assigned permissions.
1.The delegated party logs in to their own account and switches roles to Account A.
2.Switches to the authorized region and manages Account A's resources according to the assigned permissions.
Figure: Delegated Party Performs Role Switching
