NavigationContentFooter
Jump toSuggest an edit

Identity and Access Management

Why do I need Identity and Access Management (IAM) features?

Securing access to your Scaleway account and resources is essential. Not all users, programs, and scripts should have access to all aspects of your Organization. There are many risks that can affect your Organization: credentials can get leaked, or obtained through malicious activity, and some undesired actions may be performed accidentally.

IAM enables you to reduce these risks, and ensures that users in your Organization have access only to the resources they need.

Do I have to pay for IAM?

No. IAM is free and available to all Scaleway users.

Can I manage access at the resource level?

With IAM you can manage access for each Scaleway product, but at the Project level only. Some products implement their own access with the possibility to manage access at the resource level, such as SSH keys for Elastic Metal, Instances, and Apple silicon.

Which products work with IAM?

IAM enables you to manage access control to all Scaleway products.

You may decide yourself whether to leave these automatically-created IAM applications and policies in place, edit the policies to change permissions as required, or generate new API keys for individual users to define rights per-user via the creation of new policies for those users.

What are applications, and why do I need them?

Applications represent the identity of non-human users (such as a CI pipeline, a custom script, or a Terraform provider). They are used to attach permissions and API keys to these operations - without being linked to specific users and their own rights.

Why do I have to select a preferred Project for Object Storage when I create an API key?

Due to limitations on the Object Storage API, API keys cannot perform Object Storage actions on several projects at the same time. Whenever you generate an API key that will be used on Object Storage, you must specify a preferred project where the API key will be able to perform actions. For more information, refer to the Using IAM API keys with Object Storage documentation page.

Why and how should I rotate API keys?

API keys are credentials that grant access to resources in Scaleway Organizations. It is good practice to change your credentials on a regular basis to reduce the risk of security breaches. To change your API key, you can generate a new one for your user and/or application and delete the old API key.

How many API keys can I create?

Each Organization can have up to 100 API keys.

How many IAM applications can I create?

Each Organization can have up to 100 IAM applications.

How many IAM groups can I create?

Each Organization can have up to 50 IAM groups.

How many IAM policies can I create?

Each Organization can have up to 50 IAM policies.

How many users can my Organization have?

Each Organization can have up to 50 users.

Was this page helpful?
API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2024 – Scaleway