Skip to navigationSkip to main contentSkip to footerScaleway DocsAsk our AI
Ask our AI
Log inSign up

Identity and Access Management FAQ

Overview

Why do I need Identity and Access Management (IAM) features?

Securing access to your Scaleway account and resources is essential. Not all users, programs, and scripts should have access to all aspects of your Organization. There are many risks that can affect your Organization: credentials can get leaked or obtained through malicious activity, and some undesired actions may be performed accidentally.

IAM enables you to reduce these risks and ensures that users in your Organization have access only to the resources they need.

What are applications, and why do I need them?

Applications represent the identity of non-human users (such as a CI pipeline, a custom script, or a Terraform/OpenTofu provider). They are used to attach permissions and API keys to these operations - without being linked to specific users and their own rights.

Pricing and billing

Do I have to pay for IAM?

No. IAM is free and available to all Scaleway users.

Quotas and limitations

How many API keys can I create?

Each Organization can have up to 100 API keys.

How many IAM applications can I create?

Each Organization can have up to 100 IAM applications.

How many IAM groups can I create?

Each Organization can have up to 50 IAM groups.

How many IAM policies can I create?

Each Organization can have up to 50 IAM policies.

How many users can my Organization have?

Each Organization can have up to 50 users.

Compatibility and integration

Which products work with IAM?

IAM enables you to manage access control to all Scaleway products.

You may decide whether to leave these auto-created IAM applications and policies in place, edit the policies to change permissions as required, or generate new API keys for individual users to define rights per-user via the creation of new policies for those users.

Access and security

Why and how should I rotate API keys?

API keys are credentials that grant access to resources in Scaleway Organizations. It is good practice to regularly change your credentials to reduce the risk of security breaches. To change your API key, you can generate a new one for your user and/or application and delete the old API key.

Usage and management

Why must I select a preferred Project for Object Storage when I create an API key?

Due to limitations on the Object Storage API, API keys cannot perform Object Storage actions on several projects at the same time. Whenever you generate an API key that will be used on Object Storage, you must specify a preferred project where the API key will be able to perform actions. For more information, refer to the Using IAM API keys with Object Storage documentation page.

Still need help?

Create a support ticket
No Results