2 posts tagged with "alert-center"

Using the cloud is like operating a virtual building with dozens of keys. 🔐
If it is not clear who can enter which room and which doors they can open, confusion quickly follows.
Deciding who receives these keys and under what conditions is exactly what IAM (Identity and Access Management) does. In other words, IAM is a service that grants only the permissions needed according to each user's role, helping manage resources efficiently and reduce unnecessary access.

However, for those encountering IAM for the first time, the concept may feel somewhat complex and burdensome.
To help users understand and use KakaoCloud IAM more accurately, the content planning team created a four-part onboarding video series.
In this post, we briefly summarize the key content of each video.

🎬 Part 1. Getting started with IAM - Concepts and basic structure​

The first video in the IAM onboarding series introduces the basic concepts of IAM and the structure of projects and organizations.
Even users new to IAM can easily understand the overall IAM structure through this video. Like looking at a city map, view the big picture of what permissions should be assigned to each area.

🎬 Part 2. IAM groups and service accounts - Improving user management efficiency​

Part 2 introduces two features you must know to operate IAM more conveniently and systematically: IAM groups and service accounts.

• IAM groups are a useful feature that groups users who need the same permissions into one user group and configures the required permissions all at once. For example, if you group users by teams such as development, operations, or marketing and configure the required permissions for each team at the group level, when a new team member joins, permissions are automatically granted simply by adding the member to the group. This enables much more efficient user management.
  
• Service accounts are non-user accounts used by applications or automation scripts to access or control resources within a project, rather than actual IAM user accounts. They can issue API tokens and call KakaoCloud APIs instead of using IAM user accounts.

By using these two features appropriately, user management and system permission settings can be operated more systematically and securely. See the video for details.

🎬 Part 3. Tracking IAM change history with Cloud Trail​

Initial IAM setup is important, but continuously checking and managing change history is also important. In Part 3, we introduce how to use KakaoCloud Cloud Trail to track who changed which IAM settings and when, at the event level.

🎬 Part 4. Reviewing IAM operational best practices​

The final video introduces five best practices for operating IAM stably. Check whether all five operational tips below are applied in your organization.

• Grant only the minimum permissions needed, without unnecessary permissions.
• Use Cloud Trail to regularly check change history.
• Regularly review and clean up departed-user and dormant accounts.
• Clearly separate user accounts and service accounts for operations.
• Integrate with Alert Center to quickly detect and respond to anomalies.

---

How was it?
IAM is more than a simple permission management tool. It is an important standard for securely protecting resources in an organization and clearly separating roles and responsibilities.
If you understand IAM's basic structure and operating methods well, you can continue providing stable and reliable services even in complex cloud environments.

If you want to learn more about KakaoCloud IAM, see the links below. Thank you :)

• 🔗 Go to KakaoCloud IAM documentation
  
• 👉 Start KakaoCloud now

📢 Alert Center permissions have been subdivided!​

KakaoCloud Alert Center permission management has been improved so that more precise roles can be configured at the organization and project levels. This makes it possible to grant appropriate permissions to each user and operate notification policies more safely and efficiently.

In this post, we introduce what IAM roles dedicated to Alert Center are and how to use them effectively.

🔐 IAM and Alert Center permission structure​

KakaoCloud IAM (Identity and Access Management) is a service that controls access permissions for cloud resources. IAM uses RBAC (Role-Based Access Control) so that only users granted specific roles can access the resources they need.

Previously, permissions for Alert Center resources could not be subdivided by organization or project, making it difficult to grant appropriate permissions to users who needed to manage only notifications for a specific organization or project. With this improvement, manager and viewer roles can now be assigned separately at the organization and project levels, enabling more flexible permission management.

In other words, if a user is responsible for managing Alert Center for the entire organization, an organization-level role can be granted; if a user needs to manage only notifications for a specific project, a project-level role can be granted.

🏢 Introducing roles dedicated to Alert Center​

🏛️ Role management at the organization level​

Organization-level Alert Center roles have permission to manage notifications generated by IAM and Billing services. To manage Alert Center resources within an organization, you must grant the Alert Center Organization Manager or Alert Center Organization Viewer role.

Organization Managers can view all Alert Center resources and directly manage notification policies and receiving channels. Organization Viewers can view all resources but cannot change settings. If Alert Center notification settings need to be changed, grant the Manager role; if only monitoring is needed, grant the Viewer role.

📌 Role management at the project level​

Alert Center is used not only at the organization level but also at the project level. Project-level Alert Center roles have permission to manage notifications such as metrics, logs, and events generated in individual projects. If you need to manage notifications generated in a specific project, grant the Alert Center Project Manager or Alert Center Project Viewer role.

Project Managers can view all Alert Center resources in the project and manage notification policies and receiving channels. Project Viewers can view all resources but cannot change settings.

🚨 Changes starting March 18​

With the introduction of the new permission system, appropriate roles must be assigned to use Alert Center features starting March 18.

✔️ Only organization or project administrators, or users with Alert Center roles, can manage resources.
✔️ Users without permissions can only view Alert Center resources and cannot view the recipient list of the default receiving channel.
✔️ Until March 18, resources in Alert Center can be created and deleted without roles, the same as before. In other words, to configure notification policies in Alert Center after March 18, appropriate roles must be assigned in advance at the organization or project level.

🔎 Use Alert Center more safely and flexibly​

Although new roles dedicated to Alert Center have been added, users with existing IAM project roles can still use some features.

For example, users with the Project Member or Project Reader role can still view notification policies, receiving channels, and sending history in Alert Center. However, they cannot view the recipient list within receiving channels. In other words, basic monitoring is possible, but the new Alert Center roles are required for detailed notification management.

Alert Center is a service that detects various events and logs generated by cloud services and provides notifications. Through this subdivision of IAM roles, safer and more efficient permission management is possible at the organization and project levels. Please configure the required roles properly for stable system operations.

For more details, see Alert Center > Key concepts.

Thank you!