GitHub user rhysperry111 created a discussion: Mapping of CloudStack access control concepts to AWS
We're slowly starting to look to deploy CloudStack to form some kind of hybrid cloud with our AWS environment, and at least from a first glance it's proving a little difficult to understand CloudStack permissions concepts in the lens of how things work in AWS. In AWS, we have an organisation (everything) which is compromised of multiple accounts (isolated resource environments), and each of these accounts have associated roles (permission levels) that authenticated users can assume providing they are in the correct authentication group. We initially were working on the idea that we would have a singular CloudStack domain which was equivalent to our AWS organisation, and multiple accounts in CloudStack which were equivalent to our AWS accounts, however this started to fall apart when we realised that multiple users in the same CloudStack account cannot have different roles, and you cannot have multiple users of the same username within the same CloudStack domain. There also seems to be no way to create a CloudStack account without also creating a user to go with it? Is it that domains in CloudStack are a more similar concept to AWS accounts, and accounts in CloudStack are similar to AWS roles? Apologies if this is a bit of a dumb question, however reading over the documentation didn't clarify things up too much more, and we can't begin deploying our own demo to test things ourselves until we have a basic understanding of how such a core concept of the solution will work. GitHub link: https://github.com/apache/cloudstack/discussions/12093 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
