Skip to content

IAM Policies

Understand permissions and create secure Application Credentials for automated access to OpenStack services. Each service has specific permission patterns for reader and member roles to help you choose the right level of access.

Quick Start

Create Application Credentials

# Install OpenStack CLI
pip install python-openstackclient

# Authenticate with your user credentials
source openrc.sh

# Create reader credential (read-only access)
openstack application credential create \
    --role reader \
    --description "Monitoring and reporting" \
    my-reader-app

# Create member credential (full project management)
openstack application credential create \
    --role member \
    --description "CI/CD automation" \
    my-member-app

Use Your Credentials

export OS_AUTH_TYPE=v3application_credential
export OS_AUTH_URL=https://api.pub1.infomaniak.cloud/identity/v3
export OS_APPLICATION_CREDENTIAL_ID="your-credential-id"
export OS_APPLICATION_CREDENTIAL_SECRET="your-credential-secret"

Save Your Credentials

The Application Credential secret is only shown once. Save it securely immediately.

Role Overview

Role Permissions Best For
reader Read-only access to project resources Monitoring, reporting, compliance
member Full project management capabilities Automation, CI/CD, operations

Service Policies

  •   Nova - Compute Service

    Virtual machines, flavors, and server lifecycle management

  •   Cinder - Block Storage Service

    Volumes, snapshots, backups, and storage management

  •   Neutron - Networking Service

    Networks, subnets, routers, and security groups

  •   Glance - Image Service

    Operating system images, uploads, and sharing

  •   Octavia - Load Balancer Service

    Load balancers, listeners, pools, and health monitors

  •   Designate - DNS Service

    DNS zones, records, and domain management

  •   Heat - Orchestration Service

    Infrastructure as Code, templates, and stack management

  •   CloudKitty - Billing Service

    Cost tracking, usage reports, and billing information

  •   Aodh - Monitoring Service

    Alarms, thresholds, and monitoring automation

  •   Barbican - Key Management Service

    Secrets, certificates, and cryptographic key management

Next: Select a service above to view detailed permission matrices and usage examples for your Application Credentials.