March 4, 2021 By Ben Lopez
Jeff Rosas
2 min read

Today we are announcing a brand-new way to manage access to IBM Cloud resources called tag-based access management.

This new access management capability allows authorized users to create IAM policies based on a new object called the access management tag. This new type of tag can be added to IAM-enabled IBM Cloud resources, making these resources objects of tag-based IAM policies.

How does tag-based access management work?

Tag-based access management allows an administrator of an IAM-enabled resource to create an access policy based on existing access management tags. An access policy that contains access management tags provides administrators the ability to grant or revoke access to a resource by attaching or detaching the access management tag to the resource. Using access management tags may reduce the number of access policies needed within an account while also providing a simplified way to grant access to a heterogeneous group of resources.

Start using tag-based access management

To get started, select a resource that you want to tag from the Resource List. You can add an access management tag by selecting Add tags from the actions menu for the resource. Access management tags must follow “key:value” format:

Once you’ve tagged the appropriate resources with the new access management tag, the access policy creation step is very similar to what it has been previously. However, instead of creating an access policy targeting a specific resource or resource group, you will create the access policy with the newly created access management tag as the target.

Begin by selecting All Identity and Access enabled services from the dropdown, as seen below. Then, you’ll use the new Services based on attributes button and select Access management tags. All you have to do from there is pick your access management tag from the dropdown and select one or more roles for the access policy. Finish by creating the access policy, and you’ve successfully begun to use the new tag-based access management system:

One example of a useful way to use the new access management tag is to provide access to a testing environment in an account. An account administrator can tag all resources related to a specific testing environment with a unique access management tag. Then, they can create a tag-based access policy for an access group or a developer to gain access to those resources. If the account administrator needs to add or remove resources from the testing environment, it is as simple as adding or removing the access management tag from a resource.   

Learn more

The release of the access management tag and our brand-new tag-based access management paradigm represents a huge step forward for IBM Cloud and our customers. To learn more, see the documentation.

We are very excited for our users to enjoy this new, simplified method of access management. We also look forward to any feedback, as always. Thanks for reading, now get to tagging!

More from Cloud

Serverless vs. microservices: Which architecture is best for your business?

7 min read - When enterprises need to build an application, one of the most important decisions their leaders must make is what kind of software development to use. While there are many software architectures to choose from, serverless and microservices architectures are increasingly popular due to their scalability, flexibility and performance. Also, with spending on cloud services expected to double in the next four years, both serverless and microservices instances should grow rapidly since they are widely used in cloud computing environments. While…

Serverless use cases: How enterprises are using the technology to let developers innovate

6 min read - Serverless, or serverless computing, is an approach to software development that empowers developers to build and run application code without having to worry about maintenance tasks like installing software updates, security, monitoring and more. With the rise of cloud computing, serverless has become a popular tool for organizations looking to give developers more time to write and deploy code. Despite its name, a serverless framework doesn’t mean computing without servers. In a serverless architecture, a cloud service provider (CSP) handles…

How a US bank modernized its mainframe applications with IBM Consulting and Microsoft Azure

9 min read - As organizations strive to stay ahead of the curve in today's fast-paced digital landscape, mainframe application modernization has emerged as a critical component of any digital transformation strategy. In this blog, we'll discuss the example of a fictional US bank which embarked on a journey to modernize its mainframe applications. This strategic project has helped it to transform into a more modern, flexible and agile business. In looking at the ways in which it approached the problem, you’ll gain insights…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters