What's New

Key Benefits of New Resource Groups and IAM Integration with Cloudant

Share this post:

What’s new with Cloudant?

Over the last few years, IBM Cloudant for IBM Cloud has leveraged Cloud Foundry for higher-level access control and organization of service instances, as well as its own set of per database user permissions for read, write, and admin access across the Dashboard and the API.

Starting in mid-July, we rolled out integrations with IBM Cloud resource groups and provided customers with the ability to leverage IBM Cloud Identity and Access Management (IAM) to improve authentication against Cloudant and logical organization of Cloudant instances. Provided below is a high-level introduction to the new features, but be sure to read the linked documentation as well to learn more.

Overview of resource groups

Essentially, resource groups let you organize your account resources for access control and billing purposes. If you use Cloud Foundry spaces, organizing resources are similar to how you’d organize resources into spaces. A resource is anything that can be created, managed, and contained within a resource group. Users aren’t added to resource groups—only resources can be added. Access policies applied to team members can be used to assign access to services and applications. To learn more, read Best Practices for Organizing Resources in a Resource Group.

Also, for a better IBM Cloud experience, try investigating and migrating your Cloudant instances from Cloud Foundry to resource groups using the following documentation. Migration lets you authenticate against your Cloudant instance with IBM Cloud IAM as well as legacy authentication methods.

If you have IBM Cloudant Dedicated Hardware, you must migrate that instance from Cloud Foundry to resource groups before you can provision any new instances onto that environment.

The benefits of Identity and Access Management (IAM)

IAM enables you to securely authenticate users for both platform services and control access to resources consistently across IBM Cloud. It provides the capability to perform the following:

  • User management
  • Fine-grained access control
  • API-key creation for authorization

Service IDs can also be created for application authentication against cloud services. For more information, please read the IBM Cloud IAM Getting Started Tutorial.

Get started

Upon provisioning new Cloudant instances, you will see a new drop-down that requires a choice between available authentication methods (see image below).

Choosing “Use both legacy credentials and IAM” gives you IAM access and legacy Cloudant credentials simultaneously. The option for “Use only IAM” provisions the service with only the option to interact with your instance through the IAM model. To fully understand the implementation of IAM for Cloudant, please read our tutorial.

Screenshot of the IBM Cloudant Catalog page showing new values for available authentication methods.

For current production application Cloudant users, we highly recommend investigating and testing your application’s integration with the IAM model. IAM provides significant improvements for credential rotation and global management of user access.

Additionally, our advantages and disadvantages table will guide you through any potential troubles, so be sure to give it a read. IAM access is the recommended authentication model for all new production applications.

We hope these integrations with the IBM Cloud help your workflows and experience with Cloudant. Any questions? Feel free to drop a line to our support team.

Offering Manager // IBM Cloud

More What's New stories
March 11, 2019

Worker Node Auto-Scaling GA in IBM Cloud Kubernetes Service

We're extremely excited to announce the general availability of worker node auto-scaling in IBM Cloud Kubernetes Service.

Continue reading

March 8, 2019

IBM Cloud Kubernetes Service Supports CoreDNS

Kubernetes recently announced that CoreDNS has become the default cluster DNS provider starting in version 1.13. To align with this announcement, CoreDNS is also the default cluster DNS provider for new IBM Cloud Kubernetes Service version 1.13 clusters.

Continue reading

March 7, 2019

Modernize Your WebSphere Apps to the Cloud

Mix existing Java EE app capabilities and IBM Cloud services like AI and data analytics with IBM Cloud Application Platform. it combines application modernization and cloud-native application development into a single, consolidated offering.

Continue reading