What's New

Key Benefits of New Resource Groups and IAM Integration with Cloudant

Share this post:

What’s new with Cloudant?

Over the last few years, IBM Cloudant for IBM Cloud has leveraged Cloud Foundry for higher-level access control and organization of service instances, as well as its own set of per database user permissions for read, write, and admin access across the Dashboard and the API.

Starting in mid-July, we rolled out integrations with IBM Cloud resource groups and provided customers with the ability to leverage IBM Cloud Identity and Access Management (IAM) to improve authentication against Cloudant and logical organization of Cloudant instances. Provided below is a high-level introduction to the new features, but be sure to read the linked documentation as well to learn more.

Overview of resource groups

Essentially, resource groups let you organize your account resources for access control and billing purposes. If you use Cloud Foundry spaces, organizing resources are similar to how you’d organize resources into spaces. A resource is anything that can be created, managed, and contained within a resource group. Users aren’t added to resource groups—only resources can be added. Access policies applied to team members can be used to assign access to services and applications. To learn more, read Best Practices for Organizing Resources in a Resource Group.

Also, for a better IBM Cloud experience, try investigating and migrating your Cloudant instances from Cloud Foundry to resource groups using the following documentation. Migration lets you authenticate against your Cloudant instance with IBM Cloud IAM as well as legacy authentication methods.

If you have IBM Cloudant Dedicated Hardware, you must migrate that instance from Cloud Foundry to resource groups before you can provision any new instances onto that environment.

The benefits of Identity and Access Management (IAM)

IAM enables you to securely authenticate users for both platform services and control access to resources consistently across IBM Cloud. It provides the capability to perform the following:

  • User management
  • Fine-grained access control
  • API-key creation for authorization

Service IDs can also be created for application authentication against cloud services. For more information, please read the IBM Cloud IAM Getting Started Tutorial.

Get started

Upon provisioning new Cloudant instances, you will see a new drop-down that requires a choice between available authentication methods (see image below).

Choosing “Use both legacy credentials and IAM” gives you IAM access and legacy Cloudant credentials simultaneously. The option for “Use only IAM” provisions the service with only the option to interact with your instance through the IAM model. To fully understand the implementation of IAM for Cloudant, please read our tutorial.

Screenshot of the IBM Cloudant Catalog page showing new values for available authentication methods.

For current production application Cloudant users, we highly recommend investigating and testing your application’s integration with the IAM model. IAM provides significant improvements for credential rotation and global management of user access.

Additionally, our advantages and disadvantages table will guide you through any potential troubles, so be sure to give it a read. IAM access is the recommended authentication model for all new production applications.

We hope these integrations with the IBM Cloud help your workflows and experience with Cloudant. Any questions? Feel free to drop a line to our support team.

Offering Manager // IBM Cloud

More What's New stories
April 9, 2019

IBM Cloud Continuous Delivery is Now Better with Unlimited Insights

Starting this month, we are bundling IBM Continuous Delivery and IBM DevOps Insights to make the build, test, deploy, and learn experience on IBM Cloud even better.

Continue reading

April 5, 2019

IBM Cloud Functions Adds Support for Cloud Object Storage Triggers

IBM Cloud Functions now allows you to create triggers based on Cloud Object Storage bucket changes. With the new package, you can create triggers and rules to fire actions when bucket objects are created, modified, or deleted.

Continue reading

March 19, 2019

Introducing Private Service Endpoints in IBM Cloud Kubernetes Service

IBM Cloud Service Endpoint allows customers to connect to IBM Cloud services through the internal IBM Cloud network. Moving these workloads from IBM’s public cloud network offers considerable advantages to the client.

Continue reading