What's New

Key Benefits of New Resource Groups and IAM Integration with Cloudant

Share this post:

What’s new with Cloudant?

Over the last few years, IBM Cloudant for IBM Cloud has leveraged Cloud Foundry for higher-level access control and organization of service instances, as well as its own set of per database user permissions for read, write, and admin access across the Dashboard and the API.

Starting in mid-July, we rolled out integrations with IBM Cloud resource groups and provided customers with the ability to leverage IBM Cloud Identity and Access Management (IAM) to improve authentication against Cloudant and logical organization of Cloudant instances. Provided below is a high-level introduction to the new features, but be sure to read the linked documentation as well to learn more.

Overview of resource groups

Essentially, resource groups let you organize your account resources for access control and billing purposes. If you use Cloud Foundry spaces, organizing resources are similar to how you’d organize resources into spaces. A resource is anything that can be created, managed, and contained within a resource group. Users aren’t added to resource groups—only resources can be added. Access policies applied to team members can be used to assign access to services and applications. To learn more, read Best Practices for Organizing Resources in a Resource Group.

Also, for a better IBM Cloud experience, try investigating and migrating your Cloudant instances from Cloud Foundry to resource groups using the following documentation. Migration lets you authenticate against your Cloudant instance with IBM Cloud IAM as well as legacy authentication methods.

If you have IBM Cloudant Dedicated Hardware, you must migrate that instance from Cloud Foundry to resource groups before you can provision any new instances onto that environment.

The benefits of Identity and Access Management (IAM)

IAM enables you to securely authenticate users for both platform services and control access to resources consistently across IBM Cloud. It provides the capability to perform the following:

  • User management
  • Fine-grained access control
  • API-key creation for authorization

Service IDs can also be created for application authentication against cloud services. For more information, please read the IBM Cloud IAM Getting Started Tutorial.

Get started

Upon provisioning new Cloudant instances, you will see a new drop-down that requires a choice between available authentication methods (see image below).

Choosing “Use both legacy credentials and IAM” gives you IAM access and legacy Cloudant credentials simultaneously. The option for “Use only IAM” provisions the service with only the option to interact with your instance through the IAM model. To fully understand the implementation of IAM for Cloudant, please read our tutorial.

Screenshot of the IBM Cloudant Catalog page showing new values for available authentication methods.

For current production application Cloudant users, we highly recommend investigating and testing your application’s integration with the IAM model. IAM provides significant improvements for credential rotation and global management of user access.

Additionally, our advantages and disadvantages table will guide you through any potential troubles, so be sure to give it a read. IAM access is the recommended authentication model for all new production applications.

We hope these integrations with the IBM Cloud help your workflows and experience with Cloudant. Any questions? Feel free to drop a line to our support team.

Offering Manager // IBM Cloud

More What's New stories
October 17, 2018

IBM Cloud Object Storage Archive is Now Available at $0.002 per GB

The IBM Cloud team is excited to announce the general availability of IBM Cloud Object Storage Archive. At $0.002 per gigabyte per month, IBM Cloud Object Storage Archive is an extremely low-cost, scalable, secure, and durable solution designed for long-term data archival, backup, and disaster recovery.

Continue reading

October 5, 2018

IBM Watson Knowledge Catalog is Now Available in the Frankfurt Data Center

We are excited to announce that IBM Watson Knowledge Catalog is now available in the Frankfurt data center. Watson Knowledge Catalog is an intelligent cataloging service that lets you bring together and prepare analytic and AI assets.

Continue reading

October 5, 2018

IAM Access Policies in IBM Cloud Container Registry

IBM Cloud Container Registry now supports IBM Cloud Identity and Access Management (IAM) access policies. You can configure policies to control the actions that your users and Service IDs can perform in Container Registry.

Continue reading