What’s new with Cloudant?
Over the last few years, IBM Cloudant for IBM Cloud has leveraged Cloud Foundry for higher-level access control and organization of service instances, as well as its own set of per database user permissions for read, write, and admin access across the Dashboard and the API.
Starting in mid-July, we rolled out integrations with IBM Cloud resource groups and provided customers with the ability to leverage IBM Cloud Identity and Access Management (IAM) to improve authentication against Cloudant and logical organization of Cloudant instances. Provided below is a high-level introduction to the new features, but be sure to read the linked documentation as well to learn more.
Overview of resource groups
Essentially, resource groups let you organize your account resources for access control and billing purposes. If you use Cloud Foundry spaces, organizing resources are similar to how you’d organize resources into spaces. A resource is anything that can be created, managed, and contained within a resource group. Users aren’t added to resource groups—only resources can be added. Access policies applied to team members can be used to assign access to services and applications. To learn more, read Best Practices for Organizing Resources in a Resource Group.
Also, for a better IBM Cloud experience, try investigating and migrating your Cloudant instances from Cloud Foundry to resource groups using the following documentation. Migration lets you authenticate against your Cloudant instance with IBM Cloud IAM as well as legacy authentication methods.
If you have IBM Cloudant Dedicated Hardware, you must migrate that instance from Cloud Foundry to resource groups before you can provision any new instances onto that environment.
The benefits of Identity and Access Management (IAM)
IAM enables you to securely authenticate users for both platform services and control access to resources consistently across IBM Cloud. It provides the capability to perform the following:
Fine-grained access control
API-key creation for authorization
Upon provisioning new Cloudant instances, you will see a new drop-down that requires a choice between available authentication methods (see image below).
Choosing “Use both legacy credentials and IAM” gives you IAM access and legacy Cloudant credentials simultaneously. The option for “Use only IAM” provisions the service with only the option to interact with your instance through the IAM model. To fully understand the implementation of IAM for Cloudant, please read our tutorial.
Screenshot of the IBM Cloudant Catalog page showing new values for available authentication methods.
For current production application Cloudant users, we highly recommend investigating and testing your application’s integration with the IAM model. IAM provides significant improvements for credential rotation and global management of user access.
Additionally, our advantages and disadvantages table will guide you through any potential troubles, so be sure to give it a read. IAM access is the recommended authentication model for all new production applications.
We hope these integrations with the IBM Cloud help your workflows and experience with Cloudant. Any questions? Feel free to drop a line to our support team.