Setting up IAM Policies for Push Notifications Service Instance
5 min read
By: Josephine Justin and Pradeep Gopalgowda
Define IAM roles for your instance
IBM Cloud Identity and Access Management (IAM) enables defining roles and policies to be set in an IBM Cloud user’s account. This allows owners of the Push Notifications service to control the access to the instances, with varying levels.
Set up IAM access policies
As an account owner, follow the steps below to set up the policies for the service instances:
Make sure that you’re logged in to your account as the account owner.
Create the Push Notification service instance.
For any new instance, you will notice that it’s getting created under the context of a service.
Created service instance will be listed under Services in the dashboard.
In the Manage tab of the console, click Security > Identity and Access > Users.
Click Invite Users. Enter the email address of the IBM Cloud user.
In the Access section, select the service instance.
Assign the user with the correct service access role.
To update the access, click on the Manage User against the name of the user.
Click on Edit to edit the access. Save the changes once done.
The invited user can access the instance and invoke the functionality.
Migrate existing Cloud Foundry instance to a resource group
If you have an existing Cloud Foundry instance, migrating it to a resource group allows you to define fine-grained access with IAM.
Move your cursor onto the push app arrow (see below). Click on the Migrate button from the pop-up.
Select the resource group you want to migrate and click on Migrate. If the resource group does not exist already, create a resource group.
Navigate to the migrated instance and create new credentials.
Use IAM apiKey for any further REST API calls to the service.
Please refer to the service documentation on IAM for further details.