Use the multicloud configuration management feature of Security Center to connect your Baidu Cloud account and bring its assets under unified Cloud Security Posture Management (CSPM). Once connected, Security Center provides a single security view and threat detection across all your cloud environments.
Prerequisites
Before you begin, ensure that you have:
An active Baidu Cloud account
Access to the Security Center console
Step 1: Create an IAM user in Baidu Cloud
Create a dedicated IAM user with minimum permissions for the Security Center integration, then generate its AccessKey.
For details on Baidu Cloud IAM, see the official Baidu Cloud documentation: User ManagementIAM user operations and User management.
Log in to the Baidu Cloud IAM user console and click Create IAM User.
Configure the user:
Username: Enter a recognizable name, such as
aliyun-security-center-user.Access Mode: Select Programmatic access.
Quick Authorization: Leave this unselected to avoid granting excessive permissions.
Assign permissions to the user:
In the user list, find the user and click Add Permission in the Operation column.
Select the permission policies for the features you want to use in Security Center:
Feature Policy option Notes CSPM Option 1: IAMReadAccessPolicy+GlobalReadPolicyGlobalReadPolicygrants read-only access to all Baidu Cloud products. Use this for quick setup.CSPM Option 2: IAMReadAccessPolicy+BCCReadAccessPolicy+ per-product policiesUse this for fine-grained authorization. Add only the policies for the products you need. See the appendix for the full policy list.
Generate an AccessKey for the user:
Click the user's name to open the user details page.
In the AccessKey section, click Create AccessKey.
Complete the security verification, then click Download AccessKey in the dialog.
Save the AccessKeyID and AccessKeySecret.
WarningAfter you close the dialog, the AccessKeySecret cannot be retrieved again. Download and store the AccessKey immediately.
Step 2: Configure the connection in Security Center
Open the Security Center console, enter the Baidu Cloud credentials, and configure synchronization.
Open the onboarding panel
Use either of the following paths to open the Add Assets Outside Cloud panel:
Recommended: Go to System Settings > Feature Settings. Select your region (Chinese Mainland or Outside Chinese Mainland) in the upper-left corner. On the Multi-cloud Configuration Management > Multi-cloud Assets tab, click Grant Permission and select Baidu Cloud.
Alternative: Go to Assets > Cloud Product. In the Multi-cloud Service Integration area, click the Add button below the
icon.
Enter credentials and configure synchronization
In the Select the modules to authorize section, select the features to enable and click Next.
Currently, only CSPM is supported.
On the Submit AccessKey Pair page, enter the AccessKeyID and AccessKeySecret from Step 1, then click Next. Security Center automatically verifies the credentials and permissions.
If verification fails, the IAM user likely has insufficient permissions. See the FAQ for resolution steps.
Configure the synchronization policy:
Setting Description Region Select the Baidu Cloud regions where your assets are located. Asset data is stored in the data center that matches your console region selection: Chinese Mainland uses a data center in the Chinese mainland; Outside Chinese Mainland uses a data center in Singapore. Region Management Enable to automatically include assets from new Baidu Cloud regions as they are added to your account. Cloud Service Synchronization Frequency Set the interval for automatic asset synchronization. Set to Off to disable. AK Service Status Check Set the interval for Security Center to verify the AccessKey is still valid. Set to Off to disable. Click Synchronize Assets. Security Center begins syncing your Baidu Cloud assets.
Step 3: Verify the connection
Go to Assets > Cloud Product in the Security Center console. In the left navigation pane, click Baidu Cloud to see the synchronized assets.
The initial synchronization may take some time to complete. If assets do not appear immediately, wait for the sync to finish before troubleshooting. For more information, see View cloud product information.
Appendix: Baidu Cloud permission policies
The following policies are available for fine-grained authorization. The list of supported Baidu Cloud products is continuously updated — check the console for the latest.
| Policy name | Permission |
|---|---|
RedisReadAccessPolicy | Read-only access to Redis instances |
KAFKAReadAccessPolicy | Read-only access to Kafka instances |
MONGODBReadAccessPolicy | Read-only access to MongoDB instances |
RDSReadAccessPolicy | Read-only access to RDS instances |
VPCReadAccessPolicy | Read-only access to VPC resources |
BOSLISTANDReadAccessPolicy | Read access to BOS buckets |
BLBReadAccessPolicy | Read-only access to BLB instances |
FAQ
Why can't I see some of my Baidu Cloud assets in Security Center?
Check two things. First, confirm that the Baidu Cloud region where the assets are located is selected in your synchronization policy. Second, if you recently completed the initial setup or changed the configuration, wait for the synchronization to finish — assets may not appear immediately.
What should I do if credential verification fails after I enter the AccessKey?
The IAM user likely does not have the required permissions. Go back to the Baidu Cloud console and update the user's permission policies. For CSPM, the user needs at minimum IAMReadAccessPolicy + GlobalReadPolicy (Option 1), or IAMReadAccessPolicy + BCCReadAccessPolicy + per-product policies (Option 2). See Step 1 for details.