All Products
Search
Document Center

Security Center:Onboard Baidu Cloud assets using an AccessKey

最終更新日:Dec 12, 2025

You can use the multicloud configuration management feature of Security Center to onboard Baidu Cloud products to Alibaba Cloud. This enables unified Cloud Security Posture Management (CSPM) and provides a single security view for threat detection across your cloud environments.

Step 1: Create authorization credentials for an IAM user in Baidu Cloud

Create an IAM user with the minimum permissions required for integration with Alibaba Cloud Security Center, and then obtain its AccessKey.

Note

For more information, see the official Baidu Cloud documents User Management and User management.

  1. Log on to the IAM user console

    Log on to the Baidu Cloud - IAM user console and click Create IAM User.

  2. Configure user information

    • Username: Enter a custom, easily identifiable name, such as aliyun-security-center-user.

    • Access Mode: Select Programmatic access.

    • Quick Authorization: Do not select this option to avoid granting excessive permissions.

  3. Set user permissions

    1. In the user list, find the target user and click Add Permission in the Operation column.

    2. Select the permission policies that correspond to the features you want to use in Security Center.

      Feature

      Policy Option

      Notes

      CSPM

      • GlobalReadPolicy includes read-only permissions for all products. This allows for quick provisioning.

      • For fine-grained authorization, use Option 2 and add policies for cloud products as needed.

  4. Create and save the AccessKey

    1. In the user list, click the name of the target user to go to the user details page.

    2. On the user details page, in the AccessKey section, click Create AccessKey.

    3. After you complete the security authentication, click Download AccessKey in the pop-up window. Save the AccessKeyID and AccessKeySecret.

      Warning

      You cannot download the AccessKey again after you close the pop-up window. Make sure to download and store the AccessKey information immediately.

Step 2: Complete the provisioning configuration in Security Center

After you create the API key for the IAM user in Baidu Cloud, return to the Security Center console to complete the provisioning configuration.

  1. Go to the authorization page

    You can access the AWS asset onboarding flow from any of the following paths:

    • Recommended path:

      1. Go to the Security Center console > System Settings > Feature Settings page. In the upper-left corner of the page, select the region where your assets are located: Chinese Mainland or Outside Chinese Mainland.

      2. On the Multi-cloud Configuration Management > Multi-cloud Assets tab, click Grant Permission, and then select Baidu Cloud.

    • Other entry points:

      In the Multi-cloud Service Integration area on the Assets > Cloud Product page, click the Add button below the image icon.

  2. Configure provisioning credentials

    1. In the Add Assets Outside Cloud panel, in the Select the modules to authorize section, select the features to provision and click Next.

      Note

      Currently, only CSPM is supported.

    2. On the Submit AccessKey Pair page, enter the AccessKey information that you created in Step 1.

    3. After you enter the information, click Next. The system automatically verifies the credentials and permissions.

      Note

      Authentication failed. For more information, see Why can't I see some added Baidu Cloud resources in Security Center?

  3. Configure the synchronization policy:

    • Select region: Select the region where the Baidu Cloud assets that you want to provision are located.

      Note

      The synchronized asset data is stored in the data center that corresponds to the region you selected in the upper-left corner of the Security Center console.

      • Chinese Mainland: data center in the Chinese mainland.

      • Outside Chinese Mainland: data center in Singapore.

    • Region Management: Select this option to automatically synchronize cloud products in new regions under this Baidu Cloud account. You do not need to add them manually.

    • Cloud Service Synchronization Frequency: Set the interval for automatically synchronizing Baidu Cloud products. To disable synchronization, set this to Off.

    • AK Service Status Check: Set the interval for Security Center to automatically check the validity of the Baidu Cloud account's API key. You can select Off to disable this check.

  4. After you complete the configuration, click Synchronize Assets. The system then automatically synchronizes the cloud products from the Baidu Cloud account to Security Center.

Step 3: View onboarded products

In the Security Center console, go to the Assets > Cloud Product page. In the All Alibaba Cloud Services navigation pane on the left, click Baidu Cloud to view the provisioned Baidu Cloud assets. For more information, see View cloud product information.

Note

After the initial provisioning or a configuration change, there may be a synchronization latency.

Appendix: Baidu Cloud product permission policies

The list of Baidu Cloud products supported by Security Center is continuously updated. For the latest list of supported products, refer to the console.

Policy Name

Permission Description

RedisReadAccessPolicy

Read-only access permissions for Redis instances.

KAFKAReadAccessPolicy

Read-only access permissions for Kafka instances.

MONGODBReadAccessPolicy

Read-only access permissions for MongoDB instances.

RDSReadAccessPolicy

Read-only access permissions for RDS instances.

VPCReadAccessPolicy

Read-only access permissions for VPC resources.

BOSLISTANDReadAccessPolicy

Read permissions for BOS buckets.

BLBReadAccessPolicy

Read-only access permissions for BLB instances.

FAQ

  • Why can't I see some of my provisioned Baidu Cloud resources in Security Center?

    • Region not selected: In the provisioning configuration in Security Center, check if the Baidu Cloud region where the resource is located is selected.

    • Synchronization latency: A synchronization latency may occur after the initial provisioning or a configuration change. Wait for the synchronization to complete.

  • What should I do if the automatic credential and permission check fails after I enter the AccessKey?

    This issue usually occurs because the IAM user has insufficient permissions. For more information, see Set user permissions. You can then go to the Baidu Cloud console to modify or add the required user permission policies.