Skip to content

Huawei Open Platform Keys

Service Name: Huawei Cloud

Service Description: Huawei Cloud is a comprehensive cloud computing service platform that provides elastic computing, storage, networking, security, and management services. The Open Platform API keys are used to authenticate and authorize API requests to Huawei Cloud services.

Service Address: https://www.huaweicloud.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the IAM level through security policies.

Secret Access Scope: Grants programmatic access to Huawei Cloud resources and services based on the permissions assigned to the associated IAM user.

Secret Revokement URL: https://support.huaweicloud.com/intl/en-us/usermanual-iam/iam_02_0003.html

Secret Example: HWACCESSKEY123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ

Suspicious Activity Investigation Instructions:

  • Review Cloud Trace Service (CTS) logs for unusual API calls or resource access
  • Check IAM console for unauthorized user activities.
  • Monitor for unexpected resource creation or deletion
  • Review billing information for unexpected charges
  • Check for API calls from unusual geographic locations

Mitigation Instructions:

  • Log in to the Huawei Cloud console
  • Navigate to the Identity and Access Management (IAM) service
  • Select the user account associated with the compromised key
  • Go to the "Security Settings" tab
  • Locate the compromised access key and click "Delete"
  • Create a new access key if needed
  • Review and update IAM policies to limit permissions
  • Enable multi-factor authentication for the account
  • Consider implementing IP restrictions for API access