检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Private NAT Gateway - Transit IP Address Permission API Action IAM Project Enterprise Project Assigning a Transit IP Address POST /v3/{project_id}/private-nat/transit-ips nat:transitIps:create √ √ Querying a Transit IP Address GET /v3/{project_id}/private-nat/transit-ips/{transit_ip_id
Private NAT Gateway - Tag Permission API Action IAM Project Enterprise Project Adding a Tag to a Private NAT Gateway POST /v3/{project_id}/private-nat-gateways/{resource_id}/tags nat:privateNatGatewayTags:create √ √ Batch Adding or Deleting Tags to or from a Private NAT Gateway POST
Private NAT Gateway - Transit IP Address Tag Permission API Action IAM Project Enterprise Project Querying Transit IP Addresses by Tag POST /v3/{project_id}/transit-ips/resource_instances/action nat:transitIpTags:list √ × Batch Adding or Deleting Tags to or from a Transit IP Address
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequent calling. Procedure Create a NAT gateway. Determine the VPC to be used. Query VPCs.
If you need to perform fine-grained permissions control on your NAT gateways, you can use Identity and Access Management (IAM). For details, see Permissions Management. Properly manage identity authentication to prevent data leaks.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequent calling. Procedure Create a NAT gateway. Determine the VPC to be used. Query VPCs.
Viewing Metrics Identity and Access Management (IAM) If you need to assign different permissions to employees in your enterprise to control their access to your NAT Gateway resources, IAM is a good choice for fine-grained permissions management.
Creating a User and Granting NAT Gateway Permissions This section describes how to use IAM to implement fine-grained permissions control for your NAT Gateway resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Making an API Request This section describes the structure of a REST API request, and uses the IAM API for creating an IAM User as an example to demonstrate how to call an API. The obtained token can then be used to authenticate the calling of other APIs.
SNAT Rules of Public NAT Gateways Permission API Action IAM Project Enterprise Project Creating an SNAT Rule POST /v2/{project_id}/snat_rules nat:snatRules:create √ √ Querying SNAT Rules GET /v2/{project_id}/snat_rules nat:snatRules:list √ √ Querying Details About an SNAT Rule GET
SNAT Rules of Private NAT Gateways Permission API Action IAM Project Enterprise Project Creating an SNAT Rule POST /v3/{project_id}/private-nat/snat-rules nat:privateNatSnatRules:create √ √ Querying an SNAT Rule GET /v3/{project_id}/private-nat/snat-rules/{snat_rule_id} nat:privateNatSnatRules
Public NAT Gateways Permission API Action IAM Project Enterprise Project Creating a Public NAT Gateway POST /v2/{project_id}/nat_gateways nat:natGateways:create √ √ Querying Public NAT Gateways GET /v2/{project_id}/nat_gateways nat:natGateways:list √ √ Querying Details About a Specific
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
Private NAT Gateways Permission API Action IAM Project Enterprise Project Creating a Private NAT Gateway POST /v3/{project_id}/private-nat/gateways nat:privateNatGateways:create √ √ Querying Private NAT Gateways GET /v3/{project_id}/private-nat/gateways nat:privateNatGateways:list
DNAT Rules of Public NAT Gateways Permission API Action IAM Project Enterprise Project Creating a DNAT Rule POST /v2/{project_id}/dnat_rules nat:dnatRules:create √ √ Creating DNAT Rules in Batches POST /v2/{project_id}/dnat_rules/batch nat:dnatRules:create √ √ Querying DNAT Rules
DNAT Rules of Private NAT Gateways Permission API Action IAM Project Enterprise Project Creating a DNAT Rule POST /v3/{project_id}/private-nat/dnat-rules nat:privateNatDnatRules:create √ √ Querying a DNAT Rule GET /v3/{project_id}/private-nat/dnat-rules/{dnat_rule_id} nat:privateNatDnatRules
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that only contain actions for IAM projects can be used and only take effect for IAM.
IAM helps you secure access to your Huawei Cloud resources. With IAM, you can create IAM users and grant them permissions to access only specific resources.
