检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Private NAT Gateway - Transit IP Address Permission API Action IAM Project Enterprise Project Assigning a Transit IP Address POST /v3/{project_id}/private-nat/transit-ips nat:transitIps:create √ √ Querying a Transit IP Address GET /v3/{project_id}/private-nat/transit-ips/{transit_ip_id
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
If you need to perform fine-grained permissions control on your NAT gateways, you can use Identity and Access Management (IAM). For details, see Permissions Management. Properly manage identity authentication to prevent data leaks.
Viewing Metrics Identity and Access Management (IAM) If you need to assign different permissions to employees in your enterprise to control their access to your NAT Gateway resources, IAM is a good choice for fine-grained permissions management.
Creating a User and Granting NAT Gateway Permissions This section describes how to use IAM to implement fine-grained permissions control for your NAT Gateway resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
SNAT Rules of Public NAT Gateways Permission API Action IAM Project Enterprise Project Creating an SNAT Rule POST /v2/{project_id}/snat_rules nat:snatRules:create √ √ Querying SNAT Rules GET /v2/{project_id}/snat_rules nat:snatRules:list √ √ Querying Details About an SNAT Rule GET
SNAT Rules of Private NAT Gateways Permission API Action IAM Project Enterprise Project Creating an SNAT Rule POST /v3/{project_id}/private-nat/snat-rules nat:privateNatSnatRules:create √ √ Querying an SNAT Rule GET /v3/{project_id}/private-nat/snat-rules/{snat_rule_id} nat:privateNatSnatRules
To learn more about how IAM is different from Organizations for access control, see How IAM Is Different from Organizations for Access Control?. This section describes the elements used by IAM custom identity policies and Organizations SCPs.
Public NAT Gateways Permission API Action IAM Project Enterprise Project Creating a Public NAT Gateway POST /v2/{project_id}/nat_gateways nat:natGateways:create √ √ Querying Public NAT Gateways GET /v2/{project_id}/nat_gateways nat:natGateways:list √ √ Querying Details About a Specific
Private NAT Gateway Tags Permission API Action IAM Project Enterprise Project Adding a Tag to a Private NAT Gateway POST /v3/{project_id}/private-nat-gateways/{resource_id}/tags nat:privateNatGatewayTags:create √ √ Batch Adding or Deleting Tags to or from a Private NAT Gateway POST
Private NAT Gateways Permission API Action IAM Project Enterprise Project Creating a Private NAT Gateway POST /v3/{project_id}/private-nat/gateways nat:privateNatGateways:create √ √ Querying Private NAT Gateways GET /v3/{project_id}/private-nat/gateways nat:privateNatGateways:list
DNAT Rules of Public NAT Gateways Permission API Action IAM Project Enterprise Project Creating a DNAT Rule POST /v2/{project_id}/dnat_rules nat:dnatRules:create √ √ Creating DNAT Rules in Batches POST /v2/{project_id}/dnat_rules/batch nat:dnatRules:create √ √ Querying DNAT Rules
The following shows part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
DNAT Rules of Private NAT Gateways Permission API Action IAM Project Enterprise Project Creating a DNAT Rule POST /v3/{project_id}/private-nat/dnat-rules nat:privateNatDnatRules:create √ √ Querying a DNAT Rule GET /v3/{project_id}/private-nat/dnat-rules/{dnat_rule_id} nat:privateNatDnatRules
name "password": $ADMIN_PASS, // IAM user password.
Introduction You can use Identity and Access Management (IAM) for fine-grained permissions management of your NAT Gateway resources. If your HUAWEI ID does not need individual IAM users, you can skip this section.
Identity Authentication and Access Control You can use Identity and Access Management (IAM) to control access to your NAT Gateway resources. IAM permissions define which actions on your cloud resources are allowed or denied.
IAM helps you secure access to your Huawei Cloud resources. With IAM, you can create IAM users and grant them permissions to access only specific resources.
