检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
With IAM, you can create IAM users, and assign permissions to the users to control their access to specific resources.
The validity period of a token obtained from IAM is 24 hours. If you want to use a token for authentication, cache it to avoid frequently calling the IAM API.
Introduction You can use Identity and Access Management (IAM) for fine-grained permissions management of your AS resources. If your HUAWEI IDaccount does not need individual IAM users, you can skip this section.
Procedure Ensure that you have created an IAM user and granted read-only permissions for ECS, VPC, and IMS to the IAM user. If no IAM user is available, create one. For details, see Creating an IAM User. Create two AS groups. For details, see Creating an AS Group.
Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
To learn more about how IAM is different from Organizations for access control, see What Are the Differences in Access Control Between IAM and Organizations? This section describes the elements used by IAM custom identity policies and Organizations SCPs.
If your Huawei Cloud account does not need individual IAM users for permissions management, skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Creating a User and Granting AS Permissions Scenarios IAM can help you implement fine-grained permissions control over your AS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
