检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Granting AS Permissions Scenarios IAM can help you implement fine-grained permissions control over your AS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
If your Huawei Cloud account does not need individual IAM users for permissions management, skip this section. IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.
The validity period of a token obtained from IAM is 24 hours. If you want to use a token for authentication, cache it to avoid frequently calling the IAM API.
With IAM, you can use your account to create IAM users, and assign permissions to the users to control their access to specific resources.
The following is part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
name "password": $ADMIN_PASS, //IAM user password.
AS Policy Execution Logs Permission API Action IAM Project Enterprise Project Querying AS policy execution logs GET /autoscaling-api/v1/{project_id}/scaling_policy_execute_log/{scaling_policy_id} as:policyExecuteLogs:list √ √ Parent topic: Permissions and Supported Actions
When you use an IAM user with permissions to specific enterprise projects, this API will query scaling policies of the AS groups in these enterprise projects.
Quotas Permission API Action IAM Project Enterprise Project Querying AS quotas GET /autoscaling-api/v1/{project_id}/quotas as:quotas:get √ √ Querying AS policy and instance quotas GET /autoscaling-api/v1/{project_id}/quotas/{scaling_group_id} as:quotas:get √ √ Parent topic: Permissions
Scaling Action Logs Permission API Action IAM Project Enterprise Project Querying scaling action logs GET /autoscaling-api/v1/{project_id}/scaling_activity_log/{scaling_group_id} as:acivityLogs:list √ √ Querying scaling action logs (V2) GET /autoscaling-api/v2/{project_id}/scaling_activity_log
Instances Permission API Action IAM Project Enterprise Project Querying instances in an AS group GET /autoscaling-api/v1/{project_id}/scaling_group_instance/{scaling_group_id}/list as:instances:list √ √ Removing instances from an AS group DELETE /autoscaling-api/v1/{project_id}/scaling_group_instance
Notifications Permission API Action IAM Project Enterprise Project Configuring notifications for an AS group PUT /autoscaling-api/v1/{project_id}/scaling_notification/{scaling_group_id} as:notifications:set √ √ Querying notifications of an AS group GET /autoscaling-api/v1/{project_id
AS Configurations Permission API Action IAM Project Enterprise Project Creating an AS configuration POST /autoscaling-api/v1/{project_id}/scaling_configuration as:configs:create √ √ Querying AS configurations GET /autoscaling-api/v1/{project_id}/scaling_configuration as:configs:list
Tags Permission API Action IAM Project Enterprise Project Querying tags GET /autoscaling-api/v1/{project_id}/{resource_type}/tags as:tags:list √ × Querying tags of a resource GET /autoscaling-api/v1/{project_id}/{resource_type}/{resource_id}/tags as:tags:get √ × Updating or deleting
AS Groups Permission API Action IAM Project Enterprise Project Creating an AS group POST /autoscaling-api/v1/{project_id}/scaling_group as:groups:create √ √ Querying AS groups GET /autoscaling-api/v1/{project_id}/scaling_group as:groups:list √ √ Querying AS group details GET /autoscaling-api
Lifecycle Hooks Permission API Action IAM Project Enterprise Project Creating a lifecycle hook POST /autoscaling-api/v1/{project_id}/scaling_lifecycle_hook/{scaling_group_id} as:lifecycleHooks:create √ √ Querying lifecycle hooks GET /autoscaling-api/v1/{project_id}/scaling_lifecycle_hook
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
