检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
(Optional) Create IAM users and set permissions. Create IAM users for employees based on the organizational structure of your enterprise, and grant different access permissions to them. (Mandatory) Purchase a cloud host.
Creating the apm_admin_trust Agency Log in to the IAM console. In the navigation pane, choose Agencies. On the page that is displayed, click Create Agency in the upper right corner. The Create Agency page is displayed. Set parameters by referring to Table 1.
Prerequisites You have been granted AOMFullAccessPolicy, iam:agencies:createAgency, and iam:agencies:deleteAgency permissions. For details about how to grant permissions, see Creating a User Group and Assigning Permissions. Procedure Log in to the AOM 2.0 console.
For the API for creating an IAM user, the following message body is returned. The following describes part of the response body. { "user": { "id": "c131886aec...
IAM can be used free of charge. You pay only for the resources in your account. For more information, see IAM Service Overview. AOM Permissions By default, new IAM users do not have any permissions assigned.
Access Control If you need to assign different permissions to employees in your enterprise to access your AOM resources, IAM is a good choice for fine-grained permissions management. IAM provides identity authentication, fine-grained permissions management, and access control.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Procedure Log in to the IAM console. In the navigation pane, choose Agencies. On the page that is displayed, click Create Agency in the upper right corner. The Create Agency page is displayed. Set parameters based on Table 1.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. IAM User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Introduction You can use Identity and Access Management (IAM) for fine-grained permissions management of your AOM. If your HUAWEI ID does not need individual IAM users, you can skip this topic. With IAM, you can control access to specific Huawei Cloud resources.
Prometheus Instance APIs √: supported; x: not supported Table 1 Prometheus instance APIs Permission API Action IAM Project Enterprise Project Uninstalling a hosted Prometheus instance DELETE /v1/{project_id}/aom/prometheus aom:metric:delete √ √ Querying a Prometheus instance GET /
Access Control If you need to assign different permissions to employees in your enterprise to access your AOM resources, IAM is a good choice for fine-grained permissions management.
Solution Contact the administrator (account to which the IAM user belongs) to add the SMN access permission. To add the permission, do as follows: Log in to IAM as the administrator, and add the SMN access permission to the IAM user.
Replace the italic fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: name of the IAM user to be created. email: email address of the IAM user. **********: password of the IAM user.
Create a user group on the IAM console, and assign the AOM ReadOnlyAccess policy to the group. Create an IAM user. Create a user on the IAM console and add the user to the group created in 1. Log in and verify permissions.
Creating a User and Granting Permissions This section describes the fine-grained permissions management provided by IAM for your AOM. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Creating a User and Granting Permissions This section describes the fine-grained permissions management provided by IAM for your Automation. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Log APIs √: supported; x: not supported Table 1 Log APIs Permission API Action IAM Project Enterprise Project Querying logs POST /v1/{project_id}/als/action aom:log:list √ × Parent topic: Actions Supported by Policy-based Authorization
Solution Log in to the IAM console as an administrator. On the Users page, locate the target username and click Authorize in the Operation column. Select the RBAC authorization model and click Next.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview. AOM Permissions By default, new IAM users do not have any permissions assigned.
