检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Log In to a CBH Instance Console as an IAM User Function This API is used to log in to a CBH instance console as an IAM user.
Does CBH Support IAM Fine-Grained Management? Yes. Identity and Access Management (IAM) is a basic service for permission management. By default, new IAM users do not have any permissions. You need to grant different permissions to IAM users based on their duties.
Logging In to a Bastion Host Through the Service Console You can select Local Login, IAM Login (available in V3.3.44.0 or later), or Admin Login (available in V3.3.52.1 or later, but not supported by Kunpeng bastion hosts).
Request Parameters Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String User token It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
Create a user group on the IAM console, and attach the CBH ReadOnlyAccess policy to the group. Creating an IAM User. Create a user on the IAM console and add the user to the group created in 1. Log in and verify permissions.
Incorrect server ID. 401 CBH.10020100 Invalid IAM token. IAM authentication failed. Check the token. 403 CBH.10020002 Tenant has no permissions. Permissions required. The tenant does not have the permission. Check the user permission on IAM. 500 CBH.10020000 Unknown error.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String Instance ID.
POST /v2/{project_id}/cbs/agency/authorization cbh::operateAuthorization iam:agencies:listAgencies iam:permissions:listRolesForAgencyOnProject iam:agencies:createAgency iam:agencies:deleteAgency iam:permissions:grantRoleToAgencyOnProject iam:permissions:revokeRoleFromAgencyOnProject
IAM_USER_CONFLICT(1016): There were IAM user conflicts. HOST_NOT_MANAGE(1): The server requested has not be managed by CBH. HOST_ACCOUNT_NOT_EXIST(553): The account for logging in to the server is unavailable.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description security_groups Yes Array of strings Security group information.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String ID of the instance you want to roll back.
For details, see "Obtaining the Token of an IAM User." Response Parameters Status code: 400 Table 4 Response body parameters Parameter Type Description error_code String Error code error_description String Incorrect request parameters.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String Instance ID.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description publicip_id Yes String EIP ID, in UUID format.
During remote logins, you can select local, IAM, or admin login mode. In local or IAM login mode, use the accounts as required. In admin login mode, you can log in to a bastion host as user admin without entering passwords.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String Instance ID.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com)) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String CBH instance ID, in UUID format. reboot_type Yes String Restart mode, which is case insensitive.
For details, see "Obtaining the Token of an IAM User."
If your account does not need individual IAM users for permissions management, then you may skip over this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
