检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Log in to the IAM console and choose Agencies to check the agency quota and either adjust it or delete agencies that are no longer in use. Parent topic: Precautions When Using Huawei Cloud CSE
Request Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token. X-Enterprise-Project-ID No String If this parameter is not set, the default enterprise project is default and the ID is 0.
Once a service has been authorized, an agency named cse_admin_trust on IAM will be created. Go to the agency list to view the details. To grant permissions, you must have the Security Administrator role permissions. Confirm the permissions in the IAM service.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An Identity and Access Management (IAM) user is created using an account to use cloud services.
Request Table 3 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token. x-engine-id Yes String Instance ID of an exclusive microservice engine. X-Enterprise-Project-ID Yes String Enterprise project ID.
Log in to Huawei Cloud as an IAM user. Tenant name: Name of the account used to create the IAM user IAM username and password: Username and password specified during the IAM user creation using the tenant name Create a microservice engine on the CSE console.
Request Table 3 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token. x-engine-id Yes String Instance ID of an exclusive microservice engine. X-Enterprise-Project-ID Yes String Enterprise project ID.
Request Table 3 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token. x-engine-id Yes String Instance ID of an exclusive microservice engine. X-Enterprise-Project-ID Yes String Enterprise project ID.
Request Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token. X-Enterprise-Project-ID No String If this parameter is not set, the default enterprise project is default and the ID is 0.
Creating a User and Granting Permissions This section describes how to use IAM to implement fine-grained permissions control for your CSE resources. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Querying an RBAC Token Function This API is used to obtain an RBAC token based on the IAM token. URI POST /v2/{project_id}/enginemgr/engines/{engine_id}/tokens Table 1 Path parameters Parameter Mandatory Type Description project_id Yes String Project ID, which must be unique.
You can create up to 1000 accounts, including new accounts and imported IAM account. Importing an IAM Account Imports an IAM account and associates roles with it. Users using this IAM account have the access and operation permissions on the microservice engine.
For the API for creating an IAM user as an administrator, the following message body is returned. The following is part of the response body: { "user": { "id": "c131886aec...
Request Table 3 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token. x-engine-id Yes String Instance ID of an exclusive microservice engine. X-Enterprise-Project-ID Yes String Enterprise project ID.
IAM user import Identity and Access Management (IAM) To import IAM users, the IAM ReadOnlyAccess permission is required. Table 3 lists the common operations for each system-defined policy or role of CSE. Select policies or roles as needed.
Replace the italic fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: IAM username to be created. email: email address of the IAM user. **********: password of the IAM user.
To operate a ServiceComb engine on CSE, you must have both the IAM and RBAC permissions, and the IAM permission takes precedence over the RBAC permission.
The API for obtaining a project ID is GET https://{Endpoint}/v3/projects, where {Endpoint} indicates the IAM endpoint. You can obtain the IAM endpoint from Regions and Endpoints. For details about API authentication, see Authentication.
Figure 1 illustrates the responsibilities shared by Huawei Cloud and IAM users. Huawei Cloud: Ensure the security of cloud services and provide secure clouds.
Access Policy Description Documentation IAM permissions IAM permissions define which actions on your cloud resources are allowed and which actions are denied, to control access to your resources.
