检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
What Should I Do If I Cannot Enable CTS as an IAM User? Background If you fail to enable CTS as an IAM user, perform the following steps. Procedure Check whether the IAM user has the permission. If yes, go to 2.
How Do I Find Out the Login IP Address of an IAM User? Background If you want to check if there are security risks in your account by examining the login IP addresses and login time of IAM users, you can view traces recorded by CTS. Prerequisites You have enabled CTS.
Must I Use an IAM User (Sub Account) to Configure Transfer on CTS and Perform Operations on an OBS Bucket? No. You only need to ensure that you have the permissions to perform operations on OBS buckets.
Permissions Management This chapter describes how to use IAM for fine-grained permissions control for your CTS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
agencies:listAgencies iam:agencies:createAgency iam:permissions:grantRoleToAgencyOnProject iam:permissions:listRolesForAgencyOnProject iam:projects:listProjects iam:groups:listGroups iam:users:listUsers iam:users:listUsersForGroup Creating a key event notification cts:notification
The cts_admin_trust agency of IAM contains the following permissions: OBS Administrator KMS Administrator SMN Administrator
The token obtained from IAM is valid for only 24 hours. If you want to use the same token for authentication, you can cache it to avoid frequent calling of the IAM API.
Making an API Request This section describes the structure of a REST API request, and uses the IAM API for obtaining a user token as an example to demonstrate how to call an API. The obtained token can then be used to authenticate the calling of other APIs.
IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
The user field shows details of the IAM user who created the ECS. The format is {"name": "Account name", "id": "Account ID", "domain"{"name": "IAM user name", "id": "IAM user ID"}}. If the ECS was created by an account, the IAM user name and the account name are the same.
For an IAM user, the format is iam::<account-id>:user:<user-name>. For an IAM agency session identity, the format is sts::<account-id>:assumed-agency:<agency-name>/<agency-session-name>.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
If you log in to the console as an IAM user, contact the administrator (Huawei Cloud account or a user in the user group admin) to grant the following permissions to the IAM user. For details, see Assigning Permissions to an IAM User.
For services that do not differentiate regions, such as IAM, you need to enable CTS and create a tracker named system in the central region CN-Hong Kong so that traces can be reported in other regions.
If you log in to Huawei Cloud as an IAM user, first contact your CTS administrator (account owner or a user in the admin user group) to obtain the CTS FullAccess permissions. For details, see Assigning Permissions to an IAM User.
If you log in to Huawei Cloud as an IAM user, first contact your CTS administrator (account owner or a user in the admin user group) to obtain the CTS FullAccess permissions. For details, see Assigning Permissions to an IAM User.
However, users with enterprise project management function enabled must also be granted certain IAM permissions to use this capability. For global services, you must configure trackers and key event notifications on the CTS console in the central region (CN-Hong Kong).
Delete the CTS agency from the IAM agency list. CTS will become unavailable.
However, users with enterprise project management function enabled must also be granted certain IAM permissions to use this capability. Helpful Links What Is Organizations?
For an IAM user, the format is iam::<account-id>:user:<user-name>. For an IAM delegated account, the format is sts::sts::<account-id>:assumed-agency:<agency-name>/<agency-session-name>.
