检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If your HUAWEI ID does not require individual IAM users for permissions management, skip this section. IAM is free of charge. You pay only for the resources in your account. For more information, see IAM Service Overview. DMS for RocketMQ permissions policies are based on DMS.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
IAM projects or enterprise projects: A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing DMS for RocketMQ resources.
For security purposes, create IAM users and grant them permissions for routine management. IAM user An Identity and Access Management (IAM) user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
To better isolate and manage permissions, you are advised to configure an independent IAM administrator and grant them the permission to manage IAM policies. The IAM administrator can create different user groups based on your service requirements.
DMS for RocketMQ uses Identity and Access Management (IAM) to provide three identity authentication modes: passwords, access keys, and temporary access keys.
The API used to obtain a project ID is GET https://{Endpoint}/v3/projects, where {Endpoint} indicates the IAM endpoint. You can obtain the IAM endpoint from Regions and Endpoints. For details on API calling authentication, see Authentication.
Figure 1 Process of using RocketMQ Creating a User and Granting DMS for RocketMQ Permissions Create IAM users and grant them only the DMS for RocketMQ permissions required to perform a given task based on their job responsibilities.
Prerequisites The endpoints of IAM and RocketMQ have been obtained. For details, see Regions and Endpoints.
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
Prerequisites The endpoint of the region where IAM and RocketMQ are deployed has been obtained. The RocketMQ instance ID and the project (instance region) ID have been obtained.
