检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For the API for creating an IAM user as an administrator, the message header shown in Figure 1 is returned.
Policies that contain actions supporting both IAM projects and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
Check the number of IP address ranges in the request. 500 DNS.1801 An error occurred when the IAM PDP service is called. The IAM PDP service cannot be properly called. Retry the operation.
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. To avoid token expiration during an API call, ensure that the time taken to complete a call is shorter than the time left before a token expires.
If your account does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
Tag Management Table 1 Actions for tag management Permission API Action Dependent Permission IAM Project (Project) Enterprise Project Add a resource tag. POST /v2/{project_id}/{resource_type}/{resource_id}/tags dns:tag:set - √ √ Add or delete resource tags in batches.
Custom Line Table 1 Custom line management Permission API Action Dependent Permission IAM Project (Project) Enterprise project (Enterprise Project) Create a custom line. POST /v2.1/customlines dns:customline:create - √ × Query custom lines.
Creating a User and Granting DNS Permissions To implement fine-grained permissions control over your DNS resources, IAM is a good choice. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Zone Management Table 1 Actions for zone management Permission API Action Dependent Permission IAM Project Enterprise Project Create a zone. POST /v2/zones dns:zone:create vpc:*:get* vpc:*:list* √ √ Query a zone. GET /v2/zones/{zone_id} dns:zone:get - √ √ List the zones.
To ensure account security, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
The bold parameters need to be replaced for a real request. accountid: account ID of an IAM user username: name of an IAM user email: email of an IAM user **********: login password of an IAM user POST https://iam.ap-southeast-1.myhuaweicloud.com/v3.0/OS-USER/users Content-Type:
Record Set Importing Table 1 Actions for record set importing Permission API Action Dependent Permission IAM Project Enterprise Project Download the template for importing public zone record sets in batches.
The token obtained from IAM is valid for only 24 hours. If you want to use one token for authentication, you can cache it to avoid frequently calling the IAM API.
Record Set Management Table 1 Actions for record set management Permission API Action Dependent Permission IAM Project Enterprise Project Create a record set. POST /v2/zones/{zone_id}/recordsets dns:recordset:create - √ √ Create a record set.
The token obtained from IAM is valid for only 24 hours. If you want to use one token for authentication, you can cache it to avoid frequently calling the IAM API. Prerequisites You have registered domain name example.com with a third-party registrar.
It can be obtained by calling an IAM API. The value of X-Subject-Token in the response header is the user token.
PTR Record Management Table 1 Actions for PTR record management Permission API Action Dependent Permission IAM Project Enterprise Project Create a PTR record. PATCH /v2/reverse/floatingips/{region}:{floatingip_id} dns:ptr:set vpc:*:get* vpc:*:list* √ √ Modify a PTR record.
Public Resource Management Table 1 Actions for public resource management Permission API Action Related Action IAM Project (Project) Enterprise Project List DNS name servers. GET /v2/nameservers dns:nameserver:list - √ × Only authentication is required. Query resource quotas.
Identity and Access Control You can use Identity and Access Management (IAM) to control access to your DNS resources. IAM permissions define which actions on your cloud resources are allowed or denied.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication and Authorization. The following is an example response.
