检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Granting DNS Permissions To implement fine-grained permissions control over your DNS resources, IAM is a good choice. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
Identity and Access Control You can use Identity and Access Management (IAM) to control access to your DNS resources. IAM permissions define which actions on your cloud resources are allowed or denied.
Policies that contain actions supporting both IAM projects and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
If your Huawei Cloud account does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
name "password": $ADMIN_PASS, //IAM user password.
Public Resource Management Table 1 Actions for public resource management Permission API Action Related Action IAM Project (Project) Enterprise Project List DNS name servers. GET /v2/nameservers dns:nameserver:list - √ × Only authentication is required. Query resource quotas.
Custom Line Table 1 Custom line management Permission API Action Dependent Permission IAM Project (Project) Enterprise project (Enterprise Project) Create a custom line. POST /v2.1/customlines dns:customline:create - √ × Query custom lines.
The token obtained from IAM is valid for only 24 hours. If you want to use one token for authentication, you can cache it to avoid frequently calling the IAM API.
The token obtained from IAM is valid for only 24 hours. If you want to use one token for authentication, you can cache it to avoid frequently calling the IAM API. Prerequisites You have registered domain name example.com with a third-party registrar.
Tag Management Table 1 Actions for tag management Permission API Action Dependent Permission IAM Project (Project) Enterprise Project Add a resource tag. POST /v2/{project_id}/{resource_type}/{resource_id}/tags dns:tag:set - √ √ Add or delete resource tags in batches.
PTR Record Management Table 1 Actions for PTR record management Permission API Action Dependent Permission IAM Project Enterprise Project Create a PTR record. PATCH /v2/reverse/floatingips/{region}:{floatingip_id} dns:ptr:set vpc:*:get* vpc:*:list* √ √ Modify a PTR record.
Record Set Importing Table 1 Actions for record set importing Permission API Action Dependent Permission IAM Project Enterprise Project Download the template for importing public zone record sets in batches.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
Zone Management Table 1 Actions for zone management Permission API Action Dependent Permission IAM Project Enterprise Project Create a zone. POST /v2/zones dns:zone:create vpc:*:get* vpc:*:list* √ √ Query a zone. GET /v2/zones/{zone_id} dns:zone:get - √ √ List the zones.
Record Set Management Table 1 Actions for record set management Permission API Action Dependent Permission IAM Project Enterprise Project Create a record set. POST /v2/zones/{zone_id}/recordsets dns:recordset:create - √ √ Create a record set.
Check the number of IP address ranges in the request. 500 DNS.1801 An error occurred when the IAM PDP service is called. The IAM PDP service cannot be properly called. Retry the operation.
It can be obtained by calling an IAM API. The value of X-Subject-Token in the response header is the user token. Response Parameters None Example Requests None Example Responses None SDK Sample Code The SDK sample code is as follows.
It can be obtained by calling an IAM API. The value of X-Subject-Token in the response header is the user token. Table 3 Request body parameters Parameter Mandatory Type Description ptrdname Yes Object Domain name of the PTR record. Set it to null in the request.
