检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM to Grant Access to ECS Creating a User and Granting ECS Permissions ECS Custom Policies
Creating a User and Granting ECS Permissions Use IAM to implement fine-grained permissions control over your ECSs. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
following is an example of a deny policy: { "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "ecs:cloudServers:delete" ] } ] } Parent Topic: Using IAM
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
You can use your account to create IAM users, and assign permissions to the IAM users to control their access to specific resources. IAM permissions define which actions on your cloud resources are allowed or denied.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
For more information about IAM, see IAM Service Overview. ECS Permissions By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups.
"iam:agencies:list*", "iam:agencies:createAgency", "iam:agencies:createServiceLinkedAgencyV5", "coc:agency:get", "coc:agency:create", "iam:permissions:grantRoleToAgency",
Create a custom policy policyTest using the master account and attach the policy to an IAM user. Log in to the IAM console using the master account.
Prerequisites If you need to perform operations as an IAM user, ensure that the IAM user has been granted the required permissions.
The following is part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
name "password": "$ADMIN_PASS", //IAM user password.
This party obtains the expected measurements PCR0 and PCR8 and uses these values as condition keys in IAM policies.
The following is an example IAM authorization policy.
IAM Permission Agency IAM agency assumed by COC to execute the scheduled task. Target Instance The instance where the scheduled task is to be executed. An instance is selected by default.
Examples of Using QingTian Enclave In this chapter, we will show how to use QingTian Enclave instances together with KMS (sub-service of DEW), IAM, and OBS. Workflow Building a QingTian Enclave Image Launching a QingTian Enclave Instance Parent Topic: QingTian Enclave
AZ Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Querying AZs (native OpenStack API) GET /v2.1/{project_id}/os-availability-zone ecs:availabilityZones:list - Supported Not supported Not supported Not supported
Network Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Querying networks (native OpenStack API) GET /v2.1/{project_id}/os-networks ecs:networks:list vpc:networks:get Supported Not supported Not supported
Prerequisites If you need to perform operations as an IAM user, ensure that the IAM user has been granted the required permissions.
