检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
IAM Functions Permissions Parent topic: Security
Policies that contain actions only for IAM projects can be used and applied to IAM only.
Permissions Management This section describes how to use IAM to implement fine-grained permissions control for your VPC resources. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
IAM can be used free of charge. You pay only for the resources in your account. For more information, see IAM Service Overview. EIP Permissions New IAM users do not have any permissions assigned by default.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
name "password": "********", // IAM user password "domain": { "name": "domainname" //Name of the account to which the IAM user belongs } } } }, "scope"
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
If the permissions granted to an IAM user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions. Assume that you want to grant the permissions of the EIP FullAccess policy to a user but want to prevent them from releasing EIPs.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequent calling. Procedure Query EIP details. Send GET /v1/project_id/publicips/publicip_id. Parameter project_id indicates the project ID.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequent calling. Procedure Obtain the NIC information based on the ECS ID. For details, see Querying a Port.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequent calling. Procedure Assign a shared bandwidth. Send POST https://Endpoint/v2.0/project_id/bandwidths.
