检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Which Permissions Are Required for an IAM User to Use FunctionGraph?
Obtaining Account, IAM User, Project, User Group, Region, and Agency Information Obtaining Account, IAM User, and Project Information Using the console Your username, user ID, account name, account ID, project name, and project ID need to be specified in the URL and request body for
IAM project/Enterprise project: A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
Create a user group on the IAM console, and assign the FunctionGraph Invoker role to the group. Create an IAM user and add it to the user group. Create a user on the IAM console and add the user to the group created in 1.
IAM projects and enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
For example, to obtain an IAM token in the AP-Bangkok region, obtain the endpoint of IAM (iam.ap-southeast-2.myhwclouds.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Introduction In addition to IAM and app authentication, APIG also supports custom authentication with your own system, which can better adapt to your business capabilities. This chapter guides you through the process of creating a FunctionGraph API that uses a custom authorizer.
To obtain a token, use the standard API of Identity and Access Management (IAM).
Free Tier FunctionGraph offers a free tier for your account, which you can share with your IAM users. Requests: 1 million free requests every month. Execution duration: 400,000 GB-seconds free execution duration every month.
IAM: IAM authentication. Only IAM users are allowed to access the system. The security level is medium. For details, see IAM Authentication. None: No authentication.
IAM user An Identity and Access Management (IAM) user is created using an account to use cloud services. Each IAM user has their own identity credentials (password and access keys). An IAM user can view the account ID and user ID on the My Credentials page of the console.
IAM: IAM authentication. This mode grants access permissions to IAM users only and is of medium security. For details, see IAM Authentication. None: No authentication. This mode grants access permissions to all users. Select None.
IAM: IAM authentication. This mode grants access permissions to IAM users only and is of medium security. For details, see IAM Authentication. None: No authentication. This mode grants access permissions to all users. Select None.
Appendix Status Codes Error Codes Obtaining Account, IAM User, Project, User Group, Region, and Agency Information FunctionGraph Metrics
Figure 1 Content of the credentials.csv file If you do not have access to the console, request the administrator to create an access key for you on the IAM console in case your access key is lost or needs to be reset. For details, see Managing Access Keys for an IAM User.
Creating an Agency Log in to the Identity and Access Management (IAM) console. On the IAM console, choose Agencies from the navigation pane, and click Create Agency in the upper right corner. Figure 2 Creating an agency Configure the agency.
Access Control Access to FunctionGraph is controlled through fine-grained permissions management in IAM, which enables you to secure access to your public cloud resources. For details, see Permissions Management. Parent topic: Security
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token. Content-Type Yes String Message body type (format). Response Parameters None Example Requests Enable asynchronous status notification.
For details, see Managing Access Keys for an IAM User. Figure 2 Creating an access key Return to the FunctionGraph console, choose Functions > Function List, and click a function name to go to the function details page.
Free Tier FunctionGraph offers a free tier every month, which you can share with your IAM users. For details, see Free Tier. Viewing Bills You can choose Billing Center > Billing to check the FunctionGraph transactions and bills. For details, see Bills.
