检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Obtaining Account, IAM User, Project, User Group, Region, and Agency Information Obtaining Account, IAM User, and Project Information Using the console Your username, user ID, account name, account ID, project name, and project ID need to be specified in the URL and request body for
Which Permissions Are Required for an IAM User to Use FunctionGraph? When logging in to FunctionGraph and adding, deleting, modifying, and querying a function and its triggers as an IAM user, grant permissions to the user group to which the IAM user belongs as required.
For details, see App Authentication IAM: IAM authentication. This mode grants access permissions to IAM users only and is of medium security. For details, see IAM Authentication None: No authentication. This mode grants access permissions to all users. Select None.
IAM: IAM authentication. This mode grants access permissions to IAM users only and is of medium security. For details, see IAM Authentication. None: No authentication. This mode grants access permissions to all users. Select None.
IAM: IAM authentication. This mode grants access permissions to IAM users only and is of medium security. For details, see IAM Authentication. None: No authentication. This mode grants access permissions to all users. Select None.
IAM account authorization: FunctionGraph can use IAM to grant different function operation permissions to IAM users. Parent Topic: Security
For example, to obtain an IAM token in the AP-Bangkok region, obtain the endpoint of IAM (iam.ap-southeast-2.myhwclouds.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
IAM projects and enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
Table 1 FunctionGraph resources and their paths Resource Type Resource Name Path function Function [Format] FunctionGraph::::function:group/function name [Notes] IAM automatically generates the prefix FunctionGraph:*:*:function: for bucket resource paths.
Fine-grained Permission Control and Identity Authentication When configuring agency permissions, AKs, and SKs for functions through Identity and Access Management (IAM), comply with the principle of least privilege to ensure that the functions can access only specified resources.
Free Tier FunctionGraph offers a free tier for your account, which you can share with your IAM users. Requests: 1 million free requests every month. Execution duration: 400,000 GB-seconds free execution duration every month.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. IAM user A user is created by an account to use cloud services. Each user has its own identity credentials (password or access keys).
To obtain a token, use the standard API of Identity and Access Management (IAM).
Appendix Status Codes Error Codes Obtaining Account, IAM User, Project, User Group, Region, and Agency Information FunctionGraph Metrics
IAM: IAM authentication. Only IAM users are allowed to access the system. The security level is medium. For details, see IAM Authentication. None: No authentication. This mode grants access permissions to all users. protocol False Enum Request protocol. Default: HTTPS.
Create a user group on the IAM console, and assign the FunctionGraph Invoker role to the group. Create an IAM user and add it to the user group. Create a user on the IAM console and add the user to the group created in 1.
Introduction In addition to IAM and app authentication, APIG also supports custom authentication with your own system, which can better adapt to your business capabilities. This chapter guides you through the process of creating a FunctionGraph API that uses a custom authorizer.
Figure 1 Content of the credentials.csv file If you do not have access to the console, request the administrator to create an access key for you on the IAM console in case your access key is lost or needs to be reset. For details, see Managing Access Keys for an IAM User.
Creating an Agency Log in to the Identity and Access Management (IAM) console. On the IAM console, choose Agencies from the navigation pane, and click Create Agency in the upper right corner. Figure 2 Creating an agency Configure the agency.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.
